Does user privacy when using WhatsApp Web (https://web.whatsapp.com) differ substantially from using WhatsApp on Android? WhatsApp on Android has end-to-end encryption and (optional) encrypted backups. If I use WhatsApp Web, will Meta be able to see the contents of my WhatsApp messages?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    4
    ·
    edit-2
    1 year ago

    WhatsApp is closed source. Meta can always see your messages. It might be end-to-end encrypted and they might make a copy for meta. And that would still satisfy the end-to-end promise. You can’t trust closed source for end-to-end encryption.

    • itchy_lizard@feddit.it
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You literally missed the definition of end-to-end encryption.

      If Meta can see the messages, then that’s not e2ee

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        I’m trying to illustrate that corporations will use weasel language entirely to their advantage.

        I have to fight spammers and scammers, I need to be able to inspect message contents. But customers also went into an encryption. So I offer them end to end encryption but I also make a copy for myself. So it’s closed source and in public I can just say hey you’ve got end to end encryption. And be truthful about it, but I also have an administrative side channel where I get a copy of the message.

        Or it might be end-to-end encrypted but a copy of the key is preserved for administrative purposes that WhatsApp controls. We just don’t know

        Weasel language is something we have to defend against, and the only real defense is open source, so we can’t trust WhatsApp to protect your end-to-end privacy

  • Huschke@programming.dev
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    As others have said both options are inferior to Signal because you can’t verify the privacy claims Meta makes.

    However I’d argue that WhatsApp Web is slightly better, because it being a web app means Meta can collect less data about you compared to a phone app.

    • jdgordon
      link
      fedilink
      arrow-up
      7
      arrow-down
      2
      ·
      1 year ago

      Meta still controls all the code running in the web app. They may be scraping your messages just like they have the option on Android.

      It can still be end to end encrypted with them sending themselves a copy from the unencrypted text boxes you see

      • lemmyng@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        He refers to the fact that the web app does not have default access to your device sensors, microphone, storage, etc.

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      for anyone not aware, if you’re using the web based version of anything on a corporate/company device, assume all traffic can be intercepted by your admins. it’s very easy to do and considered a requirement on some fields.

    • kaato@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I would second Signal. In recent months I’ve seen it grow in popularity in Sweden.

  • LollerCorleone@kbin.social
    link
    fedilink
    arrow-up
    12
    arrow-down
    14
    ·
    1 year ago

    If I use WhatsApp Web, will Meta be able to see the contents of my WhatsApp messages?

    Just as much as they would be able to see the contents of your messages when you use the app. The answer to this question depends on how much you trust Meta to stick to their claims. As others have already said here, use Signal if you are looking for a private messenger.