Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol

(citizenlab.ca)

157 points lladnar | 1 comments | 16 Oct 24 20:06 UTC | HN request time: 0.583s | source

Show context

est ◴[17 Oct 24 01:24 UTC] No.41865556[source]▶

Chinese apps don't need encryption but pretends to, the government had direct access to all clear-text data. If you can't comply your business would be fucked one way or another.

Security researchers need to stop beating the dead horse. The encryption mechanism is mostly used for compliance or certification. In fact many corp-intranet middleboxes can decrypt wechat communications, it's not a bug, it's a feature.

IRL people just treat wechat as somekind of Discord with payment options. If you say something slightly wrong your account would instantly get into trouble. Just assume your wechat chat records are public one way or another.

replies(3): >>41865655 #>>41866400 #>>41870896 #

CGamesPlay ◴[17 Oct 24 01:43 UTC] No.41865655[source]▶

>>41865556 #

Just to be clear, encryption to hide from broad government surveillance is one valid use for encryption (which WeChat doesn't have), but it is far from the only reason for encrypted communications. Common theives, abusive exes, or overbearing employers are a few others that immediately come to mind.

replies(1): >>41865712 #

1. est ◴[17 Oct 24 01:54 UTC] No.41865712[source]▶

>>41865655 #

> Common theives, abusive exes, or overbearing employers

as I commented on other thread, they don't even bother with network protocols.

They just mandate install spyware on your end devices. So E2EE won't help here.

Chinese Android ROMs are notorious for this. Even the phone manufacturers are collecting data

replies(1): >>41866221 #

↑