According to their FAQ, "WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp ... End-to-end encryption is always activated, provided all parties are using the latest version of WhatsApp. There is no way to turn off end-to-end encryption."
So it essentially boils down to "do you blindly trust WhatsApp to do what they promise...and to do it without technical errors which would compromise this?" Now, is there a way to somehow verify that claim, or at least falsify it?
( https://en.wikipedia.org/wiki/Falsifiability )
The question of Trust is a question that needs to be answered no matter which technologies you use, and the answer for it is very personal to an individual.
If Wikipedia's to be believed, Open Whisper Systems partnered with WhatsApp and provided the same end-to-end encryption as Signal.
if you add an URL to your message before sending, then a URL preview is generated (fetching image and some info text).. so i was pondering, if it _could_ be that this code, locally on your phone, can access the rest of the message content and send it later to WA
I figure that it's showing the Metadata for the pages you provide links for. A ton of other messaging platforms provide that ability to show information about the link.
Anything could be sending your message unenciphered. A client could get compromised. It could be pulling an IMAP/E-Mail shenanigans of sorts when it sends your Drafts up. It really falls on how much Trust you're willing to give on its claims.
I guess if you'd like to find out, you could watch what it sends for a while to make sure WhatsApp isn't doing anything funny.
