Whom* you message

removed by mod

removed by mod

Vulnerability or feature? Lol

I think the bigger vulnerability is Meta and the black box

The nature of these systems is that they’re going to kill innocent people and nobody is even going to know why.

When lack of privacy is literally a death sentence

Tldr: This is a traffic analysis attack, it exposes metadata without help or access to data from whatsapp. Other messengers are vulnerable too. It requires vast resources and access only governments have. It is not a threat model that todays messengers defend against.

The interesting part of the article ist the last one.

According to the internal assessment, the stakes are high: “Inspection and analysis of network traffic is completely invisible to us, yet it reveals the connections between our users: who is in a group together, who is messaging who, and (hardest to hide) who is calling who.”

The analysis notes that a government can easily tell when a person is using WhatsApp, in part because the data must pass through Meta’s readily identifiable corporate servers. A government agency can then unmask specific WhatsApp users by tracing their IP address, a unique number assigned to every connected device, to their internet or cellular service provider account.

WhatsApp’s internal security team has identified several examples of how clever observation of encrypted data can thwart the app’s privacy protections, a technique known as a correlation attack, according to this assessment. In one, a WhatsApp user sends a message to a group, resulting in a burst of data of the exact same size being transmitted to the device of everyone in that group. Another correlation attack involves measuring the time delay between when WhatsApp messages are sent and received between two parties — enough data, the company believes, “to infer the distance to and possibly the location of each recipient.”

Today’s messenger services weren’t designed to hide this metadata from an adversary who can see all sides of the connection,” Green, the cryptography professor, told The Intercept.

some interesting excerpts:

The analysis notes that a government can easily tell when a person is using WhatsApp, in part because the data must pass through Meta’s readily identifiable corporate servers. A government agency can then unmask specific WhatsApp users by tracing their IP address, a unique number assigned to every connected device, to their internet or cellular service provider account.

The assessment makes clear that WhatsApp engineers grasp the severity of the problem, but also understand how difficult it might be to convince their company to fix it.

It will be difficult to better protect users against correlation attacks without making the app worse in other ways, the document explains. For a publicly traded giant like Meta, protecting at-risk users will collide with the company’s profit-driven mandate of making its software as accessible and widely used as possible.

“WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works,” said Meta spokesperson Christina LoNigro.

That’s why you slam e2e encryption banner all over the app to make this statement even more true instead of doing an independent code review that could confirmed that on paper.

deleted by creator

Wrong, anti-libre software, WhatsApp, bans us from proving it’s claims (E2EE claims lies), bans us from removing malicous source code. It is vulerable hostile by design.

TL;DR meta data isn’t encrypted and read by “government agencies”. Probably Israel, but they’re not saying with certainty which agencies do.
If government agencies can read these, other groups likely can, too.

“WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works,” said Meta spokesperson Christina LoNigro.

Your vulnerability’s right there, LoNigro.
Saying “oh but it affects the other apps, too” doesn’t make yours less vulnerable.

Please don’t use WhatsApp or anything FB related