惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
Apple Machine Learning Research
Apple Machine Learning Research
The Register - Security
The Register - Security
J
Java Code Geeks
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
N
News and Events Feed by Topic
腾讯CDC
P
Proofpoint News Feed
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
爱范儿
爱范儿
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
月光博客
月光博客
Martin Fowler
Martin Fowler
Engineering at Meta
Engineering at Meta
D
Docker
Y
Y Combinator Blog
博客园 - 聂微东
G
Google Developers Blog
S
Security @ Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
S
Schneier on Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
SegmentFault 最新的问题
云风的 BLOG
云风的 BLOG
阮一峰的网络日志
阮一峰的网络日志
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
CERT Recently Published Vulnerability Notes
I
Intezer
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Attack and Defense Labs
Attack and Defense Labs
V
Visual Studio Blog
博客园 - Franky
博客园 - 三生石上(FineUI控件)
W
WeLiveSecurity
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LINUX DO - 最新话题
C
Cybersecurity and Infrastructure Security Agency CISA

Ars Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat Anthropic tested removing Claude Code from the Pro plan Coyote vs. Acme is finally getting released—with a killer trailer Google unveils two new TPUs designed for the "agentic era" Tabloid reports linking 10 missing and dead scientists spur FBI probe Physicists think they've solved the muon mystery New court ruling blocks many of the government's anti-renewable policies Indian med student rakes in thousands with AI-generated MAGA hottie As EV batteries improve, ChargePoint debuts 600 kW fast charger Our favorite gear at Sea Otter Classic wasn't the bikes—it was the accessories Investors lost billions on Trump’s memecoin. Another gala won’t fix that. Pentagon wants $54B for drones, more than most nations’ military budgets Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 Supreme Court arguments make it clear that FCC fines are "nonbinding" Silo S3 teaser hints at the wasteland's origins Framework's CEO on the RAM crisis and creating a "MacBook Pro for Linux users" Florida probes ChatGPT role in mass shooting. OpenAI says bot "not responsible." Report: Meta will train AI agents by tracking employees' mouse, keyboard use Microsoft removes Call of Duty from Game Pass, lowers subscription pricing Framework Laptop 13 Pro is a major overhaul for the modular, upgradeable laptop Framework Laptop 16 upgrades make it look less like an unfinished prototype Internal emails show how Amazon raises prices across the Internet, lawsuit says Anthropic gets $5B investment from Amazon, will use it to buy Amazon chips CATL's new LFP battery can charge from 10 to 98% in less than 7 minutes AMD Ryzen 9 9950X3D2 Dual Edition review: Tons of cache for tons of dollars What's the deal with spacesuits for the Moon? Will they be ready in time? Loneliness in older adults can often lead to memory impairment Contrary to popular superstition, AES 128 is just fine in a post-quantum world Pentagon pulls the plug on one of the military's most troubled space programs John Ternus will replace Tim Cook as Apple CEO Blue Origin's rocket reuse achievement marred by upper stage failure I’ve fired one of America’s most powerful lasers—here’s what a shot day looks like Great white sharks are overheating US-sanctioned currency exchange says $15 million heist done by "unfriendly states" Man with @ihackedthegovernment Instagram account tells judge, “I made a mistake" Trump picks qualified, normal health leader to head CDC; experts still cautious $25,000 buys plenty of used EVs: Here are some options Satellite and drone images reveal big delays in US data center construction Amazon won’t release Fire Sticks that support sideloading anymore Ridley Scott's post-apocalyptic The Dog Stars drops first trailer Artemis II pilot talks about what it was really like to fly and land in Orion Meta's AI spending spree is helping make its Quest headsets more expensive Rocket Report: Starship V3 test-fired; ESA's tentative step toward crew launch Recent advances push Big Tech closer to the Q-Day danger zone After a saga of broken promises, a European rover finally has a ride to Mars Lucasfilm drops The Mandalorian and Grogu final trailer at CinemaCon Intel refreshes non-Ultra Core CPUs with new silicon for the first time OpenAI starts offering a biology-tuned LLM As they got close to the Moon, Artemis II astronauts were eager to land Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure Ad firms settle with Trump FTC over claims they boycotted conservative media New Codex features include the ability to use your computer in the background The Ukraine war's deep impact on Metro 2039’s development, story New undersea cable cutter risks Internet’s backbone Microsoft and Stellantis want to use AI to help car owners Gemini can now create personalized AI images by digging around in Google Photos RFK Jr. forces FDA to reconsider 12 unproven peptides after 2023 ban First look: Also's upcoming e-bike disconnects the pedals and wheels Meet the Quantum Kid The race to Shackleton Crater is on—will Jeff Bezos or China get there first? Florida surgeon charged with killing man after removing liver instead of spleen Jury finds Live Nation/Ticketmaster is illegal monopoly that overcharged fans "TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database Google releases new apps for Windows and MacOS Boston Dynamics’ robot dog now reads gauges and thermometers with Google's AI Prime Video shows “technical difficulties” sign instead of NBA game in overtime New teaser gives us first look at Godzilla Minus Zero Vulcan woes will "absolutely" be a factor in Pentagon's next rocket competition Adobe takes Creative Cloud into Claude Code-esque territory Good Omens S3 trailer sets up a blessed conclusion Bubble watch: Fashion brand Allbirds pivots hard to become AI services company New 3D map of Universe could solve dark energy mystery What’s the deal with Alzheimer’s disease and amyloid? Blue Origin has a new employee stock plan, but not everyone is happy It's Tax Day, and no one knows how to file for prediction market winnings Ukraine’s military robot surge aims to offset drone risks to humans Sony killing features for antenna, set-top box users of Bravia smart TVs in May Americans ask AI for health care. Hospitals think the answer is more chatbots. Shock from Iran war has Trump's vision for US energy dominance flailing The Artemis II mission has ended. Where does NASA go from here? AI models are terrible at betting on soccer—especially xAI Grok Four astronauts are back home after a daring ride around the Moon Californians sue over AI tool that records doctor visits New paper argues history, not mantle plume, powers Yellowstone F1 moves a step closer to fixing its 2026 hybrid problem Report: US demands Reddit unmask ICE critic, summons firm to grand jury Microsoft's "commitment to Windows quality" starts with overhaul of beta program "Oobleck" still holds some surprises YouTube increases Premium price again, says 90-second unskippable ads are a bug Oldest octopus fossil found to not be an octopus What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI Here's what to expect from the fiery, 14-minute return of Artemis II Pro-Iran Explosive Media trolls Trump with AI-generated Lego cartoons Dad stuck in support nightmare after teen lied about age on Discord Rocket Report: Chinese version of Falcon 9 fails; Artemis depends on rapid heavy lift Orion helium leak no threat to Artemis II reentry but will require redesign RFK Jr. rewrites CDC panel's charter, opening door to anti-vaccine quacks AI on the couch: Anthropic gives Claude 20 hours of psychiatry Clinical trial shows gene editing works for β-Thalassaemia, too “Negative” views of Broadcom driving thousands of VMware migrations, rival says
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
Dan Goodin · 2026-05-23 · via Ars Technica

Skip to content

WHATSAPP PRIVACY

Critics note a lack of factual support in lawsuit filed by US Senate candidate.

Credit: Getty Images

The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end encryption (E2EE) it has long claimed.

Since at least 2016, Meta (then named Facebook) has said WhatsApp provides robust end-to-end encryption, meaning that messages are encrypted on a sender’s device with keys that are available only to the receiver’s. By definition, E2EE means that no one else—including the platform itself—can read the plaintext messages.

In sworn testimony before two US Senate committees in 2018, CEO Mark Zuckerberg said Meta does “not see any of the content in WhatsApp; it is fully encrypted” and that “Facebook systems do not see the content of messages being transferred over WhatsApp.” The engine for this E2EE is the Signal protocol, an open source code base that multiple third-party experts have said lives up to its promises.

In a complaint filed Thursday, Texas AG attorneys said Meta’s claims are false and that the company can and does read the unencrypted contents of WhatsApp messages. They said they are filing the action to “prevent WhatsApp and Meta from continuing to willfully deceive [Texans] by misrepresenting that their private communications were just that—private and inaccessible even to WhatsApp and Meta—when, in fact, WhatsApp and Meta have access to all WhatsApp users’ communications in their entirety.”

“The gravity of Meta’s and WhatsApp’s violation of users’ privacy and trust cannot be overstated,” the attorneys wrote. “All users were entitled to believe their communications were private when WhatsApp and Meta unequivocally and repeatedly promised that no one—not even WhatsApp and Meta—can access their messages.”

In an email, Meta called the allegations “baseless” and vowed to fight the lawsuit in court.

He said, she said

The sole factual evidence cited for the claims is an article published last month by Bloomberg. It reported that the US Commerce Department’s Bureau of Industry and Security had abruptly closed an investigation into allegations that Meta could access encrypted WhatsApp messages shortly after one of the department’s agents sent an email outlining the probe’s preliminary findings.

According to Bloomberg, the January 16 email, sent to more than a dozen officials at other agencies, stated, “There is no limit to the type of WhatsApp message that can be viewed by Meta. The misconduct of Meta and its officers, including current and former high-level executives, involve civil and criminal violations that span several federal jurisdictions.”

Thursday’s lawsuit doesn’t indicate that the AG’s office has obtained the email itself or gathered any information from the investigators involved. Instead, it cites only the Bloomberg report for support. The complaint also noted that Meta employees receive plaintext WhatsApp messages that are reported to the company by fellow WhatsApp users. Those messages, however, are taken from the reporting party’s device only after they have been decrypted using the decryption keys available only to the reporting party.

The scarcity of factual support for the claims hasn’t been lost on technologists and encryption experts. They note that a thorough reverse engineering of WhatsApp would almost certainly reveal if it was somehow bypassing the protection provided by the Signal protocol.

A clean bill of health as of 2023

A team of researchers that performed a detailed technical analysis of WhatsApp last year gave the messenger a clean bill of health, finding that it generally works securely and as described by WhatsApp. They found one design flaw that made it possible for a Meta employee with access to the company’s infrastructure to add new members to a group chat without permission or any interaction from existing members. But even in that case, such an addition is fully visible to all other members.

Benjamin Dowling, a senior lecturer in cryptography at King’s College in London and a co-author of the study, said in an email that his team reverse-engineered the WhatsApp cryptographic protocol, meaning the code that makes it work. They found no indication that it was behaving differently from what Meta described. Dowling, however, stressed that the analysis applied only to the WhatsApp client as available in May 2023. Their findings wouldn’t necessarily apply to versions updated since then.

He said the closed source status of WhatsApp makes a definitive assessment of the code impossible. He went on to say that except for the resulting lack of code transparency and the weakness uncovered in group messaging, the Meta messenger nonetheless appeared to provide the same confidentiality promised by the Signal protocol.

Dowling wrote:

Our reverse-engineering of WhatsApp and all the evidence we are aware of points towards WhatsApp providing users with end-to-end encryption for their message contents. While our analysis did find design weaknesses in the protocol, such as a lack of user control over things like group membership, these weaknesses are unlikely to be the basis of the complaint as they would not allow global stealth reading of messages. As it stands, we are not aware of any concrete evidence that WhatsApp has broken their promise of end-to-end encryption. The contents of the complaint do not provide any evidence otherwise.

Three other cryptography experts I interviewed echoed similar doubts.

“The vast majority of this Texas AG lawsuit looks like general dung-throwing in Meta’s direction,” said Kenny Paterson, a researcher at ETH Zurich. “I’m no fan of Meta’s data harvesting practices, but that’s all egregious misdirection on a case that seems to me to be built on a very thin evidence base: essentially, one news article is referenced to support the actual accusation.”

Matthew Green, a professor at Johns Hopkins University, said, “The WhatsApp clients are all available for reverse engineering. For there to be a vulnerability like this, something very bad would have to be happening inside that app.”

Representatives in the Texas AG’s office did not respond to an email asking if its investigators had obtained any evidence laying out definitive evidence beyond the news article. As Texas Attorney General Ken Paxton heads into the final stretch of his US Senate primary runoff against incumbent John Cornyn, it’s tempting to think the lawsuit is an attempt to appeal to voters and appear to be an advocate for the people of his state.

Given Meta’s history of privacy lapses and data grabs, there are plenty of reasons not to install WhatsApp. Unless new evidence comes to light, the allegations in Thursday’s complaint aren’t among them.

Photo of Dan Goodin

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

49 Comments