It’s really important for people to understand that E2EE cannot protect the message portions that aren’t between the ends themselves. The best encryption in the world can’t help you if the person you’re talking to is an undercover cop, because that “end” can do with the plaintext whatever they want, including record/store/forward the plaintext of any messages they then encrypt and send, or any messages they receive and then decrypt.
That’s not a flaw of the E2EE protocol itself, but is a limit to the scope of protection that E2EE provides.
Well, yeah, you can’t control other people. Even if you use a walkie-talkie, they can still record your voice with a device. Ideally you should only be talking about safely publishable content, or with mature-enough individuals. We ultimately must settle for good-enough…
Any reported message ? Back when I was doing anti spam at my ISP we could read reported spam from our customers. Obviously not all mails from / to the customers. That would be way disproportionate.
If you report the message it then the full text gets sent to WhatsApp.
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Therefore, all you need to read any WhatsApp message is the ability to flag the message as “reported”, and access to wherever the plaintext copies get sent.
Considering how often security is an afterthought for corporations, the access part is probably easy.
The easiest implementation of this is that the recipient of an infringing message flags it from its local client. At that point it’s not encrypted if their claim of e2ee is true.
It also means that only parties involved in the message exchange can flag / report them.
Corporations are often not so monolithic ; the guys doing abuse are likely not the one who try to milk users (looking at you marketing).
I don’t want to defend whatsapp, but if messages are actually properly end to end encrypted, but one of the recipients (one of the ends) knowingly shares it (e.g. with the report function), that is still end to end encryption.
don’t be surprised if signal or matrix implements this. I’m strongly against scanning messages, but if the recipient willfully decides so, they should be able to share a message with moderators. that would be an actual tool against actual pedophiles, and scammers.
but this can only work safely if the client is not sending the decrypted message, because it could modify it, but instead it sends the decryption keys for it. both signal and matrix are regularly rotating the keys, so it wouldn’t grant the moderators to read all messages, but it would grant them the ability to see what was actually sent. with that the client should also show how far into the past messages will be revealed to moderators, so they can decide if that’s ok for them.
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Kinda, sorta, but no, not really. What’s happening is that the recipient is decrypting the message. When you report the message, you include a cleartext copy with your report.
The “switch” you are talking about is in the same app that is doing the decryption. For the bad actor to toggle that “switch”, they would have to control the app.
For the bad actor to toggle that “switch”, they would have to control the app.
Are you talking about physical control? Regardless, it’s closed-source… There is nothing that says they can’t also generate the keys on the other end that they had your devices generate. Outside of open source code that’s buildable from source, they can claim whatever they want about lack of access to switches.
You can actually report a message to WhatsApp within the app. If you report the message it then the full text gets sent to WhatsApp.
That’s a little disingenuous…
When you send a message, no E2EE scheme can prevent your recipient from forwarding the decrypted message to a third party.
It’s really important for people to understand that E2EE cannot protect the message portions that aren’t between the ends themselves. The best encryption in the world can’t help you if the person you’re talking to is an undercover cop, because that “end” can do with the plaintext whatever they want, including record/store/forward the plaintext of any messages they then encrypt and send, or any messages they receive and then decrypt.
That’s not a flaw of the E2EE protocol itself, but is a limit to the scope of protection that E2EE provides.
Well, yeah, you can’t control other people. Even if you use a walkie-talkie, they can still record your voice with a device. Ideally you should only be talking about safely publishable content, or with mature-enough individuals. We ultimately must settle for good-enough…
So… anyone with access to the report API can read any message they want?
Any reported message ? Back when I was doing anti spam at my ISP we could read reported spam from our customers. Obviously not all mails from / to the customers. That would be way disproportionate.
If this is true:
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Therefore, all you need to read any WhatsApp message is the ability to flag the message as “reported”, and access to wherever the plaintext copies get sent.
Considering how often security is an afterthought for corporations, the access part is probably easy.
The easiest implementation of this is that the recipient of an infringing message flags it from its local client. At that point it’s not encrypted if their claim of e2ee is true.
It also means that only parties involved in the message exchange can flag / report them.
Corporations are often not so monolithic ; the guys doing abuse are likely not the one who try to milk users (looking at you marketing).
I don’t want to defend whatsapp, but if messages are actually properly end to end encrypted, but one of the recipients (one of the ends) knowingly shares it (e.g. with the report function), that is still end to end encryption.
don’t be surprised if signal or matrix implements this. I’m strongly against scanning messages, but if the recipient willfully decides so, they should be able to share a message with moderators. that would be an actual tool against actual pedophiles, and scammers.
but this can only work safely if the client is not sending the decrypted message, because it could modify it, but instead it sends the decryption keys for it. both signal and matrix are regularly rotating the keys, so it wouldn’t grant the moderators to read all messages, but it would grant them the ability to see what was actually sent. with that the client should also show how far into the past messages will be revealed to moderators, so they can decide if that’s ok for them.
Yup we agree on that. This pattern is actually the most sensible approach to support privacy. Whatever happens in transmission.
Kinda, sorta, but no, not really. What’s happening is that the recipient is decrypting the message. When you report the message, you include a cleartext copy with your report.
The “switch” you are talking about is in the same app that is doing the decryption. For the bad actor to toggle that “switch”, they would have to control the app.
Are you talking about physical control? Regardless, it’s closed-source… There is nothing that says they can’t also generate the keys on the other end that they had your devices generate. Outside of open source code that’s buildable from source, they can claim whatever they want about lack of access to switches.