Meta Just Made WhatsApp More "Helpful"

Good morning. Tea. Opened WhatsApp.

It looked slightly different. My Community tab was gone, and there was something new: a “Meta AI” tab. Interesting. Meta is rolling this out gradually, so you may not have it yet, but you will. I also saw a new settings page under Chat settings: “Private Processing”

For most, it reads like a cool feature — Meta is being more helpful by summarizing messages, helping you reply, and more, all without reading your messages, using their Trusted Execution Environment (TEE). Sounds great.

But read it again slowly. An AI that helps with your messages without reading them leaves only two possibilities:

First, the model runs locally. However, this is not the case, current models are not running at this level of capability on consumer devices at scale, and moreover Meta described their TEE will process your messages.

So the second option, messages are decrypted on the device before Meta AI can work on them. They are then sent to Meta-controlled infrastructure (TEE) for processing. That means the moment you use Meta AI, your message leaves the end-to-end encrypted path and is decrypted for processing. Also, Meta gets a copy of each of those messages so that it can "help" you.

According to Meta, their Trusted Execution Environment (TEE) ensures, no one — not even Meta, can read your decrypted messages. But before taking that at face value, some history.

A Bit of History

Back in 2022, we wrote on the mesibo blog that WhatsApp’s end-to-end encryption has a fundamental flaw, not in the algorithm, but who sits in the trust path.

Alice giving her public key to Bob has a completely different trust model compared to Eve giving Alice’s public key to Bob.

In most messaging systems, including WhatsApp, key discovery and session setup depend on server-controlled infrastructure. Even if messages remain end-to-end encrypted, the system still relies on a centralized authority to distribute and rotate public keys. That introduces a structural trust dependency on the platform.

At mesibo, we took the platform out of the equation entirely. Peer-to-peer key exchange. No server in the trust path. Optional out-of-band key exchange. The idea is simple: if the platform is not involved in establishing trust, it cannot alter it later. There is no server-side substitution path to exploit.

We pointed this out in 2022. WhatsApp did nothing. And when we posted about it on the Signal subreddit? Removed. Funny how that works.

Now, the Telegram CEO, Elon Musk, and a US class-action lawsuit all say the same thing we said in 2022.

And with that history, it is hard to trust Meta when they ask you to hand over your actual message content to infrastructure they control — TEE or not.

About That “Secure Enclave”

Meta’s claim is that your messages are processed inside a Trusted Execution Environment — a hardware-isolated enclave where even Meta cannot read the plaintext. Your messages go in encrypted, AI processes them, results come back. The enclave is designed to keep secrets even from its operator.

Technically, this is not incorrect. Similar architectures are used elsewhere, and in some cases are backed by detailed documentation and external audits that provide meaningful guarantees about code integrity and execution.

So TEE itself is not the issue. The issue is what you are trusting.

A TEE does not make your data “invisible” as Meta wants you to believe. So while a TEE enforces that a specific piece of code runs in an isolated environment, it does not guarantee what that code does with your data, nor does it explain what happens to your data before it enters the enclave or after results leave it.

So it’s not just about TEE, but about the attestation chain that comes with it. Meta writes the enclave code. Meta decides how data enters and leaves the system. Meta controls the surrounding infrastructure that defines what gets deployed and how it is verified. At every layer — enclave code, deployment pipeline, attestation chain, key management — the trust anchor is Meta, and only Meta. So when Meta is asking you to trust their TEE, in simple terms, you are being asked to trust Meta.

It’s like your favorite restaurant saying your food is safe because no one can see inside the kitchen. But the owner decides the ingredients, writes the recipe, and controls what gets served to you. The kitchen may be sealed. You are still at the mercy of the owner.

And in this case, the owner is Meta.