WhatsApp apparently uses Signal’s encryption protocols and doesn’t store keys remotely but with the amount of unencrypted metadata that gets collected along with the fact that encrypted messages can still be reported to WhatsApp, a lot of the point of the encryption is nullified. You can read their security white paper here if you’re so inclined.
Still, I’d keep away from any for-profit chat service. Like anything free from a for-profit company, you and your user data are the product, not the product itself.
Does it? How do we know? WhatsApp is closed source, so maybe Facebook is just copying all private keys to their servers?
WhatsApp apparently uses Signal’s encryption protocols and doesn’t store keys remotely but with the amount of unencrypted metadata that gets collected along with the fact that encrypted messages can still be reported to WhatsApp, a lot of the point of the encryption is nullified. You can read their security white paper here if you’re so inclined.
Still, I’d keep away from any for-profit chat service. Like anything free from a for-profit company, you and your user data are the product, not the product itself.
The security paper doesn’t mean a thing. Without seeing the code we simply don’t know if Facebook is doing what they say they are doing.