Hacker News new | past | comments | ask | show | jobs | submit login

You have it correct. Nearly every major US provider maintains some sort of online interface for law enforcement to submit requests. The level of information provided via these means varies, but they are obligated to respond to legitimate requests with wharever data they have on hand.

Dont like it? Go with a security-minded service like signal. Or, better yet, something totally severless and open source.




I don't use WhatsApp. But if they have an official backdoor, then it's not really e2e encrypted. Until now I thought, at least the official statement was, WhatsApp is truly e2e encrypted. Just that.


Maybe they are. But they would still have non-content timing, location and connection data. That is just as useful as message content.


It can be end to end and Encrypted and still have a backdoor.

I.e keeping a continuous web client active which the user isn't notified about


Even with encryption, WhatsApp could provide users' contact lists, message send time and volume, IP addresses, phone numbers.

Having a phone number is almost same as having person's location and identity. That's why really secure messengers won't require a phone number.


Isn't the fear more about a man-in-the-room attack rather than weaknesses in the e2e?


The end-to-end refers there to the hand-held device, not the peers' brains. The backdoor will then simply be in the hand-held device, intercepting the data meant to be displayed by the WhatsApp application.


> security-minded service like signal.

There's no security-minded service which use Google services.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: