Hacker News new | past | comments | ask | show | jobs | submit login

A TD:DR; for people.

The "WhatsApp Encryption Overview" technical whitepaper [1] had the following text removed between revisions:

"At no time does the WhatsApp server have access to any of the client's private keys."

[1] https://scontent.whatsapp.net/v/t39.8562-34/122249142_469857...




Instead, they added the following on page 13:

> The WhatsApp server has no access to the client’s private keys, (...)


Good point. Here is the full text

>All chats use the same Signal protocol outlined in this whitepaper, regardless of their end-to-end encryption status. The WhatsApp server has no access to the client’s private keys, though if a business user delegates operation of their Business API client to a vendor, that vendor will have access to their private keys - including if that vendor is Facebook.

Not sure if the facebook exception was there in the previous version.


> “The _WhatsApp_ server has no access to the client’s private keys”

This is craftily ambiguous.


Craftily specific, more like.


The Facebook server does 0=)


We delete them right after we mirror them to the NSA through our ultra-security SolarWinds box, promise!


Would you have a link to the previous version?


This website seems to have version 2 which includes that text on page 11. You can scroll down and read it without downloading it.

https://www.academia.edu/36044237/WhatsApp_Encryption_Overvi...


https://files.catbox.moe/fopl6w.pdf

A copy I had downloaded on 29 July 2020


Thanks. Archived: https://archive.is/FenEt




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: