Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
A lawsuit filed in San Francisco alleges that #WhatsApp's end-to-end encryption contains backdoors allowing #Meta employees to access user messages in real-time.
According to the complaint, internal tools allow engineers to view chats by User ID without a separate decryption step, bypassing the Signal Protocol protections the app claims to use.
The lawsuit cites £whistleblowers who claim that workers can request access to specific accounts via internal tasks, gaining unlimited temporal scope to a user's history, including deleted messages. Meta has labeled these claims false and absurd.
Technical experts note that while the Signal Protocol itself is mathematically secure, the integrity of end-to-end encryption relies entirely on the security of the endpoints. Potential vulnerabilities in WhatsApp include unencrypted cloud backups, metadata collection, and the fact that the client software is closed-source.
Without the ability to audit the code or verify public keys through an independent directory, users must trust that the application is not exfiltrating plaintext data before it is encrypted for transit.
The legal action highlights the ongoing tension between corporate privacy marketing and the technical reality of centralized messaging platforms. If the allegations of an internal "widget" for message access are proven true, it would represent a fundamental breach of the encryption standards Meta has advertised since 2016.
https://it.slashdot.org/story/26/01/27/0550249/lawsuit-alleges-that-whatsapp-has-no-end-to-end-encryption
#WhatsApp #Meta #Privacy #CyberSecurity #Encryption #DataPrivacy #E2EE #TechNews #Lawsuit #Whistleblower #DigitalRights #Messaging #InformationSecurity #SignalProtocol
