rysiek ✅ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

> In a phone call with WIRED, a WhatsApp spokesperson confirmed the researchers' findings, but emphasized that no one can secretly add a new member to a group—a notification does go through that a new, unknown member has joined the group.

Yeah, that solves it. -_-;


wired.com/story/whatsapp-secur

@rysiek Notifications that are displayed according to unaudited, closed source code, controlled by WhatsApp. Why do people trust this garbage? Even Moxy of OpenWhisperSystems seems to feel that closed code is magically safe to trust as long as the "encryption core" is open. WTF?

rysiek ✅ @rysiek

@cathal is the encryption core open though, or is just the protocol open?

My understanding is that WhatsApp does not use the FLOSS implementation of Signal proto, instead rolling out their own with the help of moxie.

*NOTHING* stops them from fscking this implementation up at some point or removing it entirely at their discretion.

I'd *love* to be proven wrong about this.

· Web · 1 · 2

@rysiek Exactly, yes. But even if they did use an open source lib, it wouldn't matter; the closed bits are part of the same process/PID, they can access the same memory, and do whatever they want. There's nothing trustworthy about WhatsApp, whether the internals have open bits or not.

@rysiek @cathal The program itself is still a proprietary mess of several different competing codebases. It's not like it's got a tiny attack surface.