A third party observer cannot read the messages as they pass through the whatsapp network, but Facebook can read the messages at both ends.
Facebook has said that they don't do this outside of Australia, where it is required by law, but come on, are we really going to take Zuckerberg's word for it?
This is why I believe that end-to-end encryption is not truly useful unless the source code of the clients is public, or the protocol is open.
Any closed source client can read messages at the ends, or be forced to do so by an evil government.
At the very least, they could open up XMPP compatibility again so that people could write their own open source clients for it. Australia wouldn't be able to do anything about the propagation of such open source software.
I was able to have end-to-end encryption running on top of MSN, AOL, ICQ, QQ, Facebook, Gtalk, Yahoo, and several others about 10 years ago with Pidgin and simple plugins that encrypted/decrypted messages on the fly. It's too bad they all moved selfishly to closed source walled-garden mobile apps -- it's a big step back in privacy.
I've been bouncing around the idea of a fully decentralized end-to-end encrypted chat protocol for exactly this reason, but I've been afraid to work on it for precisely the reason this thread is being discussed. I know that if my name were attached to the project, I'd be facing all kinds of unwelcome scrutiny from the government and news agencies. I'd lose the very privacy I want to maintain by designing privacy-protecting software.
There's a lot I'm not explaining, in part because I don't (yet) understand crypto well enough to know if my idea even makes sense, let alone is feasible.
Matrix is close, but not what I'm describing. It's far more centralized than I'd like to see.
I would take a look at Matrix[1], which is basically what you're describing (it's a federated replacement from group chats that has Signal-like E2EE and has an open protocol) and it's already implemented.
Not exactly. I rather dislike XMPP's design, and what I'd like to see is something not only decentralized (relying at most on a DHT seed), but supporting group chats with trivially-expirable keys. My limited exposure to OTR suggests it only reliably supports one-on-one exchanges.
Open source doesn't guarantee that the compiled source running on your device is the same as what you can view on, for example, GitHub. That is also a trust problem.
It is much easier to trust that `apt-get install pidgin` will run the published Pidgin source code, than it is to trust that Messenger or WhatsApp will only do the (undocumented) things that I expect them to do.
I tried to read data transmitted between the facebook messenger app (on iOS) and facebook server but it's encrypted and if you set up a mitm proxy it refuses to transmit. Even if you trust the mitm proxy certificate in the OS settings.
The only chance at security is if you can tap your network connection at the dumb wire layer, and verify that it's encrypted with your own private key.
This is what I find so fascinating. Yes, it cannot be intercepted in transit. But nothing is stopping the keyboard on which I type or the text box in which I type from collecting all the things and sending those things where ever they want. In-transit interception, in this context, seems like a fruitless threat model when compared to the keyboard/text box vector.
With respect to facebook in particular, they have had the means of reading the messages on either side for ages, even before it was required by law. iOS and Android both have "leaky sandboxing", where certain apps from the same publisher can read each other's data and memory, and Facebook added WhatsApp to its sandbox almost immediately after acquiring it, allowing the main Facebook and Messenger apps to read all the messages received by WhatsApp.
Facebook has said that they don't do this outside of Australia, where it is required by law, but come on, are we really going to take Zuckerberg's word for it?