Came here to say this. Without e2e encryption there’s no way for them not to. And most big companies like this are in bed with the federal government and wouldn’t really entertain that seriously.
It’s been a while since I looked it up, and I don’t use WhatsApp, but I believe it’s E2E encrypted but the mechanism they use allows their servers to also hold the keys to decrypt.
Presumably they hold a master key that all other keys are derived from.
Yes. This does make it very convenient to just hop on web.whatsapp.com without also having your phone online.
WhatsApp’s fine for talking to normie friends who won’t ever switch to something else, for managing business clients, etc. But it’s something to be aware of.
The world would be a better place if we all used Signal, XMPP, etc.
Came here to say this. Without e2e encryption there’s no way for them not to. And most big companies like this are in bed with the federal government and wouldn’t really entertain that seriously.
Also they want to be able to scrape/sell your chat data so they don’t want to encrypt it.
Correct me if I’m wrong but isn’t WhatsApp meta and encrypted?
It’s been a while since I looked it up, and I don’t use WhatsApp, but I believe it’s E2E encrypted but the mechanism they use allows their servers to also hold the keys to decrypt.
Presumably they hold a master key that all other keys are derived from.
Yes. This does make it very convenient to just hop on web.whatsapp.com without also having your phone online.
WhatsApp’s fine for talking to normie friends who won’t ever switch to something else, for managing business clients, etc. But it’s something to be aware of.
The world would be a better place if we all used Signal, XMPP, etc.
How can we monetize the contents of people’s direct messages to each other if we support encryption?
<checks notes>
Oh. We can’t. Decision made, then.
Signal protocol for all the things.
Only, then you can’t get paid for snitching… (You get to charge the government for all those requests… and you basically get to set the price.)
Right. They could implement E2E encryption, they just don’t want to - entirely plausible it’s because they don’t want to say no.
More likely it’s because they want the data :)