You are reading a single comment by @Greenbank and its replies.
Click here to read the full conversation.
-
Not quite.
When you use WhatsApp Web it treats the WhatsApp Web client as a new contact of yours, and so it (the browser) creates a new public/private key pair for that contact and then requests all messages be resent from your mobile to this new contact E2E encrypted so it has access to the messages.
Theoretically only E2E encrypted message data should be sent between client and browser (plus over TLS for extra safety), with the private key having never left the browser, but clever people have analysed it and worked out that things are somehow retrievable from just the HTTPS data sent back and forth.
Greenbank
cyclotron3k
So the whatsapp mobile app will decrypt messages and send them to whatsapp web in paintext (albeit over TLS)?
Didn't know that :/