Hacker News new | past | comments | ask | show | jobs | submit login

Maybe a noob question, but are whatsapp's messages secure from Facebook? Would some motivated employee at Facebook be able to read everyone's messages if they wanted? If no, how do we know?



As much as I despise Facebook and its properties, the “how do we know” question can only be answered based on the trust that there would be at least one person in the company/team who would be a whistleblower if the end to end encryption is removed (with their knowledge and not through some state sponsored hacking).

With that background, a motivated employee cannot read WhatsApp messages that they have not sent or received themselves because WhatsApp uses the Signal protocol implementation. Coming to your first question, WhatsApp does share metadata with Facebook. So the fact that content isn’t shared is a moot point because a lot can be inferred from metadata alone to target people for any purpose.

So WhatsApp is not really a secure messenger if Facebook is part of your threat model and is considered an adversary or an adversary who can be easily coerced or compromised.


If you’re talking about decrypting messages encrypted created and read via SSL (what they imply is the case), it’s not possible unless you have the private key, versus the widely available public key.

I doubt it’s lying around in Facebooks repositories but I’ve never worked there so cannot say that is the case with certainty.

This is all assuming they are even using modern SSL and are careful with user data. Unfortunately, not a great track record there for FB.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: