texas sued meta and whatsapp for deceptive advertising about the app's encryption. attorney general ken paxton claims the company misled users into believing only the sender and recipient read messages, citing internal whistleblower reports and allegations of employee access. meta denies it and says whatsapp cannot read encrypted messages.
i don't know which side is telling the truth. the lawsuit is just beginning and will probably take years to reach any conclusion. i'm just here telling you what's happening.
Context on the lawsuit
this action is part of a series of recent lawsuits from ken paxton's office against tech companies. before this there were actions against netflix and a settlement with lg. now it's meta's turn.
what texas is asking for are measures to prevent access to texan users' communications without consent, plus financial penalties. only time will tell how this turns out.
What we already knew
i'm not an encryption expert, but i've always kept my feet on the ground when i see a tech company promising absolute privacy.
whatsapp's automatic backups to google drive or icloud are not end-to-end encrypted by whatsapp itself. if you left backup enabled, google or apple has access to the content. this isn't a conspiracy theory, it's written in the app's own documentation.
furthermore, metadata (who sent, when they sent, to whom, from which ip, which device) is not protected by the same encryption as the content. and metadata alone already tells a lot of stories.
The problem of trusting a black box
whatsapp is closed source. nobody outside of meta can open the app and verify if the encryption works exactly as the marketing slides say. when the code is closed, the only evidence available is what the company chooses to disclose. independent auditing simply doesn't exist.
that's why projects like signal exist. signal is open source, anyone can look at the code, verify the implementation and report flaws. whatsapp doesn't allow that. so when meta says "nobody can read your messages", we have two options: either believe it, because there's no way to check, or stay in doubt, because there's also no way to check. closed code doesn't prove guilt, but it doesn't prove innocence either.
to me, that's already reason enough not to treat any closed app as a digital safe. it's not paranoia, it's just understanding how software works.
Data became gold
even if meta is telling the truth about the encryption, if the data is there, someone will eventually want it. whether through a judicial warrant, a security breach, or a silent change in the terms of service. the interest exists, and it's enormous.
that's why this texas lawsuit isn't just about an app. it's about how much we can still trust private platforms to store things that should be ours alone. and the answer, it seems, is increasingly "it depends".
What now?
the lawsuit will run its course, more documents and testimonies will probably come out, but court cases are slow. in a few months we'll know a bit more. or not.
i use signal for things that really need to be private. i use whatsapp because everyone uses it and it's more practical. everyone chooses their own level of paranoia.
if you want to read the official court document, it's here. it's legal text so don't expect light reading, but if you have patience you can get the main points.
in the end, the privacy debate around whatsapp got another chapter. who's going to win this fight, only time will tell (´。• ᵕ •。`)