You are currently viewing Questions about WhatsApp encryption

Questions about WhatsApp encryption

Do we need this? Worth? Should we care?

In the first quarter of 2016, WhatsApp rolled out its end-to-end encryption mechanism to all users of its flagship communication app. This meant that a billion people were now communicating in so-called absolute privacy, so that not even governments and WhatsApp itself could intercept messages and voice calls. This came in a context and at a time when the allegations and lawsuits have caused some people to worry about whether communication over the Internet is still private and secure. But is WhatsApp encryption really worth it?

What is it worth? It costs nothing for the billions of users. it doesn’t change anything in the way the app works – it just makes your words very safe and secure. In fact, there is a cost to this. From a technical point of view, there is a small cost to consuming data, as encryption requires some overhead. But this cost is rather small. The other cost would be to believe that everything is now very safe and that nothing will ever go wrong. Is it very safe? While we desire it, there are certain considerations that make us skeptical.


Encryption doesn’t always work
Your messages and voice calls are normally encrypted by default with WhatsApp. However, it does not work in all cases. For example, if you are communicating with a person who does not have the latest version of the app, there is no encryption, as only the latest version supports it. Additionally, if you’re communicating in a group and one of the members isn’t notified, the entire group goes unencrypted.

Now, even when both sides have updated apps and are using the encryption mechanism, it could be that there is still no encryption. This is where you can check when you get the message saying that the messages you send are secured with end-to-end encryption, prompting you to tap for more information. The call leads to verification via a key represented by a QR code and a set of numbers. If these numbers are exactly the same as your correspondent’s, you are covered. Alternatively, you can scan the code on your correspondent’s device to finally see the giant tick saying you’re safe. This check shows that some codes may not work. In addition, there have been reports of codes that do not confirm, i.e. unencrypted messages. Since we won’t check every message we send, how sure can we be that every message is encrypted?

Unencrypted metadata
Your messages and voice calls are encrypted, but not the metadata that accompanies the message. Metadata is simply explained as the supporting data that goes alongside the actual data to aid transmission. When you send a letter through the post, the letter inside the envelope is your data. The envelope address, stamp and any other information that assists the moving and transport officers is metadata.

Through unencrypted metadata, companies, outmoded states, and any party that wants to create patterns of your communication can do so. They can gather vast amounts of information from chat servers, information such as who is talking to whom, when, and for how long. This says many things and can be converted into meaning of information.

Transparency and trust

WhatsApp uses the Signaling Protocol, which people know about, but part of the mechanism is closed. There is definitely part of the project that remains opaque. This place could be the ground for backdoor access. How much do you trust Facebook, the company behind WhatsApp?

So what?
For so many of the billions of users, encryption or not, things remain the same. They have nothing to hide and don’t care if their messages are intercepted. Besides, people know that by creating an account on networks like Facebook and WhatsApp, they are exposing themselves to the world and most people are okay with that. The introduction of end-to-end encryption should not make them privacy paranoid. As for those concerned about privacy and security, while they should feel a little safer, here are some questions to think about.

Leave a Reply