zlacker

[parent] [thread] 4 comments
1. thu211+(OP)[view] [source] 2020-06-05 15:45:07
https://duckduckgo.com/?q=facebook+whatsapp+covid+forwarding...

Pick any version of the story. Or read their blog post:

https://blog.whatsapp.com/Keeping-WhatsApp-Personal-and-Priv...

How do they know a message is forwarded? The encryption is meant to make identical plaintexts encrypt to different ciphertexts, so obviously they must be leaking the forwarding status in unencrypted parts of the message. And why is an encrypted service trying to combat misinformation to start with - isn't that a contradiction in terms? These things raise difficult questions. You'd hope that once a service decides to go fully encrypted, its staff would believe that what kind of information going over it or how accurate that is, isn't any longer their concern.

replies(2): >>im3w1l+dV >>CultOf+iA5
2. im3w1l+dV[view] [source] 2020-06-05 20:11:52
>>thu211+(OP)
I see. Given this clarification, I would argue that your original claim was misleading.
replies(1): >>thu211+Db2
◧◩
3. thu211+Db2[view] [source] [discussion] 2020-06-06 10:48:43
>>im3w1l+dV
OK. Where is the argument then? You've asserted, but not argued.

Today, Signal is claiming their encryption means the only data they have to give to government is date of install and last use. In the past they also claimed WhatsApp uses the same cryptography as them, at least for messages. These two claims cannot both be true. If there's some incredibly subtle detail that means deliberately exposing forwarding metadata in WhatsApp but not Signal they should really clarify that because it's not something I've ever seen a discussion of, and it doesn't follow from the cryptography they're using.

replies(1): >>CultOf+AA5
4. CultOf+iA5[view] [source] 2020-06-07 22:07:21
>>thu211+(OP)
There’s a counter added to the encrypted portion of metadata of the message. The receiving client increments the counter by +1 if it forwards it. At some point, some client receives a message that has the maximum amount of forwards and thus the option to forward it won’t be shown by that client. This is handled in-app. An old or modified client won’t do anything with it, you can try it. It’s not a server-side thing but embedded in the E2EE’d data.
◧◩◪
5. CultOf+AA5[view] [source] [discussion] 2020-06-07 22:09:20
>>thu211+Db2
They can both be true. Signal Protocol for message encryption is something different than Signal the official Signal Protocol client. ;) That’s where the difference lies and why the statement can be true: WhatsApp uses Signal Protocol for its encryption, but WhatsApp isn’t Signal.
[go to top]