Is WhatsApp end-to-end encryption fake?
 

Since a while, some messages I receive are messages that are "Frequently shared". Surely, during the holiday season, I expect this to happen and it happens a lot.

However this raises a question. Whatsapp boasts having end-to-end encryption. How can Whatsapp determine that a particular message is shared frequently? One answer is that the hash of the message can be tracked. However, when a message is sent from A to B and then from B to C the hash will surely be different because A and B have different public keys, right?

In my mind, the only way that WhatsApp can assert whether a certain message is sent frequently is because

1. messages are decrypted in transit, or
2. messages with the same content have the same hash (meaning that there is only one key for all messages), or
3. messages are only partially encrypted

In all cases, there is no real point-to-point encryption. Now I am no cryptographer so I will probably have overlooked something. Could anyone please fill me in?

A web search for "whatsapp encription" turns up a number of articles.

This one seems to be a good starting point: https://www.techadvisor.co.uk/featur...ained-3637780/

^ That article is pretty old.
The same search phrase turns up much newer pieces, but many of them deal with the popular "anti-terrorost backdoor" nonsense.
I will leave it to OP to research this more.
Suffice to say: WA do claim to use end-to-end encryption, the same that Signal uses. So I guess they do. Nevertheless, you can be sure that WhatsApp/Facebook made it so that it doesn't hamper their datamining/advertising.

https://faq.whatsapp.com/general/cha...warding-limits

As always, you have to decide for yourself whether or not they're being truthful.

It is a matter of defining what an end-point is and the above link goes to some spin they have where they are trying to redefine the end points so as to pretend they have end-to-end encryption: If the end points are defined as machines and software they control, then yeah they have end-to-end. If the end points are defined as machines and software you control, then no they do not have end-to-end and are merely lying.

If you wish to look at a positive example of a proprietary service with encryption, take a look at Tarsnap. Note that the service is proprietary and, especially the back-end. However, even though the client is available for inspection, auditing, and use that is only unmodified and without the right to redistribution.

Only if the data is encrypted client-side in a proper application, not a web browser or an Electron app, can it be called end-to-end.

Thanks, I tried to find it on WhatsApps website, but I could'nt. I did read some articles about Whatsapp security but most of it was before they turned to end-to-end encryption.

The counter on a forwarded message is quite an elegant solution to something that is a problem for some at least. The more you think of it, it might actually be a nice addition.

I don't think they'll not be truthful on this specific topic, because if they're caught lying about such a sensitive issue then they know they will descend into a sea of legal hurt.

Thank you all for replying!

This thread can not be marked as "SOLVED" because it is posted in the "Non-*NIX/General" forum. Took me a while to figure it out ;)