WhatsApp Adds Encryption, but It Won't Be A Whistleblower's App of Choice

WhatsApp Adds Encryption, but It Won't Be A Whistleblower's App of Choice

by Dan Vlasic on 15 April 2016 · 2464 views

1 medium WhatsApp Adds Encryption but It Wont Be A Whistleblowers App of ChoiceWhatsApp added end-to-end encryption, so tap that update button and download the latest version of the app. If you think this brand new feature allows you to use the app to blow a whistle on some injustice, or for your little club of dissidents, think twice, and here is why.

Encryption should have been there in the first place. It's PR

While the mainstream media are hailing Facebook, current WhatsApp owner, for innovation and standing up for privacy, let us not be so naive. Encryption is not innovation; it's been on offer in many fine open source messengers for years now. Remember? Even if the first time you heard about encryption was when Edward Snowden files hit the headlines, you had plenty of opportunities to discover user-friendly tools to encrypt your communication for non geeks.

What Facebook just did with encrypting WhatsApp, finally, was fixing a fundamental security hole in its product. Encryption is the Alpha and Omega of the secure, private communication, and the company is trying to keep up with the competitors in the lively market. When Apple took the recent iPhone 6 case vs DoJ to public, the public debate on privacy escalated. So, the move looks forced.

It's not open source, so there is no telling there is no back door

WhatsApp is a closed, proprietary software, so no independent audit can look through the code, test it and confirm there are no back doors built into the software, even with the encryption enabled. For those who seriously treat their privacy, open source vs proprietary is a deal breaker.

It's Facebook

The most privacy-invasive company after Google, Facebook's business model is selling user data to marketing agencies. It's also been named as one of the Silicon Valley collaborators with the government mass surveillance program PRISM. It never deletes your data, even if you delete it on your end, even if you delete your entire account. Its facial recognition algorithm is one of the most sophisticated ones in the world, and it places super cookies in several directories in your computer, which respawn if you try to delete them. Oh, it also tracks non-users. Did you know Facebook even got fined for tracking non-users?

Security experts warn about privacy and security risks

Even with the encryption rolled out, WhatsApp is nominally secure and private, while in fact there are a number of possibilities for the breaches. First of all, all parties included in a chat should have the latest version of the app installed for the contents of the chat to be encrypted. If, for example, a single person in your group chat did not update to the latest version, your group chat is not encrypted.

End point security

The second issue with the implementation is the end point security. While the messages are encrypted in transit, there is no way to guarantee the end point, that is your device, is secure. If it is infested with malware, spyware or a keylogger, your chats are not private. Ideally, your entire device needs to be encrypted, and even then you are still not 100% private. Guess why? Read WhatsApp's Privacy Policy.

The metadata thing

The company retains metadata and some “other information” concerning your chats. This means Facebook has the contents of your address book (check the app permissions out of sheer curiosity), the time and date stamp of all your conversations, and the phone numbers if your recipients. In terms of big data processing, metadata is the Holy Grail of surveillance. Here is how experts explain its value: the contents of the chats are huge, unstructured loads of data that requires human or very sophisticated programs to analyze, while metadata is a clean, ordered, tagged and labeled library of human interactions, which allows to establish who talked to whom, where and when. Metadata lets programs analyzing big data establish connections in the communities and globally. This is impossible to achieve through the contents of the messages. If you care to dig deeper, have a look at this Der Spiegel article.

WhatsApp is legally compelled

We have yet to see what hides behind “other information” that WhatsApp retains. WhatsApp’s privacy notice says:

“WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect. Files that are sent through the WhatsApp Service will reside on our servers after delivery for a short period of time, but are deleted and stripped of any identifiable information within a short period of time in accordance with our general retention policies.”

Wrapping up, it's worth noting that the market of chat apps is as booming as never before, and those looking for alternatives that crop up beyond the Five-Eyes jurisdiction now have options. Smaller, non-US-based companies, mostly from Europe, offer features like open source, zero knowledge, no phone number or any personally identifiable information requirements when subscribing –  the real private communication. So, if you want to keep up with the community updates, stick to WhatsApp, but if you seek privacy, look at CryptoCat, Threema, Tutanota, Signal or even Telegram.

Comments (0)
Featured Articles