And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

  • amanneedsamaid@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    24
    ·
    edit-2
    1 year ago

    Metadata is all the content of a message besides the actual text content of the message (i.e. what you type). Examples would be the date and time it is sent, what users these messages were sent to / from, and the IP addresses of both parties. (The availability of metadata varies from messenger to messenger).

    I like this example: If you only text your Aunt Sally, who lives in Alaska, twice per year to wish her a happy birthday and Christmas, just by looking at the metadata someone could infer the meaning of your messages, as well as your relationship to the person you’re messaging. To a point this is true about any messages you sent.

    As for Whatsapp specifically, it being end-to-end doesn’t really matter imo, as the application is not open source and is owned by an advertising / social media company. As long as the code is closed source, you cannot be sure:

    1. That your messages are encrypted at all
    2. That your encryption keys are kept on-device, and not plainly available to a centralized party
    3. That the encryption the application is using is securely implemented

    At least for applications handling truly sensitive information (for the average person only their messenger and browser), you should be using open source software. The easiest recommendations I can make are:

    1. Browsers: Firefox, Thorium, Brave
    2. Messengers: Signal, SimpleX Chat, XMPP

    Anyways, I hope this was a satisfactory answer.

    • Azzu@lemm.eeOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      What use is this knowledge through metadata to them? Let’s say I have no Facebook account and no other apps by Meta. There are no ads within WhatsApp. What do they gain by having this data about me?

      • noodlejetski@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        they can sell the information tied to your phone number or IP address to other companies, so they in turn now what ads to bombard you with.

    • BraveSirZaphod@kbin.social
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      That your messages are encrypted at all
      That your encryption keys are kept on-device, and not plainly available to a centralized party
      That the encryption the application is using is securely implemented

      This is true, but something that should be noted is that, to my knowledge, no law enforcement agency has ever received the supposedly encrypted content of WhatsApp messages. Facebook Messenger messages are not E2E encrypted by default, and there have been several stories about Facebook being served a warrant for message content and providing it. This has, as I understand, not occurred for WhatsApp messages. It is possible, of course, that they do have some kind of access and only provide it to very high-level intelligence agencies, but there’s no direct evidence of that.

      I would personally say that it’s more likely than not that WhatsApp message content is legitimately private, but I’d also agree that you should use something like Signal if you’re genuinely concerned about this.