惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Exploit Database - CXSecurity.com
N
News and Events Feed by Topic
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
V
V2EX
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
小众软件
小众软件
A
Arctic Wolf
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
G
GRAHAM CLULEY
罗磊的独立博客
T
Tor Project blog
C
Cisco Blogs
美团技术团队
博客园 - Franky
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
Cyberwarzone
Cyberwarzone
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
有赞技术团队
有赞技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Latest
Security Latest
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
Spread Privacy
Spread Privacy
J
Java Code Geeks
C
CERT Recently Published Vulnerability Notes
大猫的无限游戏
大猫的无限游戏
S
Securelist
The Cloudflare Blog
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
阮一峰的网络日志
阮一峰的网络日志
雷峰网
雷峰网
Project Zero
Project Zero

Ars Technica - All content

Pentagon wants $54B for drones, more than most nations’ military budgets Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 Supreme Court arguments make it clear that FCC fines are "nonbinding" Silo S3 teaser hints at the wasteland's origins Framework's CEO on the RAM crisis and creating a "MacBook Pro for Linux users" Florida probes ChatGPT role in mass shooting. OpenAI says bot "not responsible." Report: Meta will train AI agents by tracking employees' mouse, keyboard use Microsoft removes Call of Duty from Game Pass, lowers subscription pricing Framework Laptop 13 Pro is a major overhaul for the modular, upgradeable laptop Framework Laptop 16 upgrades make it look less like an unfinished prototype Internal emails show how Amazon raises prices across the Internet, lawsuit says Anthropic gets $5B investment from Amazon, will use it to buy Amazon chips CATL's new LFP battery can charge from 10 to 98% in less than 7 minutes AMD Ryzen 9 9950X3D2 Dual Edition review: Tons of cache for tons of dollars What's the deal with spacesuits for the Moon? Will they be ready in time? Loneliness in older adults can often lead to memory impairment Contrary to popular superstition, AES 128 is just fine in a post-quantum world Pentagon pulls the plug on one of the military's most troubled space programs John Ternus will replace Tim Cook as Apple CEO Blue Origin's rocket reuse achievement marred by upper stage failure I’ve fired one of America’s most powerful lasers—here’s what a shot day looks like Great white sharks are overheating US-sanctioned currency exchange says $15 million heist done by "unfriendly states" Man with @ihackedthegovernment Instagram account tells judge, “I made a mistake" Trump picks qualified, normal health leader to head CDC; experts still cautious $25,000 buys plenty of used EVs: Here are some options Satellite and drone images reveal big delays in US data center construction Amazon won’t release Fire Sticks that support sideloading anymore Ridley Scott's post-apocalyptic The Dog Stars drops first trailer Artemis II pilot talks about what it was really like to fly and land in Orion Meta's AI spending spree is helping make its Quest headsets more expensive Rocket Report: Starship V3 test-fired; ESA's tentative step toward crew launch Recent advances push Big Tech closer to the Q-Day danger zone After a saga of broken promises, a European rover finally has a ride to Mars Lucasfilm drops The Mandalorian and Grogu final trailer at CinemaCon Intel refreshes non-Ultra Core CPUs with new silicon for the first time OpenAI starts offering a biology-tuned LLM As they got close to the Moon, Artemis II astronauts were eager to land Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure Ad firms settle with Trump FTC over claims they boycotted conservative media New Codex features include the ability to use your computer in the background The Ukraine war's deep impact on Metro 2039’s development, story New undersea cable cutter risks Internet’s backbone Microsoft and Stellantis want to use AI to help car owners Gemini can now create personalized AI images by digging around in Google Photos RFK Jr. forces FDA to reconsider 12 unproven peptides after 2023 ban First look: Also's upcoming e-bike disconnects the pedals and wheels Meet the Quantum Kid The race to Shackleton Crater is on—will Jeff Bezos or China get there first? Florida surgeon charged with killing man after removing liver instead of spleen Jury finds Live Nation/Ticketmaster is illegal monopoly that overcharged fans "TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database Google releases new apps for Windows and MacOS Boston Dynamics’ robot dog now reads gauges and thermometers with Google's AI Prime Video shows “technical difficulties” sign instead of NBA game in overtime New teaser gives us first look at Godzilla Minus Zero Vulcan woes will "absolutely" be a factor in Pentagon's next rocket competition Adobe takes Creative Cloud into Claude Code-esque territory Good Omens S3 trailer sets up a blessed conclusion Bubble watch: Fashion brand Allbirds pivots hard to become AI services company New 3D map of Universe could solve dark energy mystery What’s the deal with Alzheimer’s disease and amyloid? Blue Origin has a new employee stock plan, but not everyone is happy It's Tax Day, and no one knows how to file for prediction market winnings Ukraine’s military robot surge aims to offset drone risks to humans Sony killing features for antenna, set-top box users of Bravia smart TVs in May Americans ask AI for health care. Hospitals think the answer is more chatbots. NASA chose the right crew to launch a new era of human space exploration Google will begin punishing sites for back button hijacking in June Retro Rewind re-creates the glorious drudgery of working a '90s video store Google shoehorned Rust into Pixel 10 modem to make legacy code safer NZXT agrees to let customers keep their rental PCs in class-action settlement Your tech support company runs scams. Stop—or disguise with more fraud? Sunrise on the Reaping teaser brings us a Second Quarter Quell IBM folds to Trump anti-DEI push, admits no misconduct but pays $17M penalty Slate Auto raises $650 million as production gets closer and closer Meta spins up AI version of Mark Zuckerberg to engage with employees To teach in the time of ChatGPT is to know pain Shock from Iran war has Trump's vision for US energy dominance flailing The Artemis II mission has ended. Where does NASA go from here? AI models are terrible at betting on soccer—especially xAI Grok Four astronauts are back home after a daring ride around the Moon Californians sue over AI tool that records doctor visits New paper argues history, not mantle plume, powers Yellowstone F1 moves a step closer to fixing its 2026 hybrid problem Report: US demands Reddit unmask ICE critic, summons firm to grand jury Microsoft's "commitment to Windows quality" starts with overhaul of beta program "Oobleck" still holds some surprises YouTube increases Premium price again, says 90-second unskippable ads are a bug Oldest octopus fossil found to not be an octopus What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI Here's what to expect from the fiery, 14-minute return of Artemis II Pro-Iran Explosive Media trolls Trump with AI-generated Lego cartoons Dad stuck in support nightmare after teen lied about age on Discord Rocket Report: Chinese version of Falcon 9 fails; Artemis depends on rapid heavy lift Orion helium leak no threat to Artemis II reentry but will require redesign RFK Jr. rewrites CDC panel's charter, opening door to anti-vaccine quacks AI on the couch: Anthropic gives Claude 20 hours of psychiatry Clinical trial shows gene editing works for β-Thalassaemia, too “Negative” views of Broadcom driving thousands of VMware migrations, rival says
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
Dan Goodin · 2026-05-23 · via Ars Technica - All content

Skip to content

WHATSAPP PRIVACY

Critics note a lack of factual support in lawsuit filed by US Senate candidate.

Credit: Getty Images

The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end encryption (E2EE) it has long claimed.

Since at least 2016, Meta (then named Facebook) has said WhatsApp provides robust end-to-end encryption, meaning that messages are encrypted on a sender’s device with keys that are available only to the receiver’s. By definition, E2EE means that no one else—including the platform itself—can read the plaintext messages.

In sworn testimony before two US Senate committees in 2018, CEO Mark Zuckerberg said Meta does “not see any of the content in WhatsApp; it is fully encrypted” and that “Facebook systems do not see the content of messages being transferred over WhatsApp.” The engine for this E2EE is the Signal protocol, an open source code base that multiple third-party experts have said lives up to its promises.

In a complaint filed Thursday, Texas AG attorneys said Meta’s claims are false and that the company can and does read the unencrypted contents of WhatsApp messages. They said they are filing the action to “prevent WhatsApp and Meta from continuing to willfully deceive [Texans] by misrepresenting that their private communications were just that—private and inaccessible even to WhatsApp and Meta—when, in fact, WhatsApp and Meta have access to all WhatsApp users’ communications in their entirety.”

“The gravity of Meta’s and WhatsApp’s violation of users’ privacy and trust cannot be overstated,” the attorneys wrote. “All users were entitled to believe their communications were private when WhatsApp and Meta unequivocally and repeatedly promised that no one—not even WhatsApp and Meta—can access their messages.”

In an email, Meta called the allegations “baseless” and vowed to fight the lawsuit in court.

He said, she said

The sole factual evidence cited for the claims is an article published last month by Bloomberg. It reported that the US Commerce Department’s Bureau of Industry and Security had abruptly closed an investigation into allegations that Meta could access encrypted WhatsApp messages shortly after one of the department’s agents sent an email outlining the probe’s preliminary findings.

According to Bloomberg, the January 16 email, sent to more than a dozen officials at other agencies, stated, “There is no limit to the type of WhatsApp message that can be viewed by Meta. The misconduct of Meta and its officers, including current and former high-level executives, involve civil and criminal violations that span several federal jurisdictions.”

Thursday’s lawsuit doesn’t indicate that the AG’s office has obtained the email itself or gathered any information from the investigators involved. Instead, it cites only the Bloomberg report for support. The complaint also noted that Meta employees receive plaintext WhatsApp messages that are reported to the company by fellow WhatsApp users. Those messages, however, are taken from the reporting party’s device only after they have been decrypted using the decryption keys available only to the reporting party.

The scarcity of factual support for the claims hasn’t been lost on technologists and encryption experts. They note that a thorough reverse engineering of WhatsApp would almost certainly reveal if it was somehow bypassing the protection provided by the Signal protocol.

A clean bill of health as of 2023

A team of researchers that performed a detailed technical analysis of WhatsApp last year gave the messenger a clean bill of health, finding that it generally works securely and as described by WhatsApp. They found one design flaw that made it possible for a Meta employee with access to the company’s infrastructure to add new members to a group chat without permission or any interaction from existing members. But even in that case, such an addition is fully visible to all other members.

Benjamin Dowling, a senior lecturer in cryptography at King’s College in London and a co-author of the study, said in an email that his team reverse-engineered the WhatsApp cryptographic protocol, meaning the code that makes it work. They found no indication that it was behaving differently from what Meta described. Dowling, however, stressed that the analysis applied only to the WhatsApp client as available in May 2023. Their findings wouldn’t necessarily apply to versions updated since then.

He said the closed source status of WhatsApp makes a definitive assessment of the code impossible. He went on to say that except for the resulting lack of code transparency and the weakness uncovered in group messaging, the Meta messenger nonetheless appeared to provide the same confidentiality promised by the Signal protocol.

Dowling wrote:

Our reverse-engineering of WhatsApp and all the evidence we are aware of points towards WhatsApp providing users with end-to-end encryption for their message contents. While our analysis did find design weaknesses in the protocol, such as a lack of user control over things like group membership, these weaknesses are unlikely to be the basis of the complaint as they would not allow global stealth reading of messages. As it stands, we are not aware of any concrete evidence that WhatsApp has broken their promise of end-to-end encryption. The contents of the complaint do not provide any evidence otherwise.

Three other cryptography experts I interviewed echoed similar doubts.

“The vast majority of this Texas AG lawsuit looks like general dung-throwing in Meta’s direction,” said Kenny Paterson, a researcher at ETH Zurich. “I’m no fan of Meta’s data harvesting practices, but that’s all egregious misdirection on a case that seems to me to be built on a very thin evidence base: essentially, one news article is referenced to support the actual accusation.”

Matthew Green, a professor at Johns Hopkins University, said, “The WhatsApp clients are all available for reverse engineering. For there to be a vulnerability like this, something very bad would have to be happening inside that app.”

Representatives in the Texas AG’s office did not respond to an email asking if its investigators had obtained any evidence laying out definitive evidence beyond the news article. As Texas Attorney General Ken Paxton heads into the final stretch of his US Senate primary runoff against incumbent John Cornyn, it’s tempting to think the lawsuit is an attempt to appeal to voters and appear to be an advocate for the people of his state.

Given Meta’s history of privacy lapses and data grabs, there are plenty of reasons not to install WhatsApp. Unless new evidence comes to light, the allegations in Thursday’s complaint aren’t among them.

Photo of Dan Goodin

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

49 Comments