US has investigated claims WhatsApp chats aren't private

Original Article ↗ Hacker News Discussion ↗

Trust in Meta and Governments

  • Many commenters treat it as obvious that a Meta-owned messenger should not be trusted with privacy, citing its business model and past behavior.
  • Others argue distrust has become reflexive and conspiratorial: extraordinary claims of secret backdoors need technical evidence, not just vibes.
  • Several note that any large provider, in most countries, can be legally compelled to assist governments, so jurisdiction alone doesn’t guarantee privacy.

End-to-End Encryption vs Client Control

  • Repeated clarification: strong transport E2EE can be mathematically sound while still being defeated at the endpoints.
  • Core issue: the client app and OS are closed-source and auto-updated. If Meta ships a malicious client or subtly exfiltrates keys, users can’t reliably detect it.
  • Several point out that “E2EE” only guarantees intermediaries can’t read traffic; it does not mean the service operator can’t compromise its own endpoints.

Backups, Key Management, and UX Tradeoffs

  • A major suspected weak point is backups and multi-device chat history:
    • If you can restore WhatsApp history on a new device with minimal secrets, someone else can too.
    • Some say backup keys are or were effectively under Meta/Apple/Google control; others say newer designs derive keys from user passwords or keychains.
  • Discussion of PIN-based encryption (e.g., Messenger): short numeric PINs need HSM-based rate limiting; alphanumeric secrets are safer but users rarely choose them.
  • Several argue that truly user-controlled keys create terrible UX (lost messages on phone loss), so mainstream products gravitate to server-side key control.

Reverse Engineering and Independent Audits

  • Multiple commenters emphasize that WhatsApp’s crypto layer is based on the Signal protocol and has been extensively reverse engineered and formally analyzed; no direct backdoor has been found there.
  • A cryptographic paper on WhatsApp’s protocol is cited: main structural concern is that servers control group membership and key distribution, not that they see plaintext.
  • Counterpoint: audits focused on the crypto core, not full app behavior or dynamic code loading. A subtle key-exfiltration path or secondary upload channel could, in theory, evade such audits.

Speculation, Metadata, and Alternative Messengers

  • Some hypothesize plaintext could be uploaded separately (e.g., for abuse reporting, AI features, or backups) while marketing still leans on the E2EE label.
  • Others note that metadata alone (who, when, how often, correlated with web and app activity) is powerful for surveillance and advertising even without content.
  • Comparisons: Signal is widely viewed as more trustworthy (open source, reproducible builds, stricter design); Telegram is criticized for non-default and limited E2EE; iMessage/Apple and others are cited as having backup-related loopholes.

Views on the US Investigation / Lawsuit

  • Several see the lawsuit and investigation as likely to be a “nothingburger” or fishing expedition, given current public evidence and expert skepticism.
  • Others stress that official denials are carefully worded and don’t definitively preclude technical capability; they want stronger, enforceable statements or ongoing independent audits.