On the positive side, the use of P2P and IMAP makes censorship difficult, which is a strong advantage in authoritarian regimes.
However this comes with serious trade-offs. PGP lacks forward secrecy: if a key leaks, all past messages can be decrypted. Also IMAP offers no metadata privacy, anyone can see who you email and how often.
> Signal and WhatsApp are likely a step ahead in terms of privacy
WhatsApp is closed source, so whatever they claim to can't be proven. And remember that both WhatsApp and Signal are legally required not to disclose to you whether they are spying on you or not.
> WhatsApp is closed source, so whatever they claim to can't be proven
E2E only requires a correctly-designed client, not a correctly-designed server.
Since any binary can always be deobfuscated, deliberately putting in a backdoor in the client would be an extremely risky PR move, especially in an app as big as WhatsApp, and one surely receiving lots of attention from security researchers.
Not to mention that OpenWhisperSystems (the creators of Signal) worked with Meta on their E2E implementation, and if you don't trust them to do right, you shouldn't trust anybody.
Let's face it, people over here just don't like Meta and love to spread FUD about them.
One trust is lost, it's hard to regain it. The fact is, the WhatsApp client is not open source, there are no reproducible builds, and only thing you have is trust in them.
If you live in an authoritarian state with a track record of spying on individual citizens, and without legal protection for the privacy of foreign citizens, it's legitimate to decide not to trust a company like Meta headquartered in the USA.
> The fact is, the WhatsApp client is not open source, there are no reproducible builds, and only thing you have is trust in them.
That is not strictly true. It is possible to reverse-engineer the client. It's unlikely that anyone will find the motivation to do so, but there's no law of physics that says they can't. You can theoretically review the code that is running on your device - it's just harder than with an open source reproducible build.
What would be the consequences, if Meta was caught doing something "funny" with e2ee? Maybe small fines, and a brief online moral panic, but I don't think people would switch to another app en masse solely because of that.
I love this optimism, I really do. But to believe that any meta product can be private is to believe that Zuck actually wants that to happen. Zuck, the guy who changes company culture every 4 years or less to suit whoever is on the white house. The reality is that with a closed source product, you can't trust ANYTHING. Just because OpenWhisperSystems worked with Meta doesn't mean anything. Meta will easily silence them legally if they wanted to. And Meta can always remove or disable the implementation as they see fit.
Are you talking about decompilation? This, is in general very difficult, and that's when the author and compiler don't want to stop you from doing it.
Go fire up jadx or ghidra or whatever you like and see if you can find the bits of code you know are there. Now try demonstrating that a bit of code isn't there.
>Let's face it, people over here just don't like Meta and love to spread FUD about them.
It's called punching upwards.
>Since any binary can always be deobfuscated, deliberately putting in a backdoor in the client would be an extremely risky PR move, especially in an app as big as WhatsApp, and one surely receiving lots of attention from security researchers
Correct me if I'm wrong, but can't a proprietary delivery mechanism such as the App or Play stores deliver a backdoored build to an individual device, then later autoupdate it to a clean one?
Builds are signed by the software publisher, not the Play Store. So the store alone couldn't corrupt releases, it would need collaboration by the publisher. (Google does have a service for app developers where they keep and manage your signing keys for you, but it's not required)
WhatsApp obviously cannot be trusted for message privacy for the simple reason that Meta paid gazillion bucks for it. I don't understand why people need more evidence beyond that.
If your device is confiscated your entire history is in the clear. Forward secrecy doesn't magically solve problems, it's useful if you use ephemeral messages. In DC if there's a window of time where you want messages to not be traceable you just create a new email adress (which is just one click in DC thanks to chatmail) and delete that address after, that's it.
> if a key leaks, all past messages can be decrypted
Not to mention, if you revoke a key (maybe because you lost your laptop and want to be proactive about security), without any authenticated timestamping service in the mix, all past messages and signatures can no longer be trusted, regardless of the revocation date. That's why when you revoke a key on github, all your previous commits' signatures turn red.
I've never understood why no one's succeeded in doing anything about this after all these years.
forward secrecy seems to apply to realtime connections, not to messages sent over SMTP.
now what's interesting here is a potential future development of deltachat where SMTP is only used to negotiate the peer to peer connection, and the actual chat messages are sent over the direct connection. although it sounds kind of weird to build a chat solution on top of SMTP and then bypass SMTP in the end.
the remaining benefit would be the ability to talk to people who don't use deltachat. not needing another account on a new service. not needing to develop or maintain server infrastructure.
However this comes with serious trade-offs. PGP lacks forward secrecy: if a key leaks, all past messages can be decrypted. Also IMAP offers no metadata privacy, anyone can see who you email and how often.
Signal and WhatsApp are likely a step ahead in terms of privacy with their double ratchet encryption (https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm).