Skip Navigation

Can the government decrypt your WhatsApp chats?

For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it's not open source, you can't be sure that the encryption keys aren't sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

80 comments
  • Probably not, but it's impossible to verify. There's a strong argument for open source when security really matters.

  • You bet your ass they can. Since when has Facebook taken anybody's privacy seriously? And you remember all the Snowden leaks? Like how AT&T has been a government apparatus for spying for decades? Or how about the way that the USA taps under sea cables to monitor data, causing China to build totally parallel backbone infrastructure

    The better question is whether Signal, despite being open source, is actually secure. It's very plausible that the govt has backdoors somewhere, for either encryption, the OS, the programming language, the app store, or some random dependency lib

    The answer is yes, the US government spies on everything, and has a complete profile of everyone

    • Signal hasn't been compromised. It has been reviewed and is continuing to be reviewed by tons of researchers and security personnel.

      Its also important to note that its used internally by goverment organizations in the US so it has to be at least reasonably secure.

      Don't believe propaganda you read online.

      • Well, in my comment I describe quite a number of methods. It doesn't matter how secure or reviewed signal is, if the feds have a keylogger at the OS or compiler level. It's really unbelievable how much code is involved in day to day security

    • Time to bet my ass

      • Well you gotta be careful if it's your only donkey but I'm still confident you'll end up winning a second ass

  • The code is not open source, so it's hard to verify how good the encryption is or if it has backdoors.

    I'm not an expert in cryptography, but from my limited knowledge, the cryptographic keys used are very important. If Meta or the government can somehow know the decryption key to your messages or predict it, then they can see your messages.

    But they most likely don't need to decrypt it in transit. One of the vulnerabilities in this system is Google firebase, which delivers notifications to your phone when WhatsApp messages arrive. Ever noticed how those notifications include the message content and the sender? Google has access to this information, despite the encryption.

    That's just an example. Google has access to a lot on your phone.

    Another thing to consider is message metadata. The content of your message is encrypted, but what about information like the destination of your message, its recipients, time sent and received, and frequency? I'd even argue this is more important than content in many situations. Sometimes, linking person A to person B tells me a lot about person A.

    • Ever noticed how those notifications include the message content and the sender? Google has access to this information, despite the encryption.

      Not necessarily. I work on a messaging app, and we only use firebase to "wake up" the app. Initially the notification doesn't display anything meaningful, but the app very quickly connects to the server (tells the app who it should connect with) and then the peer (to finally get the actual content). The notification is updated once we have the content. But it typically goes so fast that you only ever see the final version of the notification.

  • I personally wouldn't touch WhatsApp with a 10foot pole. As it is owned by Facebook, the company who earlier this year paid a company to compromise TAILS OS to find a pedo. Which its not the fact that they threw a pedo in jail. But the fact they compromised anonymity and in no way are a government body!!! So glowies be glowing hard at Facebook.

    They also have done other spooky shit. Which is why the only reason I use Facebook is to sell my shit.

    We could also talk about the OS and hardware your using to message people for security. If you want to know more read permanent record by Edward snowden. Its a great book and talks alot about PRISM and other spooky stuff

  • Ask Meta. Its not Open source, its all "trust me bro its encrypted with some encryption"

80 comments