Hacker News new | past | comments | ask | show | jobs | submit login

A TD:DR; for people.

The "WhatsApp Encryption Overview" technical whitepaper [1] had the following text removed between revisions:

"At no time does the WhatsApp server have access to any of the client's private keys."

[1] https://scontent.whatsapp.net/v/t39.8562-34/122249142_469857...

Instead, they added the following on page 13:

> The WhatsApp server has no access to the client’s private keys, (...)

Good point. Here is the full text

>All chats use the same Signal protocol outlined in this whitepaper, regardless of their end-to-end encryption status. The WhatsApp server has no access to the client’s private keys, though if a business user delegates operation of their Business API client to a vendor, that vendor will have access to their private keys - including if that vendor is Facebook.

Not sure if the facebook exception was there in the previous version.

> “The _WhatsApp_ server has no access to the client’s private keys”

This is craftily ambiguous.

Craftily specific, more like.

The Facebook server does 0=)

We delete them right after we mirror them to the NSA through our ultra-security SolarWinds box, promise!

Would you have a link to the previous version?

This website seems to have version 2 which includes that text on page 11. You can scroll down and read it without downloading it.



A copy I had downloaded on 29 July 2020

Thanks. Archived: https://archive.is/FenEt

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact