Unlike Signal, WhatsApp provides no cryptographic management for group messages
It shows yet again that marketing end-to-end-encryption (E2EE) is not the be-all and the end-all when it comes to security and privacy.
It's the edges (client devices) and group chats etc where there could be weaknesses. Furthermore, it also shows again that if you use the proper Signal app, there is right now no better security and privacy as far as ordinary users go (non-ordinary users make use of other messaging apps where you just don't find all your friends).
What this WhatsApp vulnerability means is two things: Firstly as usual Meta messed with the original Signal protocol (to scale I'm sure) otherwise it would not be different, and secondly that any Meta admin could insert anyone into an encrypted WhatsApp group chat. Yes it may not be that likely to happen, and users should see it if they are paying attention (except for the White House), but a government anywhere in the world could now force Meta to insert one of their agents into such a group chat, even after the fact, to prosecute or persecute someone.
Bottom line is Signal is still best for all ordinary users, and is at least serious about security and privacy, unlike Meta who seems not really to care beyond the marketing and driving under adoption up. Whistleblowers and activists should only be using Signal or better apps.
The network effect though does hold ordinary users firmly on WhatsApp and Facebook, so if you do want others to change, make sure you at least have a Signal account in case others want to change and still find their friends. I have about 8+ messengers on my phone (apart from WhatsApp) so having more than one app is just a non-issue today.
The gripe I do have with Signal still is, it is tied to a mobile phone number, but I get it that a messenger that is not so tied, does not help find one's friends.
See
WhatsApp provides no cryptographic management for group messages
The weakness creates the possibility of an insider or hacker adding rogue members.
#
technology #
security #
privacy #
WhatsApp