David
evacideThe same week that Meta was sued over claims that employees can access WhatsApp chat messages, WhatsApp rolls out a stricter security setting meant to protect users from government surveillance malware.
Gabriel N
Fossman
Dave Wilburn 
"Is my WhatsApp security advice a valid form of harm reduction for at-risk communities, or am I just lulling new victims into a false sense of security?" sure is a wonderful feeling to agonize over.
mORA
noivad
H. T.
Cassandrich@evacide Is there any merit to the claim? An alleged mechanism by which they read messages?
iwein
0x0DDBA11@evacide The real cyber threat is Meta itself
Okuna@Okuna do you know how your private key was generated, and is it possible that it ever left your device? How does key exchange and signing work in WhatsApp exactly? Did you ever check that the signatures of incoming messages match the public key of the sender? How can you restore a backup without the device that holds the private key?
So many questions in contrast to a blind trust in a us fascist owned platform. I'll just use Signal and replace such blind trust with harder guarantees. For free
@Okuna if signal was also broken (leaking keys) that would be much easier to prove on account of it being open source. It seems logical that someone did sniff the traffic of WhatsApp and captured evidence of key leakage before filing the claim, but I haven't seen such evidence.
But no, compromised Whatsapp doesn't logically demand compromised Signal. They supposedly use the same OSS code for encryption, but if that's what is broken I'll have to eat some things (for the record).
Vivekanandan KS 
(vivek)@evacide
Someone clarify me please 🤔
If e2ee happens from client to client, means a closed proprietary app like WhatsApp can use the decrypted messages at the client level & do can steal it even though the connection is marketed as e2ee
Am I right, or I'm missing out something?
Coz I see the option to send last 5 messages to meta when I report a spam and block the number.
So the e2ee is useless if the client is closed source right? 🤔
@vivekanandanks The option to send the last 5 messages to meta when you report spam and block a number works because you are the one forwarding the message to Meta. This does not mean that e2ee does not work or what Meta is intercepting your messages any more than if Meta had the contents of your message because you had sent them a screeenshot.
So can't they just decrypt at client side and use the close nature of the client as backdoor and send messages to themselves using this feature or something like that? 🤔
@vivekanandanks Meta is aware that this would be very difficult to do in a way that would not eventually be detected and that the moment it was, WhatsApp would be worthless. There have been many attempts at forcing e2ee messengers to backdoor their products for LE and their pushback has always hinged on the argument that it would simply not be possible for them to do so without ceasing to be an e2ee messenger.
@vivekanandanks The most plausible proposal I have seen if one that would silently add a third party to the conversation.