WhatsApp encryption guarantees your privacy

WhatsApp encryption is now complete and, when using an up-to-date version of WhatsApp, virtually guarantees your privacy with end-to-end encryption and forward secrecy.

WhatsApp_Logo_1Whether you realise it or not, WhatsApp encryption now guarantees your privacy. All you need to do is make sure you are running the latest version of the immensely popular chat app on your mobile device. WhatsApp’s founders published a blog post yesterday announcing the culmination of year and a half journey with Open Whisper Systems:

WhatsApp has always prioritized making your data and communication as secure as possible. And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

WhatsApp encryption, in itself, isn’t new. Open Whisper System’s Moxie Marlinspike summarised the fruit of this journey in his blog post titled “WhatsApp’s Signal Protocol integration is now complete”:

As of today, the integration is fully complete. Users running the most recent versions of WhatsApp on any platform now get full end to end encryption for every message they send and every WhatsApp call they make when communicating with each other. This includes all the benefits of the Signal Protocol – a modern, open source, forward secure, strong encryption protocol for asynchronous messaging systems, designed to make end-to-end encrypted messaging as seamless as possible.

We are still in a transitionary phase at the moment. Conversations will only be encrypted if all the parties to a conversation are using an updated version of WhatsApp. When they are, though, the result is pretty impressive:

  • WhatsApp conversations (voice and text) are fully encrypted. This includes all the attachments. WhatsApp itself can’t decrypt the messages and its servers really only pass the encrypted messages between users.
  • Because WhatsApp uses different encryption keys for each session, older messages can’t be decrypted even if someone manages to seize a current encryption key (this is known as “forward secrecy”).
  • Once your conversations with contacts are encrypted, they remain encrypted and downgrading to an earlier version of WhatsApp won’t make your messages available in an unencrypted form.
  • For the time being, you can see which of your conversations are encrypted by looking to see whether your contact/s is/are using an updated version of the app. You will also be shown a message that indicates that your conversations with a contact are encrypted going forward.

One step for fully encrypted conversations

We have had encrypted messaging apps for a little while now. Apple’s Messages app and the popular Telegram app are encrypted to a degree although neither are encrypted end-to-end like WhatsApp, apparently.

Cade Metz wrote a fascinating article for Wired titled “Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People” which gives a fair amount of background into this development. As he pointed out, the scale of this is remarkable when you consider just how big WhatsApp is:

More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network.

One of the challenges implementing encrypted solutions is simplifying the process for users enough so the process itself isn’t a deterrent. This migration is literally as simply as updating your app and prompting your contacts to do likewise to ensure that your conversations are encrypted.

Why encrypted WhatsApp is a big deal

Encrypted WhatsApp messages about family dinner plans may not seem a high priority. Consider that WhatsApp is one of the biggest social and communications platforms on the planet used by friends, families, business people and activists, alike. Suddenly you can see the benefits of a service that easily implements strong encryption and protects conversations that are truly sensitive and could, literally, save lives.

The flip side is also true: terrorists and criminals could also use WhatsApp to hide their conversations and may well be doing that. Bear in mind, though, that WhatsApp isn’t the only encrypted communication solution. Publicly available solutions have been around for years and if the bad guys aren’t using WhatsApp, they have many other options available to them.

This is a more significant development for the rest of us because it means that we are less vulnerable to digital attacks by the bad guys. It also means that people who need an assurance of privacy can have it. As the WhatsApp team pointed out in their blog post:

We live in a world where more of our data is digitized than ever before. Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people’s digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities.

I know a few colleagues, lawyers, whose communications with their clients have been intercepted and compromised. They have had to seek out other solutions to protect their privileged conversations (one option has been the Signal app which was also developed by Open Whisper Systems). This development means they can simply stick with WhatsApp and be confident that their privileged conversations remain protected.

WhatsApp becoming fully encrypted is a big deal. It is also a smart move because it means that WhatsApp is simply unable to follow regulators’ directives to hand over users’ data. It places them beyond the fray and leaves governments to figure out how to deal with a substantial proportion of the planet’s population whose communications are protected from their interference. Or, as WhatsApp’s Koum and Acton put it:

Today more than a billion people are using WhatsApp to stay in touch with their friends and family all over the world. And now, every single one of those people can talk freely and securely on WhatsApp.

Image credit: Pixabay