US reportedly investigate claims that Meta can read encrypted WhatsApp messages
by echelon_musk on 1/31/2026, 1:27:23 PM
Comments
by: hiprob
I know the default assumption with Telegram is that they can read all your messages, but unlike WhatsApp they seem less cooperative and I never got the notion that they ever read private messages until the Macron incident, and even then they do if the other party reports them. How come they are able to be this exception despite not having end to end encryption by default?
1/31/2026, 4:45:54 PM
by: 0x_rs
It's a proprietary, closed-source application. It can do whatever it wants, and it doesn't even need to "backdoor" encryption when all it has to do is just forward everything matching some criteria to their servers (and by extension anyone they comply to). It's always one update away from dumping your entire chat history into a remote bucket, and it would still not be in contradiction with their promise of E2EE. Furthermore, it already has the functionality to send messages when reporting [0]. Facebook's Messenger also has worked that way for years. [1] There were also rumors the on-device scanning practice would be expanded to comply with surveillance proposals such as ChatControl a couple years ago. This doesn't mean it's spying on each and every message <i>now</i>, but it would have potential to do so and it would be feasible today more than ever before, hence the importance of software the average person can trust and isn't as easily subject to their government's tantrums about privacy.<p>0. <a href="https://www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users" rel="nofollow">https://www.propublica.org/article/how-facebook-undermines-p...</a><p>1. <a href="https://archive.is/fe6zY" rel="nofollow">https://archive.is/fe6zY</a>
1/31/2026, 4:42:59 PM
by: youknownothing
Just to throw in a couple of possibly outlandish theories:<p>1. as others have said, they could be collecting the encrypted messages and then tried to decrypt them using quantum computing, the Chinese have been reportedly trying to do this for many years now.<p>2. with metadata and all the information from other sources, they could infer what the conversation is about without the need to decrypt it: if I visit a page (Facebook cookies, they know), then I share a message to my friend John, and then John visits the same page (again, cookies), then they can be pretty certain that the contain of the message was me sharing the link.
1/31/2026, 4:36:54 PM
by: cosmicgadget
> “We look forward to moving forward with those claims and note WhatsApp’s denials have all been carefully worded in a way that stops short of denying the central allegation in the complaint – that Meta has the ability to read WhatsApp messages, regardless of its claims about end-to-end encryption.”<p>My money is on the chats being end to end encrypted and separately uploaded to Facebook.
1/31/2026, 3:38:00 PM
by: Ms-J
Who do they expect to fall for the claims that a Facebook owned messenger couldn't read your "encrypted" messages? It's truly funny.<p>Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
1/31/2026, 3:07:10 PM
by: ohcmon
Next time you use true real independently audited e2e communication channel, don’t forget to check who is the authority who says that the "other end" is "the end" you think it is
1/31/2026, 4:38:41 PM
by: SirFatty
Of course they can. Why wouldn't you assume this to be the case?
1/31/2026, 4:42:41 PM
by: renegade-otter
Anyone trusting Facebook to follow basic human decency and, yes, laws, is a fool.
1/31/2026, 3:43:00 PM
by: mrtksn
I wonder how these investigations go? Are they just asking them if it is true? Are they working with IT specialist to technically analyze the apps? Are they requesting the source code that can be demonstrated to be the same one that runs on the user devices and then analyze that code?
1/31/2026, 3:00:18 PM
by: nindalf
This reads like a nothingburger. Couple of quotes from the article:<p>> the idea that WhatsApp can selectively and retroactively access the content of [end-to-end encrypted] individual chats is a mathematical impossibility<p>> Steven Murdoch, professor of security engineering at UCL, said the lawsuit was “a bit strange”. “It seems to be going mostly on whistleblowers, and we don’t know much about them or their credibility,” he said. “I would be very surprised if what they are claiming is actually true.”<p>No one apart from the firm filing the lawsuit is actually supporting this claim. A lot of people in this thread seem very confident that it's true, and I'm not sure what precisely makes them so confident.
1/31/2026, 4:19:25 PM
by: modeless
Meanwhile Apple has always been able to read encrypted iMessage messages and everyone decided to ignore that fact. <a href="https://james.darpinian.com/blog/apple-imessage-encryption" rel="nofollow">https://james.darpinian.com/blog/apple-imessage-encryption</a>
1/31/2026, 4:21:31 PM
by: vbezhenar
Whatsapp is considered insecure and banned from use for military in Russia. Telegram, on the other hand, is widely used. Of course that's not something definitive, but just a food for thought.
1/31/2026, 4:26:48 PM
by: londons_explore
I want whatsapp to decrypt the messages in a secure enclave and render the message content to the screen with a secure rendering pipeline, as is done with DRM'ed video.<p>Compromise of the client side application or OS shouldn't break the security model.<p>This should be possible with current API's, since each message could if needed simply be a single frame DRM'ed video if no better approach exists (or until a better approach is built).
1/31/2026, 3:14:08 PM
by: miohtama
Both things cannot be true at the same time<p>- WhatsApp encryption is broken<p>- EU's and UK's Chat Control spooks demand Meta to insert backdoor because they cannot break the encryption<p>The Guardian has its own editorial flavour on tech news, so expect them to use any excuse to bash the subject.
1/31/2026, 3:34:50 PM
by: calibas
It's vulnerable to man-in-the-middle attacks, and the man-in-the-middle happens to be Meta.<p>The tricky part would be doing it and not getting caught though.
1/31/2026, 3:38:26 PM
by: oefrha
I always assumed Meta has backdoor that at least allows them to compromise key individuals if men in black ask, but law firm representing NSO courageously defending the people? Come the fuck on.<p>> Our colleagues’ defence of NSO on appeal has nothing to do with the facts disclosed to us and which form the basis of the lawsuit we brought for worldwide WhatsApp users.
1/31/2026, 3:42:22 PM
by: david_allison
It was my understanding that the backups are unencrypted. Is that still the case?
1/31/2026, 3:09:04 PM
by: oldestofsports
Surprised pikachu face
1/31/2026, 3:38:28 PM
by: timpera
Lots of uninformed conspiratorial comments with zero proof in here, but I'd really like WhatsApp to get their encryption audited by a reliable, independent 3rd party.
1/31/2026, 4:05:07 PM
by: znpy
I always assumed this to be true, to be honest.<p>Nowadays all of the messaging pipeline on my phone is closed source and proprietary, and thus unverifiable at all.<p>The iPhone operating system is closed, the runtime is closed, the whatsapp client is closed, the protocol is closed… hard to believe any claim.<p>And i know that somebody’s gonna bring up the alleged e2e encryption… a client in control of somebody else might just leak the encryption keys from one end of the chat.<p>Closed systems that do not support third party clients that connect through open protocols should ALWAYS be assumed to be insecure.
1/31/2026, 3:23:31 PM
by: jijji
if anybody believes that Facebook would allow people to send a totally encrypted message to somebody, they're out of their mind. they're pretty much in bed with law enforcement at this point. I mean I don't know how many people have been killed in Saudi Arabia this year for writing Facebook messages to each other that were against what the government wanted but it's probably a large number.
1/31/2026, 3:56:13 PM
by: AndrewKemendo
If your personal threat model at this point is not literally:<p>“everything I ever do can be used against me in court”<p>…then you are not up-to-date with the latest state of society<p>Privacy is the most relevant when you are in a position where that information is the difference between your life or your death<p>The average person going through their average day breaks dozens of laws because the world is a Kafkaesque surveillance capitalist society.<p>The amount of information that exists about there average consumer is so unbelievably godly such that any litigator could make an argument against nearly any human on the planet that they are in violation of something if there is enough pressure<p>If you think you’re safe in this society because you “don’t do anything wrong“ then you’re compromised and don’t even realize it
1/31/2026, 3:55:26 PM
by: josefrichter
I am not into conspiracy theories, but I find it very unlikely that our governments can’t read all our messages across platforms.
1/31/2026, 3:31:44 PM
by: alex1138
Zuck didn't buy it in good faith. It wasn't "we'll grow you big by using our resources but be absolutely faithful to the privacy terms you dictate". Evidence: Brian Acton very publically telling people that they (Zuck, possibly Sandberg) reneged<p>Zuck thinks we're "dumb fucks". That's his internet legacy. Copying products, buying them up, wiping out competition
1/31/2026, 4:03:39 PM
by: ralusek
I mean at the very least if their clients can read it then they can at least read it through their clients, right? And if their clients can read it’ll be because of some private key stored on the client device that they must be able to access, so they could always get that. And this is just assuming that they’ve been transparent about how it’s built, they could just have backdoors on their end.
1/31/2026, 2:38:34 PM
by: xvector
What even are these low effort, uninformed conspiratorial comments saturating the comment section?<p>Sure, Meta can obviously read encrypted messages in certain scenarios:<p>- you report a chat (you're just uploading the plaintext)<p>- you turn on their AI bot (inference runs on their GPUs)<p>Otherwise they cannot read anything. The app uses the same encryption protocol as Signal and it's been extensively reverse engineered. Hell, they worked with Moxie's team to get this done (<a href="https://signal.org/blog/whatsapp-complete/" rel="nofollow">https://signal.org/blog/whatsapp-complete/</a>).<p>The burden of proof is on anyone that claims Meta bypassing encryption is "obviously the case."<p>I am really tired of HN devolving into angry uninformed hot takes and quips.
1/31/2026, 3:53:14 PM
by: oncallthrow
This should surprise nobody. Do you really think that the intelligence agencies of the US etc would allow mainstream E2E encryption? Please stop being so naive
1/31/2026, 4:25:05 PM
by: kachapopopow
yes, this is a very known fact that it is not E2EE but Client2Server Encrypted. Otherwise your message history wouldn't work.
1/31/2026, 3:58:12 PM