> with "business account", which are another way to say "e2e you->meta and then meta relays
actually its a nominated end point, and then from there its up to the business. It works out better for meta, because they aren't liable for the content if something goes wrong. (ie a secret is leaked, or PII gets out.) Great for GDPR because as they aren't acting as processor of PII they are less likley to be taken to court.
Whatsapp has about the same level of practical "privacy" (encryption is a loaded word here) as iMessage. The difference is, there are many more easy ways to report nasty content in whatsapp, which reported ~1 million cases of CSAM a year vs apples' 267. (not 200k, just 267. Thats the whole of apple. https://www.missingkids.org/content/dam/missingkids/pdfs/202...)
Getting the content of normal messages is pretty hard, getting the content of a link, much easier.
iMessage is not on the same playing field as Whatsapp and Signal. Apple has full control over key distribution and virtually no one verifies Apple isn't acting as a MitM. Whatsapp and e2e encrypted messenger force you to handle securely linking multiple devices to your account and gives you the option to verify that Meta isn't providing bogus public keys to break the e2e encryption.
For iMessage, Apple can just add a fake iDevice to your account and now iMessage will happily encrypt everything to that new key as well and there's zero practical visibility to the user. If it was a targeted attack and not blanket surveillance then there's no way the target is going to notice. You can open up the keychain app and check for yourself but unless you regularly do this and compare the keys between all your Apple products you can't be sure. I don't even know how to do that on iPhone.
never thought about using csam image hash alerts as a measure of platform data leaks (and popularity as i doubt bots will be sharing them). that's very smart.
and show that fb eclipse everyone by a insane margin it's scary!
about your point on business accounts, the documents i reviewed included dialog tree bots managed by meta. not sure if not having that change things... but in that case it was spelled out that meta is the recipient
Its more a UX/org thing. In iMessage how do you report a problematic message? you can't easily do it.
In whatsapp, the report button is on the same menu that you use to reply/hide/pin/react.
Once you do that, it sends the offending message to meta, unencrypted. To me, that seems like a reasonable choice. Even if you have "proper" e2ee, it would still allow rooting out of nasty/illegal shit. those reports are from real people, rather than automated CSAM hashing on encrpyted messages. (although I suspect there is some tracking before and after.)
Its the same with instagram/facebook. The report button is right there. I don't agree with FB on many things, but this one I think they've made the right choice.
actually its a nominated end point, and then from there its up to the business. It works out better for meta, because they aren't liable for the content if something goes wrong. (ie a secret is leaked, or PII gets out.) Great for GDPR because as they aren't acting as processor of PII they are less likley to be taken to court.
Whatsapp has about the same level of practical "privacy" (encryption is a loaded word here) as iMessage. The difference is, there are many more easy ways to report nasty content in whatsapp, which reported ~1 million cases of CSAM a year vs apples' 267. (not 200k, just 267. Thats the whole of apple. https://www.missingkids.org/content/dam/missingkids/pdfs/202...)
Getting the content of normal messages is pretty hard, getting the content of a link, much easier.
Its not signal, but then its never meant to be.