Privacy

30930 readers

562 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

Is WhatsApp bad for privacy? (lemm.ee)

submitted 10 months ago by Azzu@lemm.ee to c/privacy@lemmy.ml

70 comments fedilink hide all child comments

And if so, why exactly? It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

you are viewing a single comment's thread
view the rest of the comments

[–] just_another_person@lemmy.world 3 points 10 months ago (1 children)

E2E is not equal to Symmetric Encryption, which is the most private "one way" encryption meaning the user controls the data at the origin, and the messages can't be decrypted by anyone else.

WhatsApp is not the latter, so it is not private. Signal is symmetric, for example.

[–] Lojcs@lemm.ee 3 points 10 months ago (1 children)

Care to elaborate? You can't just imply asymmetric encryption can be decrypted by 3rd parties and not explain how.

Also I don't know how exactly signal works but I know that you don't need to share secrets externally to message someone, so how are they exchanging the symmetric keys without using asymmetric encryption to boot?

[–] just_another_person@lemmy.world 1 points 10 months ago (1 children)

This is more of a "how encryption" works question, so I'll just defer to some article response I got from Google which explains it simpler than I would:

"When someone sends a message to a contact over an app using the Signal protocol, the app combines the temporary and permanent pairs of public and private keys for both users to create a shared secret key that's used to encrypt and decrypt that message. Since generating this secret key requires access to the users' private keys, it exists only on their two devices. And the Signal protocol's system of temporary keys—which it constantly replenishes for each user—allows it to generate a new shared key after every message."

[–] Lojcs@lemm.ee 3 points 10 months ago (1 children)

That doesn't explain why asymmetric encryption is insecure? In fact signal seems to be using two pairs of asymmetric keys to generate its symmetric secret, so it would also be prone to attack if asymmetric encryption was a flawed system.

[–] just_another_person@lemmy.world 1 points 10 months ago* (last edited 10 months ago)

I guess I missed your initial conversations question, but this is easy to search, and not for me to defend WhatsApp. I'm not the harbinger of bad news here, I'm just telling you what everyone else has said on the internet. WhatsApp is not private. They cooperate with governments to make messages known even.

I feel like you're trying to drive a point home that has already lost in the security commutat as a hole. OP asked if WhatsApp is bad for privacy, and it is.

Edit: just to shut you up - https://propertyofthepeople.org/document-detail/?doc-id=21114562