And just like that, end-to-end encryption vanishes again.
this post was submitted on 25 Jun 2025
136 points (95.3% liked)
Technology
71922 readers
5961 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Seems like a Trojan horse to get users to grant access to their encrypted chats?
Bros got that 9:100 phone
Meta can fuck off. The moment this shit appears I'm going 100% Signal.
Why not do it now?
Everyone has whatsapp and not signal is pretty much the gist of it
I'm already on Signal but nobody else is.
My family uses it, work uses it, Microsoft 2FA uses it. It's a hassle to try to change what other people use.
A few years ago, I switched from WhatsApp to Signal. I told all my important contacts and groups that I'd delete WhatsApp at the end of the month and that they can either reach me on signal or using SMS from there on. This was enough time to answer peoples questions and convince many people to install Signal too. My family now uses it, most of my friends do, and while all of them kept WhatsApp back then, they now use Signal to message each other. So it is possible to make the switch and take lots of people with you.
Can't you switch MS 2FA to use text or their authenticator?
There's no phone signal where I work and I'd rather not use their app if possible.
I blocked Microsoft in WhatsApp and they reverted back to sending SMS messages. However, this won't help if you (like me) I refuse to install Microsoft apps on your phone.
Why wait? Why not switch now?
In other words, meta is harvesting your WhatsApp data, and gives you a (potentially inaccurate) summary in exchange for feeding their LLMs.
I think another blog mentioned that you have to enable it yourself first and then press the AI button to send it to be processing. If that's the case then it's not that bad
Until they change their ToS (without telling you) and enable it by default (and hide the controls that let you decline).
They've always harvested your data but they haven't done the actual contents of the message
I'm interested in how they've allegedly achieved this working without anyone but you having access to the unencrypted messages.
Don't get me wrong, I want none of this shit in a messaging app, but I'm at least interested in how that is supposed to work.
From what I gather the texts are encrypted and sent to their LLMs that process it with some mechanism to verify the code being run in the cloud to process the texts is one that the WhatsApp app agreed to.
But they could just as well start siphoning the data after changing that code. Everyone will be able to see the cloud code changed if/when tbat happens but I don't think there's a way to differentiate that from a regular update.
Don't think theyve opensourced any of this
Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.
Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don't really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.
They use GPU based enclaves. They have a white paper available. I just seemed it but they mention AMD and NVIDIA enclaves.
They might publish components of it enough to verify that the processing code is not emitting any data but as others said - it could've been done locally on the phone
It could run entirely on-device.
According to Meta it runs on their private servers
it’s surprising this feature is opt-in. either way, fuck meta.
I think they're still testing it and testing the waters with this. Probably opt-out later on
Would be a good feature if it works and is private.
I'm in multiple group chats and often open WhatsApp to see 800 unread messages in a single chat. I don't want to read through all of that, but I do want to know a high level overview, so I can see if it's something I actually want to scroll back to and have a proper read.
However, I've seen multiple AI summaries missing out important stuff, so that's almost certainly going to be an issue here too.
I also want it to be completely private. They say it is, but who knows? The fact it's not on-device is a bit of a red flag to me.
LOL
Hey Meta AI, can you summarize that for me?
ShaggySnacks had a good laugh
Did anyone ask for this, it's a messaging app
probably the owner of the pictured ~~sword~~ phone
And with that, room for misinterpretation.
Yes!!! Keep enshittifying! Yes! nods menacingly
This sounds like it might be useful for some people who get lots of messages, like businesses at least, but I just don’t trust Meta.
Also, I wouldn't trust a hallucinating LLM with my business messages honestly.