HACKER Q&A
📣 fdeage

How do we know that WhatsApp doesn't spy on messages?


Yesterday I was talking about WhatsApp with friends, trying to explain how end-to-end (E2E) encryption works. One of my friend (who is not a techie) said I was naive to believe Facebook couldn't see users' messages, considering its awful track record on privacy.

I was about to confidently reply something about how, with modern encryption, you don't need to trust the server to pass messages securely... but something held me back.

I was so sure about the system privacy, and suddenly I wasn't.

I know WhatsApp claims to implement the Signal protocol, which is considered secure (so far).

But some questions popped in my head: - What's preventing WhatsApp from not using the protocol properly, or at all? - What's preventing WhatsApp from, say, also send secretly the message to itself? Or a digest of it? Or just some keyword matches? You know, for "analytics"? Or to comply with obscure child porn laws?

I use WhatsApp every single day, so this thought makes me pretty uncomfortable. The more I think about it, the less I'm sure. What I find the most convincing is that, if such a backdoor existed, a WhatsApp employee would have leaked it on HN already...

What do you think? Do you trust WhatsApp on this?

  👤 onreact Accepted Answer ✓
As far as I know Mark Zuckerberg already admitted that Facebook is spying on the Messenger messages:

https://thenextweb.com/facebook/2018/04/05/facebook-confirms...

Now Zuckerberg is merging Facebook Messenger, WhatsApp and Instagram:

https://mashable.com/article/mark-zuckerberg-speaks-on-whats...

Thus we can be pretty sure that WhatsApp messages are also being monitored.

👤 psv1
1. You can't know. (Unless something confirming the opposite leaks in the future).

2. Facebook's reputation is so bad when it comes to privacy at this point that trusting them is just naive.

3. Even in the best case, your metadata is certainly used. Facebook didn't pay over $20 billion for a service with no monetisation model purely out of the goodness of their hearts.

4. Whatsapp has good network effects at least here in the UK - when your flatmates or coworkers have a group chat, you can't just say "Well, let's get everyone over to Signal.". You either use Whatsapp or go without the group chat.

👤 fdeage
(By the way, one day I sent a picture of a dress to my sister-in-law on WhatsApp. She told me that Instagram sent her an ad 5 minutes later, with the exact same dress.

It was so unlikely to be random that I checked right away to see if pictures were safe. It turns out that pictures received and sent are shared within all Facebook apps - Facebook, Messenger, Instagram -, at least on iOS)

👤 ktpsns
You should study open source software (like the Signal app or the Matrix network). Furthermore, study "trusted builds" and trusted hardware -- attempts to proof that certain lines of codes are really running on a system. Then we can talk again about encryption...
👤 bowlich
> WhatsApp employee would have leaked it on HN already

Employees don't need to be aware of the backdoor if they aren't the one's listening.

At least, I assume Whatsapp is already compromised by some state actor and Facebook is getting some kind of funding to look the other way.