Ah, damn, reconsidered my territory choice and wanted to switch to ~privacy but it's more expensive to post there
/cc @davidw fyi lol
WhatsApp has end-to-end encryption, promising privacy to users.However, it becomes useless if backups to Google Drive are unencrypted. Our supposedly private data goes to the control of Google.No problem, I can disable the backup. But, what about all the people I talk to? Google still holds most of my conversations, unencrypted.This seems to be a useless/tricking/lying design, done in purpose to ensure they keep control of the users. (and keep in mind that Whatsapp reminds me MANY times to enable the Backup)I understand that as soon as I send a message to another person, they can take screenshots, show to other people, etc. I understand that risk. However, not encrypting backups just makes it way easier for the messages to be even more exposed.Question is - I'm sure WhatsApp could encrypt backups to Google if they wanted (e.g. require a passphrase to users, or at least have that option and recommend users to use it). Why does WhatsApp not do that?
I did not verify if this is still the case (or ever was indeed the case) but back when I still used WhatsApp, I think I once saw the "information" (should have been a warning!) that the backups (that were enabled by default iirc) are not encrypted by default -- but I can set a password to enable encryption.
I can see how WhatsApp (or did Facebook already own WA at that point?) thought it's easier to roll out backups without encryption.
But don't call your app E2EE then. That's essentially a backdoor. Rolling out unencrypted backups and still pretending that your app is E2EE is a huge red flag.