Zuckerberg and WhatsApp Encryption
@Last Saturday
In the interview of Mark Zuckerberg, Joe Rogan starts a discussion with the ability of the U.S. to read Tucker Carlson’s Signal messages.
TL;DR: The WhatsApp communication is presumed secure and the [three letter agencies] only have access to all your messages if they have access to your phone.
From the context this access to the phone is either implied directly or indirectly in the sense that they can get it using physical access or remote tools like Pegasus which was mentioned by name.
The full interview linked to relevant time is posted at the bottom of this page.
Signal and WhatsApp are the two Most Secure Messengers
Talking about Signal, Zuckerberg says
“I doubt that what they [Rogan was referring the CIA or the FBI, Zuckerberg says NSA or CIA] did was they broke Signal because that encryption I think is pretty good.”
“WhatsApp and Signal are probably the two most secure that are out there.”
— Mark Zuckerberg
He mentions that “basically Signal and WhatsApp use the same encryption”. Both are based on the Open Whisper Systems devised algorithms that use public key cryptography, which when properly implemented is considered highly secure.
With the encryption they cut themselves out of the clear text communication, meaning WhatsApp does not see messages stored or passed through their servers. Quoting him it “cuts out the [service providing] company completely from it”.
He also does mention that if they wanted access to the messages, they’d [hypothetically] send back the decrypted messages straight from the victim’s phone using screenshots or other means.
Zuckerberg saying “basically when I text you on WhatsApp there’s no point at which meta servers see the contents of that message unless, like you know, we took a photo of it or shared that back to meta in some other way”
Reading up on the topic it seems that the easiest way to send a message back to Meta is to flag it. We haven’t found out to what context that applies. Is it only the flagged message, the whole thread or other parts?
While not part of this article, bitcreed’s opinion is that WhatsApp is not part of the most secure messengers out there even if it uses a similar encryption as Signal since security is about more than just securely delivering a message.
bitcreed recommends Threema and Signal as highly secure messengers and Telegram for creating service integrations with good but comparatively moderate security.
Any Device is Compromised With Physical Access
Zuckerberg says any device a capable entity has physical access to is to be considered compromised: “If the FBI arrests you and takes your phone they’re probably going to be able to get in and see what’s there”
The interview only briefly mentions Telegram (which is not considered secured in its default setting) in the context of the arrest of their CEO Pavel Durov. No technical details or comparisons with Telegram are made in the interview.
Full interview