For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    1
    arrow-down
    10
    ·
    edit-2
    1 year ago

    They can, all goverments nowadays have at thei disposal Quantum computer, provided by large companies (Google, IBM, Facebook, M$…) Not being able to decrypt messages was valid, in part, a few years ago, but not longer. Microsoft itself is now moving away from using passwords, using logins with physical keys for this reason and others will follow soon. Chat messages are no longer secure, while they do not also use quantum technology. But don’t worry, as long as you don’t attract attention for being a pedophile or for belonging to a terrorist group, no one is going to bother decoding your messages. Also the Germans in the II WW thought that nobody can read their with Enigma encrypted messages, fail.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      You comment is wrong and misinformed. Quantum computing isn’t able to break RSA 2048 yet. Also passwords aren’t related to quantum computing.

    • TheCaconym [any]@hexbear.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      1 year ago

      What you wrote is science fiction, not fact. So are practical quantum computers, thus far.

      It also ignores the fact that quantum computing would do shit all against symmetric encryption (though admittedly that’s less relevant for whatsapp, but it’s perfectly relevant if you want to exchange secure messages with someone you met physically prior); as well as the fact quantum-resistant encryption algorithms such as NTRU already exist and are already considered for implementation in free software tools (the only reason they aren’t is they’re far less tested and nobody trusts them yet against conventional attacks).