Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol

I personally am not very interested in this research. WeChat is well known not to use end-to-end encryption. Considering that the app is unlikely to adopt end-to-end encryption (likely due to censorship being a business requirement, which was mentioned in the article and previously uncovered by this lab), I don't really feel like I care a whole lot between good non-end-to-end encryption and bad non-end-to-end encryption. Parties that are interested in subverting this kind of encryption, such as governments, likely already collaborate Tencent to get decrypted messages from the source.

> I don't really feel like I care a whole lot between good non-end-to-end encryption and bad non-end-to-end encryption.

That's the difference between "you have to trust WeChat" and "anyone can read your chats". Of course you may not personally be interested because you don't personally use WeChat, but for the billion active users who do, I think it should matter.

Where did you see that "anyone can read your chats" in this article? Indeed near the beginning of the article in the fourth bullet point the author states "we were unable to develop an attack to completely defeat WeChat’s encryption" right there. The only parties who are interested in expending more effort to break this kind of encryption are just governments, who can simply force Tencent to give up plaintext records.