They may say all the right words, but given how Facebook has been consistently behaving with respect to people's privacy, all this e2e goodness amounts to nothing less than an extremely disingenuous and misleading charade. So, yeah, good to know. But, no, still have zero trust in FB's implementation of it and won't touch it with a long pole.
WhatsApp has been pretty consistent with their track record, not every Facebook product is the same but if there's one part of the company that's doing really well in terms of security and privacy for its users that's the one.
I can't remember the source so take this as you will, but WhatsApp are appealing such a large fine because the privacy policy was in the middle of being updated during a transition. The policy was correct after the fact and ever since.
If I renegade on a contract with my bank because I was moving house I would still be sued into bankruptcy. Multibillion dollar companies have the onus to keep their legal documents (terms of service, privacy policy) up to date.
looks like WhatsApp is appealing, so not a case close.
> noting that WhatsApp did not properly inform EU citizens how it handles their personal data, including how it shares that information with its parent company.
I'm not sure I understand these kind of claims to begin with. WhatsApp is facebook, why would they have to warn users that the data is shared?
They did correct their policy to no longer lie to users after they were fined. I'm not sure that counts as "doing really well in terms of security and privacy for its users".
I think that's a bit disingenuous, who reads these policies anyway? And how much does this really matter compared to features like end-to-end encryption?
This wasn't a trivial technicality. They said users' phone numbers were being anonymized and they weren't.
How they handle private data, especially if they lie about what they're doing, does really matter. End-to-end encryption doesn't mean anything if they secretly keep the a key able to decrypt it, which is basically what they were getting fined for.
I must say, it is unclear to me why this is being downvoted -- it mirrors my exact reaction.
The old saying "Actions speak louder than words" has never been more apt. It was just two days ago that Ars & others ran "WhatsApp "end-to-end encrypted" messages aren't that private after all" [1]. Yet, here we are.
Thanks for linking that, I had not actually seen the update to it. Of course, if one of the parties in E2EE shares the message it doesn't constitute a 'break' in E2EE. However, what I think was important from the Ars article I linked was this statement:
>An "end-to-end" encrypted messaging platform could choose to, for example, perform automated AI-based content scanning of all messages on a device, then forward automatically flagged messages to the platform's cloud for further action. Ultimately, privacy-focused users must rely on policies and platform trust as heavily as they do on technological bullet points.
Which doesn't break E2EE technically, but it certainly breaks it in spirit. And yes, I understand that really any application could feasibly implement something like this, it's not in many peoples threat models, etc. However, if I had to bet on which company would implement such a feature, it would be FB.
It just felt sort of funny, seeing this only a few days after all of those articles were written. Of course there is no way FB weaved the whole system and documentation together in two days, but I can't help but roll my eyes slightly at the timing of their release.
Your concerns seem reasonable and well-grounded, it’s just odd to insinuate a conspiracy of how these articles were released. It probably was a reaction but it a perfectly reasonable thing to do. WhatsApp is committed to being transparent, and this is apart of it.
If you are highly principled about privacy or doing sketchy things yeah… don’t trust any software from for-profit companies.
Isn't the rollout of this encrypted backup functionality an "action"? And isn't the consistent availability of E2E encryption in WhatsApp an "action"? Whereas it seems to me like the idea that WhatsApp shouldn't be trusted just because of who they answer to is merely "words".
That link doesn't show Facebook broke e2e encryption.
It shows Facebook build a possibility of the other secure end forwarding your message voluntarily to Facebook for review.
This. Exactly the reason why I use Signal and even though I encounter some bugs once in a while, it is the only messaging app I trust in respecting my privacy.
