US has investigated claims WhatsApp chats aren't private

WhatsApp's end-to-end encryption has been independently investigated: https://kclpure.kcl.ac.uk/ws/files/324396471/whatsapp.pdf

Full version here: https://eprint.iacr.org/2025/794.pdf

We didn't review the entire source code, only the cryptographic core. That said, the main issue we found was that the WhatsApp servers ultimately decide who is and isn't in a particular chat. Dan Goodin wrote about it here: https://arstechnica.com/security/2025/05/whatsapp-provides-n...

No closed-source E2EE client can be truly secure because the ends of e2e are opaque.

Detecting backdoors is only truly feasible with open source software and even then it can difficult.

A backdoor can be a subtle remote code execution "vulnerability" that can only be exploited by the server. If used carefully and it exfiltrates data in expected client-server communications it can be all but impossible to detect. This approach also makes it more likely that almost no insider will even be aware of it, it could be a small patch applied during the build process or to the binary itself (for example, a bound check branch). This is also another reason why reproducible builds are a good idea for open source software.

Ex-WhatsApp engineer here. WhatsApp team makes so much effort to make this end to end encrypted messages possible. From the time I worked I know for sure it is not possible to read the encrypted messages.

From business standpoint they don’t have to read these messages, since WhatsApp business API provide the necessary funding for the org as a whole.

Matthew Green's take from 3 days ago:

> There’s a lawsuit against WhatsApp making the rounds today, claiming that Meta has access to plaintext. I see nothing in there that’s compelling; the whole thing sounds like a fishing expedition.

https://bsky.app/profile/matthewdgreen.bsky.social/post/3mdg...

None of the statements I’ve seen from Meta, people formerly involved in WhatsApp that chimed in here (thanks!), or the quotes from the investigation are incompatible with the whistleblowers’ allegations.

At this point, I won’t trust anything short of this on the front page of an SEC filing, signed by zuck and the relevant management chain:

“The following statement is material to earnings: Facebook has never (since E2EE was rolled out) and will never access messages sent through whatsapp via any means including the encryption protocol, application backdoor moderation access or backup mechanisms. Similarly, it does not provide third parties with access to the methods, and does not have the technical capability to do so under any circumstances.”

Just to throw in a couple of possibly outlandish theories:

1. as others have said, they could be collecting the encrypted messages and then tried to decrypt them using quantum computing, the Chinese have been reportedly trying to do this for many years now.

2. with metadata and all the information from other sources, they could infer what the conversation is about without the need to decrypt it: if I visit a page (Facebook cookies, they know), then I share a message to my friend John, and then John visits the same page (again, cookies), then they can be pretty certain that the contain of the message was me sharing the link.

I wonder how these investigations go? Are they just asking them if it is true? Are they working with IT specialist to technically analyze the apps? Are they requesting the source code that can be demonstrated to be the same one that runs on the user devices and then analyze that code?

I said this in another recent HN thread but all encryption comes down to key management. If you don’t control the keys, something else does. Sometimes that’s a hardware enclave, sometimes it’s a key derivation algorithm, sometimes it’s just a locally generated key on the filesystem.

If you never give WhatsApp a cryptographic identity then what key is it using? How are your messages seamlessly showing up on another device when you authenticate? It’s not magic, and these convenience features always weaken the crypto in some way.

WhatsApp has a feature to verify the fingerprint of another party. How many people do you think use this feature, versus how many people just assume they're safe because they read that WhatsApp has E2EE?

I witnessed something recently that points unambiguously at Whatsapp chats being not private.

Not two months ago I sent a single photo to a friend of some random MacGyver kitchen contraption I made. Never described it, just a photo with the lol. He replied lol. He never reshared nor discussed it with anyone else. We never spoke about this before or after. Two days later he starts seeing ads on Facebook for a proper version of the same. There's virtually no other explanation except for Meta vacuuming and analyzing the photo. None.

It is a bit counter-intuitive because there'd be law enforcement lobby working very hard to make sure that they can read private WhatsApp chats. I don't think it is reasonable to treat the entity that literally runs a spy agency monitoring all digital communication as the arbiter and investigator of what is and isn't private. The incentives just aren't there.

I want whatsapp to decrypt the messages in a secure enclave and render the message content to the screen with a secure rendering pipeline, as is done with DRM'ed video.

Compromise of the client side application or OS shouldn't break the security model.

This should be possible with current API's, since each message could if needed simply be a single frame DRM'ed video if no better approach exists (or until a better approach is built).

So many people that strongly believe WhatsApp isn't E2EE!

Quick, someone set up a Kalshi or Polymarket or whatever claiming that WhatsApp isn't E2EE.

I'll gladly bet against the total volume of people that believe it isn't E2EE -- it'll be an easy 2x for you or me.

I know the default assumption with Telegram is that they can read all your messages, but unlike WhatsApp they seem less cooperative and I never got the notion that they ever read private messages until the Macron incident, and even then they do if the other party reports them. How come they are able to be this exception despite not having end to end encryption by default?

Is anybody using any open source, self-hosted solution with an UI on par to whatsapp? Asking for my wife

> “We look forward to moving forward with those claims and note WhatsApp’s denials have all been carefully worded in a way that stops short of denying the central allegation in the complaint – that Meta has the ability to read WhatsApp messages, regardless of its claims about end-to-end encryption.”

My money is on the chats being end to end encrypted and separately uploaded to Facebook.

Meanwhile Apple has always been able to read encrypted iMessage messages and everyone decided to ignore that fact. https://james.darpinian.com/blog/apple-imessage-encryption

This reads like a nothingburger. Couple of quotes from the article:

> the idea that WhatsApp can selectively and retroactively access the content of [end-to-end encrypted] individual chats is a mathematical impossibility

> Steven Murdoch, professor of security engineering at UCL, said the lawsuit was “a bit strange”. “It seems to be going mostly on whistleblowers, and we don’t know much about them or their credibility,” he said. “I would be very surprised if what they are claiming is actually true.”

No one apart from the firm filing the lawsuit is actually supporting this claim. A lot of people in this thread seem very confident that it's true, and I'm not sure what precisely makes them so confident.

Both things cannot be true at the same time

- WhatsApp encryption is broken

- EU's and UK's Chat Control spooks demand Meta to insert backdoor because they cannot break the encryption

The Guardian has its own editorial flavour on tech news, so expect them to use any excuse to bash the subject.

It seems obvious that they can. It's my understanding for FB Messenger that the private key is stored encrypted with a key that is derived from the user's password. So it's not straightforward, but Meta is obviously in a position to grab the user's password when they authenticate and obtain their private key. This would probably leave traces, but someone working with company authorization could probably do it.

For WhatsApp they claim it is like Signal, with the caveat that if you have backups enabled it works like Messenger. Although interestingly if you have backups enabled the key may be stored with Apple/Google rather than Meta, it might be the case that with backup enabled your phone vendor can read your WhatsApp messages but Facebook cannot.

I co-founded Gliph, which was one of the first commercial, cross platform messaging apps to provide end to end encrypt.

One area of exposure was push notifications. I wonder if the access described wasn’t to the messages themselves but content rich notifications.

If so, both parties could be ~correct. Except the contractors would have been seeing what is technically metadata.

Next time you use true real independently audited e2e communication channel, don’t forget to check who is the authority who says that the "other end" is "the end" you think it is

It's a proprietary, closed-source application. It can do whatever it wants, and it doesn't even need to "backdoor" encryption when all it has to do is just forward everything matching some criteria to their servers (and by extension anyone they comply to). It's always one update away from dumping your entire chat history into a remote bucket, and it would still not be in contradiction with their promise of E2EE. Furthermore, it already has the functionality to send messages when reporting [0]. Facebook's Messenger also has worked that way for years. [1] There were also rumors the on-device scanning practice would be expanded to comply with surveillance proposals such as ChatControl a couple years ago. This doesn't mean it's spying on each and every message now, but it would have potential to do so and it would be feasible today more than ever before, hence the importance of software the average person can trust and isn't as easily subject to their government's tantrums about privacy.

0. https://www.propublica.org/article/how-facebook-undermines-p...

1. https://archive.is/fe6zY

It was my understanding that the backups are unencrypted. Is that still the case?

Whatsapp is considered insecure and banned from use for military in Russia. Telegram, on the other hand, is widely used. Of course that's not something definitive, but just a food for thought.

I feel fairly confident an oddly-shaped donation from Mark Z’s foundation will make this go away.

Thank God for Signal. And by God I mean all the smart men and women who made Signal possible. Not God. God didn't do shit. As usual.

WhatsApp belongs to Meta.

Why would anyone believe those chats are private?

The issue here is that WhatsApp doesn't work with third-party clients (outside of EU anyway). It does now in EU via BirdyChat and Haiket, but the features are too limiting: https://about.fb.com/news/2025/11/messaging-interoperability...

Ideally, WhatsApp would fully support third-party open-source clients that can ensure that the mathematics are used as intended.

Lots of uninformed conspiratorial comments with zero proof in here, but I'd really like WhatsApp to get their encryption audited by a reliable, independent 3rd party.

yes/no? Can't they just say that?

I always assumed this to be true, to be honest.

Nowadays all of the messaging pipeline on my phone is closed source and proprietary, and thus unverifiable at all.

The iPhone operating system is closed, the runtime is closed, the whatsapp client is closed, the protocol is closed… hard to believe any claim.

And i know that somebody’s gonna bring up the alleged e2e encryption… a client in control of somebody else might just leak the encryption keys from one end of the chat.

Closed systems that do not support third party clients that connect through open protocols should ALWAYS be assumed to be insecure.

I am not into conspiracy theories, but I find it very unlikely that our governments can’t read all our messages across platforms.

Who do they expect to fall for the claims that a Facebook owned messenger couldn't read your "encrypted" messages? It's truly funny.

Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.

For context, the U.S. is also currently investigating whether Donald Trump actually won the 2020 presidential election (he didn’t), whether aspirin causes autism (it doesn’t), and whether transgenic research is woke (it’s not).

“The U.S. investigates” unfortunately does not mean as much as it used to. That said, I would rest easy in the knowledge that someone deep in the NSA already knows with absolute certainty whether the WhatsApp client app is doing anything weird. But they’re not likely to talk to a reporter or plaintiffs lawyer.

I always assumed Meta has backdoor that at least allows them to compromise key individuals if men in black ask, but law firm representing NSO courageously defending the people? Come the fuck on.

> Our colleagues’ defence of NSO on appeal has nothing to do with the facts disclosed to us and which form the basis of the lawsuit we brought for worldwide WhatsApp users.

“Fox has investigated whether henhouse is secure” News at 11.

If your personal threat model at this point is not literally:

“everything I ever do can be used against me in court”

…then you are not up-to-date with the latest state of society

Privacy is the most relevant when you are in a position where that information is the difference between your life or your death

The average person going through their average day breaks dozens of laws because the world is a Kafkaesque surveillance capitalist society.

The amount of information that exists about there average consumer is so unbelievably godly such that any litigator could make an argument against nearly any human on the planet that they are in violation of something if there is enough pressure

If you think you’re safe in this society because you “don’t do anything wrong“ then you’re compromised and don’t even realize it

I trust Telegram more: Putin never had any problems with Whatsapp, only with Telegram.

The reality that most encryption enthusiasts need to accept is that true E2EE where keys don’t leave on-device HSMs leads to terrible UX — your messages are bound to individual devices. You’re forced to do local backups. If you lose your phone, your important messages are gone. Lay users don’t like this and don’t want this, generally.

Everything regarding encrypted messaging is downstream of the reality that it’s better for UX for the app developer to own the keys. Once developers have the keys, they’re going to be compelled by governments to provide them when warrants are issued. Force and violence, not mathematical proofs, are the ultimate authority.

It’s fun to get into the “conspiratorial” discussions, like where the P-256 curve constants came from or whether the HSMs have backdoors. Ultimately, none of that stuff matters. Users don’t want their messages to go poof when their phone breaks, and governments will compel you to change whatever bulletproof architecture you have to better serve their warrants.

Frankly the wrench-attack is easier.

> US reportedly investigate claims that Meta can read encrypted WhatsApp messages

Lol, Fox guarding the hen house.

This was slid off the first page of HN so quickly.

As someone wisely pointed out in this thread, the reason Facebook is doing this is: "it's for favor trading and leverage at the highest levels."

I mean at the very least if their clients can read it then they can at least read it through their clients, right? And if their clients can read it’ll be because of some private key stored on the client device that they must be able to access, so they could always get that. And this is just assuming that they’ve been transparent about how it’s built, they could just have backdoors on their end.

What even are these low effort, uninformed conspiratorial comments saturating the comment section?

Sure, Meta can obviously read encrypted messages in certain scenarios:

- you report a chat (you're just uploading the plaintext)

- you turn on their AI bot (inference runs on their GPUs)

Otherwise they cannot read anything. The app uses the same encryption protocol as Signal and it's been extensively reverse engineered. Hell, they worked with Moxie's team to get this done (https://signal.org/blog/whatsapp-complete/).

The burden of proof is on anyone that claims Meta bypassing encryption is "obviously the case."

I am really tired of HN devolving into angry uninformed hot takes and quips.

I mean no shit, right?

Zuck didn't buy it in good faith. It wasn't "we'll grow you big by using our resources but be absolutely faithful to the privacy terms you dictate". Evidence: Brian Acton very publically telling people that they (Zuck, possibly Sandberg) reneged

Zuck thinks we're "dumb fucks". That's his internet legacy. Copying products, buying them up, wiping out competition

I'm shocked, shocked! that there's gambling going on here ...

[dead]

Anyone trusting Facebook to follow basic human decency and, yes, laws, is a fool.

Surprised pikachu face