Article: "All WhatsApp messages are now encrypted"

WhatsApp announced on Tuesday that all messages sent through the most recent version of its app will be fully encrypted.

The massive security upgrade comes just after Apple was asked by the US government to break the encryption on an iPhone that belonged to a terrorist involved in the San Bernardino shooting.

WhatsApp, which has more than one billion users globally and is owned by Facebook, is using an open-source encryption standard from Open Whisper Systems. The same encryption has been used by whistle blowers like Edward Snowden.

The Justice Department has considered pursing legal action against WhatsApp’s encryption efforts in recent months, according to The New York Times. Now that WhatsApp is encrypted, the company won’t be technically able to hand over records of its messages to governments.

The messaging app began adding encryption to its service back in 2013 but didn’t fully commit to implementing it with Open Whisper until 2014, reports Wired. WhatsApp co-founder Jan Koum was the first prominent tech leader to voice support for Apple’s refusal to help the FBI create a back door into the iPhone in February of this year.

Now WhatsApp has firmly and resolutely planted its stake in the ground for encryption. I don’t really want to be in the business of observing conversations,” WhatsApp cofounder Brian Acton told Wired. “This is something our users wanted. Maybe not your average mom in middle America, but people on a worldwide basis."

WhatsApp Security Whitepaper pdf.

4 Likes

I don’t trust it, especially since they’re owned by Fakebook, but…I like it.

5 Likes

I wonder how they make any money. How can a company have all that gibberish encrypted data and still make money with it? They have a billion phone numbers but is that worth all the servers and data center’s?

2 Likes

Exactly. And they recently removed their subscription option so its now ‘free’ again. I just…don’t trust it.

1 Like

But they can still tell that you sent a message to someone.

The CIA has said we kill people based on the metadata of communications. The authorities can still build up a network of associations using this who messaged who and when metadata

But still good to see the end-to-end encryption.

From memory there is another APP called “wickr” that removes the who messaged who and when aspect of the metadata. Politicians use “wickr” so their activities cannot be traced or even known to have occurred. So end-to-end encryption with no trace.

But they’re closed source, and I didn’t see anything mentioning end to end.

1 Like

Thats one of their core features. Only you have the keys to decrypt the message

From their how-it-works page

[quote]At the core of any Wickr product is our patented security architecture
powered by multilayers of peer-to-peer encryption. Our mission is to
protect data and communications transmitted [/quote]

And yes I don’t like closed source either

1 Like

I actually use wickr quite a lot. Initially it was to prove how terrible snapchat was but it was simple enough to get people onboard. Getting many people I know to use XMPP with OTR and OMEMO was just troublesome. This news about WhatsApp is pretty decent as the people behind it are Whisper System who have done a fair amount of good work.

But yes, it cant be all sunshine and roses for a 21bn USD company…

1 Like
4 Likes

Thank you for the link. Thats exactly what I was talking about.

In Australia they passed legislation requiring ISPs to keep all that sort of “metadata” on every man woman and child in Australia for warrantless search/access by the authorities.

In Holland we have the same. What URL’s have you visited etc. stored for 18 months I think. But still it’s a good thing what WhatsApp did. At least no messages in plain text over servers and WiFi.

1 Like

“Patented security architecture” can mean anything, but it sounds like somebody reinvented the wheel again; unfortunately, without more information, it’s hard to tell if that wheel is circular, oval, or triangular.

As for WhatsApp, who’s gonna prove that what they are saying is true, and what is the guarantee that it won’t be quietly reversed at a later point?

1 Like

either :

  • sender writes clear message --> whatsapp encrypts --> sends crypted message to recipient -->
    recipient’s whatsapp delivers uncrypted message to final recipient , recipient’s phone sends decrypted message and ‘from’ to Facebook and friends

  • sender writes clear message -->>phone sends clear stuff to HeadQuarters --> whatsapp encrypts and sends to recipient

  • whatsapp pretends it encrypts --> just doesn’t , or not all

  • any other funny stuff you can imagine in a closed source environment and network. You just can’ t review the source of the entire phone , and you can’t monitor the traffic…

2 Likes

However, a closer look at the terms and conditions reveals that WhatsApp
is not encrypting everything. Buried in the fine print is this line:
“WhatsApp may retain date and time stamp information associated with
successfully delivered messages and the mobile phone numbers involved in
the messages, as well as any other information which WhatsApp is
legally compelled to collect.”

3 Likes

Well WhatsApp is encrypted (I noticed it today in my WhatsApp).
But they still can use aggregate data (country to country, demographics, etc.) plus FB is largely unencrypted, and when click on a link in WhatsApp you still go somewhere which isn’t private, etc.

I don’t mind WA, it’s good that everyone scrutinizes it and that they’re improving. I could use some open source equivalent (maybe) but no one uses those.

1 Like

Well 90% of my communication is with the same 10 people (some friends and family) so i agreed with them to use Signal, that works fantastic is open source and has reproducible builds (for android). :slight_smile:
I hope they get rid of more metadata in the future :wink:

2 Likes