WhatsApp just downloaded 12k photos of other people's information on my phone
old.reddit.comI have always been a bit dubious about e2e encryption on whatsapp especially seeing how the forward message feature work.
Example: upload a few minutes long video to a whatsapp contact, depending on your phone connection it can take up to a few minutes. Then forward it to other contacts or group and it is done instantaneously. For the videos and images to be sent and retrieved instantaneously by my contacts when forwarded while I am using a crappy connection it means they are retrieved from some whatsapp servers which means there is at least some kind of man in the middle proxy-cache stuff involved.
I certainly cannot do the same on other apps I have used doing e2e encryption. On deltachat, atox, jami I have to send back again the data. While inconvenient when using a bad connection I am willing to get the tradeoff to have no mitm on any server. Anyone can share if there is a similar forwarding function on Signal?
As much as I like to shit on FB and only use FB products when needs must, you can still have data uploaded to a 3rd party and still have it securely encrypted so only your intended receptants can read it.
For example: Alice wants to send Bob and Claire a encrypted video. Alice encrypts it with a random key and uploads that video to FB's servers, at that moment (given the understanding that encryption is still uncrackable without throwing billions of cores at the problem) only Alice can decrypt that video hosted on those servers.
Alice then takes the link and the key and encrypts that message with Bob's public key and again with Claires public key, Alice then sends the messages to Bob and Claire (Ideally Alice and Bob / Alice and Claire would use a key exchange algorithm to create a ephemeral session key which would then be used to encrypt the key for the video). The message containing the key being sent to Bob and Claire is a lot smaller than the video itself, so it can be sent alot quicker/reliably over the crappy connection. It also removes the need to send the large file to each of the receptants (data transmitted = size of video * number of receptants) as you only need upload it once.
Bob and Claire can now each decrypt the message they got from Alice, get the link and the key, download the video, decrypt the video and play it. To whoever it was caching the video data, its just random data.
If throwing processing time at the problem is the attack vector then you can "just" listen in and record the wire as the data is being transmitted even if its a P2P conenction because its very likely that the data you are transmitting is going to get passed along some hops on its way to the receptant no matter which platform you use. If the attack vector is the messaging platform adding their own keys to the encrypted files, then they are in a position where everything is busted wide open anyways so it comes down to trust of that platform.
I'm not saying FB/WhatsApp are trustworty or not. I personally don't like using their services but people I know IRL do use their services which means if I want to take part in those converstations then I have to too.
EDIT: HOWEVER (this thought only popped in my head after hitting post) this does lead to some information leakage, Even though the message platform can not decode the video, they would be in a position to know if Bob or Claire accessed the video if they also control the caching platform used.
Yeah well, you could just read some of the many docs describing how whatsapp works?
Forwarding media works because it’s just a small blob with a url to the encrypted file and the decryption key.
These things are super well understood, hundreds of independent parties have studied how whatsapp works.
see for example: https://github.com/ddz/whatsapp-media-decrypt
The files that the reddit user apparently got are not coming from whatsapp server they come from google/apple cloud backup according to the infos shared.
See other comments on how forwarding works.
If I were designing the tech, and people used it to forward videos and images to thousands of people, I wouldn't want to have thousands of copies of the file on my server, all locked behind different encryption keys.
Technically it's possible that: my client encrypts the file with locally generated key A and uploads it to WhatsApp's server. The server returns a URL. My client takes key A, and sends it to Bob along with the URL, and this message is encrypted with Bob's public key.
When I want to send the same file to Charlie, or Bob wants to send it to Dominic, my or Bob's client just needs the URL, and the key A...
> Someone seriously fucked up on META's side or Google.
On a tangential note, I find it super cringeworthy how quickly people fell for Facebook‘s rebranding and stopped calling it Facebook.
For me it’s Facebook with all it‘s negative connotations, not Meta.
Why should I believe them?(OP)
Someone mentioned on the reddit thread that after 200+ comments noone actually questioned if the story is true.
On HN, there is one comment, and it does question if it's true. GOOD!
I am curious if it's real or not. My bet is it's not. It's easy to screw up some downloading logic with overflows, one-off errors etc, but since WA is E2E encrypted, it would need a lot more "accident" in code to make this possible.
But this is about backups and the fact that this guy bought a new phone and started a data restore for Whatsapp from GoogleDrive, what if something is wrong there, maybe the backups are not even encrypted, even though everyone thinks they are.
WhatsApp does claim that Google Drive/iCloud backups are encrypted by default. [1]
> ... With end-to-end encrypted backup, you can also add that same layer of protection to your backup on iCloud or Google Drive.
[1]: https://faq.whatsapp.com/general/chats/about-end-to-end-encr...
My comment here: https://news.ycombinator.com/item?id=29838746
My first suspicion would be, "Define new". OP and you could be working on 2 different definitions of that word.
A second redditor has reported the same behaviour, although it's in the same (seemingly inappropriate) subreddit and was posted 4 hours later so it may just be a copycat:
https://old.reddit.com/r/NoStupidQuestions/comments/ry0cnr/d...
https://web.archive.org/web/20220107101132/https://old.reddi...
Edit: The thread has now been deleted, so both reddit threads about this issue are deleted.
I went to OP's account, he replied inside the thread: https://www.reddit.com/r/NoStupidQuestions/comments/rxtl22/w...
TL; DR: photos were from a loaner phone that was never wiped that OP backed up, and then restored onto his new phone.
This made me think about the case of mobile network operators recycling phone numbers. How does WhatsApp handle that? What about Telegram which isn’t e2e encrypted and stores everything on their servers by default?
There are operators recycling numbers after less than a year of inactivity/zero balance on pre paid SIMs.
You can enable two-step verification to "lock" your number. But yeah, using phone number as your platform ID is a very bad thing (security and privacy wise). https://faq.whatsapp.com/general/verification/about-two-step...
Telegram by default deletes all data after 6 months of inactivity. You can also set a password and configure two-step verification.
There is no way to confirm this claim so its as good/bad as whatever all the other providers say. Personally I think they are more likely to actually care and delete the stuff properly because they have no use for it and it costs them serious money to keep storing it. But that's just a opinion.
https://old.reddit.com/r/NoStupidQuestions/comments/rxtl22/w...
OP followed up with:
>I actually realized what happened and I didn't want to keep it up and misinform other users or cause more damage to Google or Whatsapp.
>So what happened is I actually used a temporary phone given to me by a repair service prior to buying this phone, due to mine being repaired by said service. The service was handing that phone to anyone who needed one while their phone was in service, like I did and thus was used by dozens of people in the past years, and so had thousands of photos on it. When I used it, whatsapp backed all that data into my drive. So... When I bought a new phone, and restored the backup to it, what essentially happened was all that data from the service phone was transfered onto the new one. That's how I ended up with loads of random people's data.
>So in fact the fault was the fact that the service wasn't deleting data on the phone before handing it over to other clients.
Beyond this particular case, it happened something similar to me and other people i know (using burner chips, mainly); after a while of not paying the bill/adding credit to your line, the companies here cut the service and repurpose the number to sell again to a new person. This process, though, does not disable WhatsApp nor its backups if you already had a session open, so when you download WhatsApp to create your account with your "brand new" number, it instead logins to the account created before.
Then, it autodownloads all the data, keep chatting with their contacts, and everything you would normally do when you migrate an existing account to a new phone.
I fathom this is responsibility of the telcos that reuse the numbers, but it seems is already an established practice and apparently there is no procedure to disclose to most common services that the number is dead.
I thought something like that was going on, and even more reasons to move on from SMS/phone auth.
Screenshot/OP was deleted :-/
How new is "new phone"? Maybe OP bought a second hand phone, and all these images have been left behind in the "Whatsapp Images" directory. Especially if it's pictures of local people, I would guess someone local sold this phone to the store and it didn't get wiped properly.
I've actually bought a new phone once and it had someone's list of phone numbers. It still looked pretty new, so I guess someone bought it, used it for a week or two and returned it. I was just annoyed at the scummy seller...
OP most likely realized their mistake and deleted the thread instead of owning up to it.
The thread was deleted by the OP, not removed by moderators (reddit visibly differentiates between the two)
OP replied in the comments why he deleted it: https://www.reddit.com/r/NoStupidQuestions/comments/rxtl22/w...
TL;DR: he's an idiot.
A bit longer: OP went to a shop to get his phone repaired. Shop gave him a loaner phone, which had been used by many many people and apparently never wiped. OP set up Google backup on that phone and those photos got uploaded onto his WhatsApp backup. OP got a new phone, set up WhatsApp, and WhatsApp downloaded the pics from the loaner phone onto his.
Yeah, WhatsApp isn’t to blame for this.