Despite long-standing statements by the messenger’s founders and Meta itself about WhatsApp’s end-to-end encryption, the authors of the lawsuit claim that it is a fiction. And Meta employees can allegedly read any user’s messages in real time, Anti-malware.ru writes.
According to the claimants, a company employee only needs to send an internal request (“task”) to a Meta engineer, and access to any user’s correspondence will be granted. Moreover, it is claimed that it is possible to read not only current messages, but also the entire history from the moment of account registration, including deleted messages.
If this is true, it will be one of the biggest scandals in the history of the technology industry – in fact, a complete deception of billions of users.
Cryptographer: the probability is extremely low
Johns Hopkins University professor and renowned cryptographer Matthew Green reacted to the situation. In his blog, he took apart the accusations in detail and tried to assess how realistic they are.
Green reminds us: WhatsApp is indeed built on the Signal protocol, which is considered the benchmark for end-to-end encryption. However, the code of WhatsApp itself is closed, which means that independent researchers cannot directly verify how exactly the encryption is implemented.
Nevertheless, according to Green, the likelihood that the allegations are true is extremely low. He cites two main arguments.
- If Meta really did have hidden access to correspondence, it would almost certainly have been discovered by independent researchers by now.
- Traces of such a mechanism would have inevitably “flashed” in the application code. Even if the sources are closed, old versions of WhatsApp can be downloaded, decompiled and analyzed – and this is done not only by enthusiasts, but also by professionals.
Yes, Green admits, such analysis is a complex and time-consuming task. But the very fact that it is possible in principle makes the idea of conscious lying on the part of Meta extremely risky and, in his words, “massively stupid” in terms of business and legal implications.
You can’t check it – trust it
In the end, the cryptographer boils it all down to a question of trust and quotes Ken Thompson’s legendary “Reflections on Trusting Trust” speech. There is no such thing as reliable verification, and at some point the user still has to trust. The only question is whether it is reasonable to believe that WhatsApp is secretly running “the biggest scam in the history of technology.” According to Green, without concrete evidence, no, it’s not reasonable.
He also notes that the situation here is not unique: the end-to-end encryption code in iMessage and FaceTime is not open either, and Apple users are in exactly the same position.
So the lawsuit against Meta remains at the level of loud statements, and there is no technical confirmation of the claims.
