Originally Posted by
JakeHendy
In short, the message will include a reference to media/video/images which are normally hosted elsewhere and fronted with another domain. So although your text comes from e.g. api.whatsapp.com, the images/videos are hosted on fbcdn.net or fb.akamaihd.net, which means that the network can drop any requests to fetch the media.
No idea how voice messages work, I suspect hosted on media too.
EDIT: to be clear, this is your device making the requests. So the message contents is encrypted, but when you request something the destination you're requesting it from isn't encrypted (else no-one would know how to get there), which is how many providers can filter out image/videos.
and despite end-to-end encryption, the source (ie WhatsApp / Telegram servers) should be able to perform integrity operations over the encrypted traffic, ie answer questions like "is this blob of data a potential underage content" / similar without having the decryption keys.
I had to do a double take Jake if you don't work at Meta, but the domains are plastered all over the internet
