The case, led by a special agent in the Commerce Department's Bureau of Industry and Security, focused on claims that some Meta employees and contractors could access...
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
The clients are one question, but the servers are another. If the backdoor is on the server end, which it sure looks like, then your experts won’t find anything by examining the client.
I see. I thought that the backdoor had to be in the client, because I thought that could be the only place where the private keys are stored, but I’ve since realized that it could be on the server. Thanks for the insight.
If the client was open source, it could be verified by inspecting this source alone.
To my understanding, the clients do real end to end encryption. This is the good part.
They also have some functionality to re-encrypt the data or export the secret key to let new peers take part, or so i guess. This is how your web browser can also read them after you peer it up.
Now there might or might not be a function in the client, where meta can request the private key or re-encryption. This is really hard to figure out without having the source code.
The clients are one question, but the servers are another. If the backdoor is on the server end, which it sure looks like, then your experts won’t find anything by examining the client.
I see. I thought that the backdoor had to be in the client, because I thought that could be the only place where the private keys are stored, but I’ve since realized that it could be on the server. Thanks for the insight.
If the client was open source, it could be verified by inspecting this source alone. To my understanding, the clients do real end to end encryption. This is the good part. They also have some functionality to re-encrypt the data or export the secret key to let new peers take part, or so i guess. This is how your web browser can also read them after you peer it up. Now there might or might not be a function in the client, where meta can request the private key or re-encryption. This is really hard to figure out without having the source code.