WhatsApp uses client-side scanning, which breaks end-to-end encryption by recording data before it gets encrypted or after it gets decrypted.
this post was submitted on 25 Mar 2025
295 points (97.4% liked)
Privacy
1717 readers
175 users here now
Protect your privacy in the digital world
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be nice, civil and no bigotry/prejudice
- Stay on topic
- Don't promote big-tech software
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 4 months ago
MODERATORS
Do you think they all got instructions by the government what to censor or is it just masks off now?
It's very easy to take over a subreddit or Lemmy community. Become friendly with the mods, then become a mod, then subtly harass and drive out (from separate accounts) any moderators who are standing in your way, then do whatever you want.
There is a whole industry of "reputation management" that specializes in distorting the narrative on the internet in favor of your company / your government / whatever. The question is not "are there gangs of Reddit moderators who are bad actors trying to distort the conversation," the question is how many and who they are acting on behalf of.
Of course, Lemmy copied Reddit's fairly silly and failure-prone model. Why they did that, I don't know. On Twitter / Mastodon-style networks, you can do the same but you at least have to be a little bit sophisticated about it. On Reddit/Lemmy, it is trivial to do if you are patient about it and put some consistent effort into it, and you can make a ton of money if you can do it well.
Hmm. FOSStodon team:
The moderators are the unsung heroes of Fosstodon. They’re the people who work every single report we receive, and take appropriate action to keep Fosstodon a friendly and inclusive place for all our members.
CarrotCypher
Role: Moderator
MODERATOR OF
r/privacy
r/Pareidolia
r/opensource
r/OSINT
r/tails
… and 51 more ⇒
load more comments
(1 replies)
Become friendly with the mods, then become a mod, then subtly harass and drive out (from separate accounts) any moderators who are standing in your way, then do whatever you want.
!yepowertrippinbastards@lemmy.dbzer0.com is still a thing
!196@lemmy.world attempted takeover lead to !onehundredninetysix@lemmy.blahaj.zone
So I'm not sure it's that easy
Yeah, but I think the 196 blowup was just home-grown hamhandedness. I don't think that was anything malicious.
The moderation activities I've seen on Lemmy that I would interpret as malicious are a lot more subtle and do not show up on YPTB that I can remember. One example is anonymous /c/politics mods making malicious decisions (making it illegal to claim someone is doing propaganda, or running cover for UniversalMonk), and then shoving Jordan to the front to take all the heat for it. Another would be having a little tidal wave of accounts accusing one of the moderators (who is taking action against propaganda) of all kinds of sins, until eventually that person stops spending time on Lemmy again and the propaganda can stay.
I feel like the techniques for doing this kind of thing are pretty advanced at this point, and no one really has time to pay enough attention to counteract them. On reddit they can be more overt, because there's not enough of a coherent community to notice or do anything about it, whereas Lemmy at least does have YPTB to keep it a little bit in check. So maybe on that score you are right, but I definitely don't feel like YPTB means it's not happening.
There was someone who did it professionally who showed up on Reddit at one point talking about their experience and techniques and it was pretty interesting and pretty depressing.
load more comments
(7 replies)
load more comments
(1 replies)
Lemmy has open modlogs. Also, on Lemmy the instance owner can still ultimately override anything a mod does as they control the database.
That's why it's important to pick the instance for a community carefully.
And if, for example, this privacy community get overtake, other privacy communities can co exist in other instances.
load more comments
(1 replies)
It’s more likely that Zuck or Musk paid someone to go play moderator. Anyone can become a moderator.
Another deleted comment
Note, it seems you are not allowed in this reddit to express an opinion containing doubt about the security of WhatsApp - it will be removed by mods. As such, you can not read the replies here and form a judgement about what the consensus is.
carrotcypher (mod) 1 point 3 days, 1 hour ago
Or, you know, obvious astroturfing as an excuse to promote alternatives is against the rules.
Astroturfing is when you say something I'm paid not to like
Or, you know, obvious astroturfing as an excuse to promote alternatives is against the rules.
The irony of that statement is that it ultimately seems like they are the ones astroturfing here.
The oligarchy knows the whole tech sector is going to implode, and they’re trying to stave it off by curtailing criticism. Cute, and useless.
Go lemmings!
Any time you hear about anyone high profile using a chat app - what are they using?
They're using Signal.
There's a reason why they're using Signal; as far as security it's the best one out there. Sure, it's tied to a phone number, but a phone number isn't an identity.
Phone numbers are heavily tied to a person.
What signal had going for it is encryption, but that major flaw of tied to phone number makes me doubt everything else they say.
The phone number link means forward security isn't possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who's simply kept the encrypted data.
The phone number link means forward security isn't possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who's simply kept the encrypted data.
Can you elaborate on that? Obviously the phone number has privacy implications, but I don't think it can be used to decrypt messages. In the signal protocol, encryption keys are exchanged using ECDH (so wiretapping doesn't work) and periodically rotated (so even knowing the encryption keys at a certain point doesn't let you decrypt messages after that).
A phone number can be traced back to a person. If there is ever a hack or backdoor it can be traced. There are plenty of alternatives that are open source and don't require any kind of identifier.
The comment that you replied to does not imply the phone number can be used to decrypt messages. All they are saying is that because Signal accounts are tied to phone numbers, a potential adversary already has one piece of the puzzle (who is talking to whom). If somehow, some way, the encryption were ever compromised, then the adversary would have both pieces—in other words, they would know not only who is talking to whom but also what they are saying.
If the encryption is ever hacked, knowing who you are is probably the least of anyone's concerns. I would imagine that any adversary could build a profile or plan a response without knowing a particular phone number.
"These two people are planning civil rights activism here on Friday," is just as useful as, "MLK Jr and Malcolm X are planning activism here on Friday."
Thankfully, they'd have to not only break encryption but also MitM the conversations, since Signal doesn't actually store chat data on their servers.
load more comments
(1 replies)
load more comments
(1 replies)
I agree with what other people are saying, the whole phone number requirement of Signal isn't great since, for the most part phone numbers are intended to link to your real world identity. That means they are a very big weak link.
Also let us not forget that Signal is a centralized service run by one company. They have been very resistant in the past to the idea of decentralization and interoperability. I'm already very skeptical of people who claim to be a savior or hero of Privacy and security lie this, even more so when it's a centralized service. You do know that WhatsApp started out like Signal did right? Look where they are now. You cannot trust a centralized service like Signal, especially one that forces you to provide real world identification. Signal can just as easily be sold and backdoored like WhatsApp was, decentralized services are much more resilient to that kind of thing.
Whatsapp was bought by Facebook and then one of the folks dumped their money into signal making it a self-funded org.
Phone number is KYC'd
It is literally an identity and thats why everyone forcing you to use it now.
load more comments
(5 replies)
Man I just can't get over all this free speech there is on Reddit. Just like how Twitter is legit America's Town Hall, if you're the "right kind" if American.
WhatsApp has long been known to not be private
Use screenshots instead of links.
I did upload a screenshot with the link, but I guess it's inaccessible... Here it is in full resolution
you left out reddit's reason for removing the question
Addressed already - tl;dr nonsensical (and as a bonus, the reason does not exist in their rule list)
The Customs and Border Protection agents have authority to request a foreign entrant (even with visa) to unlock their phones. They can also deny entry if the entrant doesn’t cooperate.
So they don’t need to have backdoor access to WhatsApp. They can get in through the front.
My understanding is that this is what happened. They searched his phone, found the messages, then detained him.
The mods response is odd but also the comments are real. Who is dumb enough to think WhatsApp is safe?
Your post has been removed for being too specific to a company or single product. These days, reddit is heavily astroturfed with fake posts asking questions about companies and services by shills of those same companies and services as a form of fake organic advertising, and by competitors trying to create FUD to benefit their own product or service. This often takes the form or character assassination, libel, and conspiracy theories.
We don’t allow it, and in order to keep it from happening, we remove posts that are too close to astroturfing, corporate comparisons, personal Nd political opinions, ranting diatribes, etc.
If your question was legitimate (asking for pros and cons, potential issues, comparisons, etc), feel free to use subreddits more appropriate such as one for the company or service mentioned, or see privacyguides.org for community comparisons and recommendations to privacy focused open source software.
r/privacy moderators also censored this post with the same reason:
IRS nears deal with ICE to share addresses of SUSpected undocumented immigrants
Really makes you think.
Okay that’s absolutely insane. Glad I switched to here even though it’s quieter
Fewer people but 1000x the engagement. I switched last month and I already have more upvotes than my 15yo Reddit account. Also folks are way, way smarter here. I feel like I'm learning more than I contribute, opposite story on Reddit. Well welcome!
I thought that at first but now that I comment and post more I get a lot of mean comments here and there. Most users are just redditors so they’ve brought their old ways, sadly. I do hope we can collectively strive to not be redditors. I would prefer HN-like discussions
Glad to have you here, too. Its not as big as the reddit counterpart but I like this community.
Kind of you to say. Must be glad to have you here because voyager tags you as being upvoted by me a lot! :D
Well that's a way to look at it.
This def feels like censorship.
We saw Lemmy.world mods uses these clown tactics when CEo got deposed.
They just make up reasons for it it seems as they go.
Redditors in tech subs... Got down voted to oblivion for trying to point out just because Whatsapp uses E2EE, that it doesn't mean meta can't extract the messages from the apps before and after transmission.
~~Um... its been the rule for a while, nothing recent. Its just stupid. Somthing like: "Signal vs Briar" is also not allowed because it mentions a specific name of a software/OS/tool/platform/service~~
Nvm
Can you point to it in the sidebar?
I don't think it exists
Nvm, I was thinking of the "No Mention of Specific Alternative OSes" rule
view more: next ›