LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-01-2021, 07:35 PM   #1
Hermani
Member
 
Registered: Apr 2018
Location: Delden, NL
Distribution: Ubuntu
Posts: 254
Blog Entries: 3

Rep: Reputation: 113Reputation: 113
Is WhatsApp end-to-end encryption fake?


Since a while, some messages I receive are messages that are "Frequently shared". Surely, during the holiday season, I expect this to happen and it happens a lot.

However this raises a question. Whatsapp boasts having end-to-end encryption. How can Whatsapp determine that a particular message is shared frequently? One answer is that the hash of the message can be tracked. However, when a message is sent from A to B and then from B to C the hash will surely be different because A and B have different public keys, right?

In my mind, the only way that WhatsApp can assert whether a certain message is sent frequently is because
  1. messages are decrypted in transit, or
  2. messages with the same content have the same hash (meaning that there is only one key for all messages), or
  3. messages are only partially encrypted
In all cases, there is no real point-to-point encryption. Now I am no cryptographer so I will probably have overlooked something. Could anyone please fill me in?
 
Old 01-01-2021, 10:04 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 16,954
Blog Entries: 27

Rep: Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180Reputation: 5180
A web search for "whatsapp encription" turns up a number of articles.

This one seems to be a good starting point: https://www.techadvisor.co.uk/featur...ained-3637780/
 
Old 01-02-2021, 06:24 AM   #3
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,657
Blog Entries: 10

Rep: Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923
^ That article is pretty old.
The same search phrase turns up much newer pieces, but many of them deal with the popular "anti-terrorost backdoor" nonsense.
I will leave it to OP to research this more.
Suffice to say: WA do claim to use end-to-end encryption, the same that Signal uses. So I guess they do. Nevertheless, you can be sure that WhatsApp/Facebook made it so that it doesn't hamper their datamining/advertising.
 
Old 01-02-2021, 09:39 AM   #4
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,582

Rep: Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887Reputation: 1887
https://faq.whatsapp.com/general/cha...warding-limits

Quote:
Forwarded messages are end-to-end encrypted

Forwarded messages contain a counter that keeps track of how many times a message is forwarded. For your privacy, WhatsApp doesn't know how many times a message is forwarded and can't see the content of any of your messages in end-to-end encrypted chats.
As always, you have to decide for yourself whether or not they're being truthful.
 
Old 01-02-2021, 10:52 AM   #5
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,365
Blog Entries: 3

Rep: Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669Reputation: 2669
It is a matter of defining what an end-point is and the above link goes to some spin they have where they are trying to redefine the end points so as to pretend they have end-to-end encryption: If the end points are defined as machines and software they control, then yeah they have end-to-end. If the end points are defined as machines and software you control, then no they do not have end-to-end and are merely lying.

If you wish to look at a positive example of a proprietary service with encryption, take a look at Tarsnap. Note that the service is proprietary and, especially the back-end. However, even though the client is available for inspection, auditing, and use that is only unmodified and without the right to redistribution.

Only if the data is encrypted client-side in a proper application, not a web browser or an Electron app, can it be called end-to-end.
 
Old 01-02-2021, 02:25 PM   #6
Hermani
Member
 
Registered: Apr 2018
Location: Delden, NL
Distribution: Ubuntu
Posts: 254

Original Poster
Blog Entries: 3

Rep: Reputation: 113Reputation: 113
Quote:
Originally Posted by ntubski View Post
As always, you have to decide for yourself whether or not they're being truthful.
Thanks, I tried to find it on WhatsApps website, but I could'nt. I did read some articles about Whatsapp security but most of it was before they turned to end-to-end encryption.

The counter on a forwarded message is quite an elegant solution to something that is a problem for some at least. The more you think of it, it might actually be a nice addition.

I don't think they'll not be truthful on this specific topic, because if they're caught lying about such a sensitive issue then they know they will descend into a sea of legal hurt.

Thank you all for replying!
 
Old 01-02-2021, 02:34 PM   #7
Hermani
Member
 
Registered: Apr 2018
Location: Delden, NL
Distribution: Ubuntu
Posts: 254

Original Poster
Blog Entries: 3

Rep: Reputation: 113Reputation: 113
This thread can not be marked as "SOLVED" because it is posted in the "Non-*NIX/General" forum. Took me a while to figure it out
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 03:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration