this post was submitted on 25 Mar 2025
295 points (97.4% liked)

Privacy

1733 readers
288 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No reposting of news that was already posted
  4. No crypto, blockchain, NFTs
  5. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 4 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
295
On Reddit's r/privacy, you can no longer criticize Facebook (www.reddit.com)
submitted 1 week ago by LWD@lemm.ee to c/privacy@lemmy.dbzer0.com
64 comments fedilink hide all child comments
 

Original post text

Given the recent detainment of a French person who got detained because he said something bad about the current administration in his WhatsApp messages. It makes me wonder if WhatsApp is truly end to end encrypted as they claimed. How did they even single him out?

As a corollary question, if I were to pass Customs, and if I delete WhatsApp , Reddit etc just before I reach the counter, will they be able to find out that I just deleted the apps minutes ago? I’ll be deleting them from my phone but keep them on the cloud.

you are viewing a single comment's thread
view the rest of the comments
[–] koper@feddit.nl 7 points 1 week ago (3 children)

The phone number link means forward security isn't possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who's simply kept the encrypted data.

Can you elaborate on that? Obviously the phone number has privacy implications, but I don't think it can be used to decrypt messages. In the signal protocol, encryption keys are exchanged using ECDH (so wiretapping doesn't work) and periodically rotated (so even knowing the encryption keys at a certain point doesn't let you decrypt messages after that).

[–] curious_dolphin@slrpnk.net 4 points 1 week ago (1 children)

The comment that you replied to does not imply the phone number can be used to decrypt messages. All they are saying is that because Signal accounts are tied to phone numbers, a potential adversary already has one piece of the puzzle (who is talking to whom). If somehow, some way, the encryption were ever compromised, then the adversary would have both pieces—in other words, they would know not only who is talking to whom but also what they are saying.

[–] Telorand@reddthat.com 3 points 6 days ago

If the encryption is ever hacked, knowing who you are is probably the least of anyone's concerns. I would imagine that any adversary could build a profile or plan a response without knowing a particular phone number.

"These two people are planning civil rights activism here on Friday," is just as useful as, "MLK Jr and Malcolm X are planning activism here on Friday."

Thankfully, they'd have to not only break encryption but also MitM the conversations, since Signal doesn't actually store chat data on their servers.

[–] Trihilis@ani.social 4 points 1 week ago

A phone number can be traced back to a person. If there is ever a hack or backdoor it can be traced. There are plenty of alternatives that are open source and don't require any kind of identifier.

[–] sunzu2@thebrainbin.org 2 points 1 week ago

I think he is going for the idea once encryption is broke in the future... You name is tied to the content forever.

Without phone number it would be just some random content.