undefined | Better HN

0 pointslloeki8y ago0 comments

> It had a vulnerability, but not a severe one

The problem I have with WhatsApp is not a question of vulnerabilities, it's a problem of trust in ownership of the app's code. There's no way I would ever trust Facebook with anything sensitive enough to require the Signal protocol because the endpoints might be compromised at some point straight from the app itself.

0 comments

3 comments · 1 top-level

idlewords8y ago· 2 in thread

What is the scenario in which Facebook subverts end-to-end encryption on WhatsApp by pushing out a malicious update?

Crespyl8y ago

Facebook decides that "their users are better served" by scanning messages locally on the client device and requesting ads based on that content, thereby introducing a privacy and information leak and potentially opening the door to other problems.

I don't necessarily think that's likely, but it's also not entirely implausible that they would do something, intentionally or not, that subverts the threat model/privacy assumptions of its users.

Facebook's interests are not aligned with users when it comes to privacy.

idlewords8y ago

But in that scenario, the change would be announced. I'm asking about the malicious case.

1 more reply

j / k navigate · click thread line to collapse