←back to thread

Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol

(citizenlab.ca)
157 points lladnar | 1 comments | 16 Oct 24 20:06 UTC | HN request time: 0.203s | source
Show context
est ◴[17 Oct 24 01:24 UTC] No.41865556[source]
Chinese apps don't need encryption but pretends to, the government had direct access to all clear-text data. If you can't comply your business would be fucked one way or another.

Security researchers need to stop beating the dead horse. The encryption mechanism is mostly used for compliance or certification. In fact many corp-intranet middleboxes can decrypt wechat communications, it's not a bug, it's a feature.

IRL people just treat wechat as somekind of Discord with payment options. If you say something slightly wrong your account would instantly get into trouble. Just assume your wechat chat records are public one way or another.

replies(3): >>41865655 #>>41866400 #>>41870896 #
1. Beretta_Vexee ◴[17 Oct 24 16:01 UTC] No.41870896[source]
Cryptography has one function: to protect Chinese users from malicious Chinese ISPs. As for DNS over HTTPS, which they use in the majority of their apps to avoid hijacking by traffickers, ads, etc., the cryptography has one function: to protect Chinese users from bad Chinese ISPs and their lying DNS.