fsebugoutzone.org:9999

       Post AqJunwGV2bRKNTSaae by nemobis@mamot.fr
 (DIR) More posts by nemobis@mamot.fr
 (DIR) Post #AqJdS21rESBof7Zzea by evan@cosocial.ca
       2025-01-21T18:49:48Z
       
       0 likes, 0 repeats
       
       I need someone to change my mind.I have seen a few posts suggesting that people change from WhatsApp to Signal.Both messaging platforms are end-to-end encrypted (E2EE).Both use the same E2EE protocol -- Signal&#39;s.One is run by Meta, the other by the non-profit Signal Foundation.
       
 (DIR) Post #AqJdS3G4f59iTVErS4 by emu@blob.cat
       2025-01-21T18:53:35.322272Z
       
       0 likes, 0 repeats
       
       @evan What exactly are you asking people change your mind for?
       
 (DIR) Post #AqJunv09jslwSUo1Tc by nemobis@mamot.fr
       2025-01-21T19:07:39Z
       
       0 likes, 0 repeats
       
       @evan WhatsApp&#39;s E2EE is only for show. It&#39;s documented that Facebook Inc. can decrypt everything e.g. for the purposes of backup. The mechanism by which they hold and give access to the decryption keys is not publicly documented. Allegedly &quot;decrypted backups&quot; reduce this attack vector, but I&#39;ve not confirmed whether that&#39;s the case.https://security.stackexchange.com/a/145636/47770https://snee.la/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/
       
 (DIR) Post #AqJunwGV2bRKNTSaae by nemobis@mamot.fr
       2025-01-21T19:15:22Z
       
       0 likes, 0 repeats
       
       This doesn&#39;t mean said encryption is completely useless. It&#39;s a protection from some attackers, just not from WhatsApp/Facebook itself nor from anyone who can persuade WhatsApp to provide the decryption keys (such as the USA government and perhaps soon EU governments).#DeleteFacebook
       
 (DIR) Post #AqJunwxkRo2CXbh808 by nobody@mastodon.acm.org
       2025-01-21T22:07:58Z
       
       0 likes, 0 repeats
       
       @nemobis @evan One could start the argument by just asserting that the whole point of E2EE is that trusting the clients on both ends is &quot;enough&quot;, in the sense that it makes no difference whether the channel and the server are compromised.With Signal one tends to trust the client because it&#39;s open-source and the releases are (claimed to be) reproducible. With Whatsapp... well maybe you could inspect its traffic with mitmproxy idk, but ultimately there&#39;s no reason to trust the client
       
 (DIR) Post #AqKdzbBVjtjSPU3pKq by nemobis@mamot.fr
       2025-01-22T06:34:20Z
       
       0 likes, 0 repeats
       
       @nobody Exactly.