WhatsApp's "End-to-End Encryption" Is the Biggest Lie in Tech History

Posted by dotcoma 1 day ago

WhatsApp's "End-to-End Encryption" Is the Biggest Lie in Tech History(medium.com)

37 points | 49 commentspage 2

readthenotes1 1 day ago|

I bet people use WhatsApp mostly because it's free texting on many ISPs

sunshine-o 1 day ago||

By the way, I remember the chat apps interoperability in Europe was announced more than 2 years ago but so far no major competitor app have enabled it.

What are our options today to chat with WhatsApp users without using their app?

nisegami 1 day ago||

This is why threat modelling is essential. What are you trying to defend against and by whom?

OutOfHere 1 day ago|

Threat modeling is half nonsense because it becomes an excuse for negligence, often by lazy professionals who are just collecting a paycheck. Would you for example do threat modeling to protect your Bitcoin wallet passphrase or would you just secure it?

EGreg 1 day ago||

I’ve been saying this for years — when people derided me on HN — that we need decentralization and open-source backends, because we are relying on pinky-promises. We need attestation that we can trust.

I have been building it, piece by piece. Some pieces have been recently featured (last week) in trusted security publications:

Safecloud: https://www.helpnetsecurity.com/2026/06/19/safecloud-browser...

Safebox and Safebots are coming too: https://safebots.ai/about

You won’t need to take anyone’s word for it. And in fact, end-to-end encryption will become unnecessary.

edg5000 1 day ago|

We just need open source clients though right?

What does attestation have to do with this? Attestation means not giving me root to my own device. No thanks.

We need something universal, like email, but better engineered.

EGreg 1 day ago||

I mean attestation of what’s running on the server. Did you click and read?

As for the client — the app store on iOS doesn’t allow reproducible builds.

Telegram tried something close for years, which is how I know they care: https://core.telegram.org/reproducible-builds

But it doesn’t matter because the metadata is equally important and useful to get you. And anyway, end-to-end encryption can be banned, or compromised by a new app update, or secretly removed via a backdoor for some, if you pressure one guy (eg @durov in France, or his team every time they pass through an airport). Read this article — it was my response to Moxie Marlinspike (of Signal fame) years ago when he was skeptical of decentralization:

https://community.intercoin.app/t/web3-moxie-signal-telegram...

incognito124 1 day ago||

I can't fucking stand this AI slop writing. If the author couldn't spend time writing it, I won't spend time reading it

OutOfHere 1 day ago||

We need to distinguish such bad quality AI writing from good quality writing. There is absolutely no reason why AI writing has to be so bad. When it is good, you won't even know.

edg5000 1 day ago||

Agree

OutOfHere 1 day ago||

It's agreed, not agree.

edg5000 1 day ago||

I see. Thanks for pointing out.

penr0se 1 day ago||

> this isn’t a political fight. It’s not a he-said, she-said between tech billionaires. It’s a technical question.

> In transit. Between two online devices. With no cloud backup. With no business accounts. With no Meta AI features. With no linked devices. With no law enforcement warrant for metadata.

> Under every other condition — which is how most people actually use WhatsApp — the story changes dramatically.

Smells a lot like slop so I'll pass, no thanks.

0xy 1 day ago||

Absolutely, it can be encrypted all they want and it's totally irrelevant given all the plaintext chats get stored straight in Google Drive (if you didn't, your conversation partners did!).

Then for some reason WhatsApp has far more critical no-click or 1-click exploits than Telegram, which has 30 global employees? Huh? There's several thousand working on WhatsApp. Telegram has more features, too. WhatsApp has less surface area, more employees, more exploits.

penr0se 1 day ago||

Maybe it's just a matter of how much effort people put into finding exploits on the two apps. If WhatsApp has many more (actual) users than Telegram, researching exploits on WhatsApp is more worth researching on WhatsApp than Telegram

A bit like how there's much more malware for Windows than there is for Linux

NateEag 1 day ago|||

Several thousand employees means several thousand chances per working day to create a security breach.

I suspect that smaller teams are, on average, more likely than larger ones to write secure software.

dotcoma 1 day ago||

It’s a feature, not a bug.

colesantiago 1 day ago|

If the article is from Medium, there is a 90% chance of slop.

Avoid.