For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

  • cmeerw@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Only public keys get exchanged via Meta’s servers, those keys don’t help you with trying to decrypt any messages (you need the corresponding private key to decrypt - and that private key stays on the device).

    Sure, they could just do a man in the middle, but that can be detected by verifying the keys (once, via another channel).

    • FooBarrington@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Makes sense. It does leave the MitM option open as you said, but if they did something nefarious here, it would have long been seen in at least a couple of cases due to OOB verification.