During the first quarter of 2016, WhatsApp extended its end-to-end encryption mechanism to all users of its main communications application. This meant that a billion people were now communicating in so-called total privacy, so that not even governments or even WhatsApp itself could intercept voice messages and calls. This came in a context and at a time when whistleblowers and lawsuits caused some people to worry about whether communication over the Internet remains private and secure. But is WhatsApp encryption worth it?
What was worth it? It costs the billion users nothing; it doesn’t change anything in the way the app works – it just makes your words very safe and secure. Actually, it has a cost. Technically, data consumption has a slight cost, since encryption requires some overhead. But this cost is quite small. The other cost would be to believe that now everything is very safe and that nothing will go wrong. It’s very safe? Although we would like it to be so, there are certain considerations that make us skeptical.
Encryption doesn’t always work
Your messages and voice calls are usually encrypted by default with WhatsApp. However, it does not work in all cases. For example, if you are communicating with a person who does not have the latest version of the application, there is no encryption as only the latest version supports it. Also, if you are communicating in a group and one of the members is not up to date, the entire group is left unencrypted.
Now, even when both parties have up-to-date applications and use the encryption mechanism, there may still be no encryption. Here’s what to check when you get the message that the messages you send are protected with end-to-end encryption, prompting you to tap for more information. Pressing takes you to verify through a key that is represented by a QR code and a set of numbers. If those numbers are exactly the same as those of your correspondent, you are insured. Alternatively, you can scan the code on your correspondent’s device to eventually see the huge tick that says you’re safe. This same check suggests that certain codes may not work. In addition, it has been reported that the codes do not corroborate, which means that the messages are not encrypted. Since we’re not going to check every message we send, how sure can we be that every single message is encrypted?
Your messages and voice calls are encrypted, but not the metadata that goes with them. In a nutshell, metadata is the supporting data that is added to the actual data to aid transmission. When you mail a letter, the letter inside the envelope is your data. The address on the envelope, the stamp, and any other data that helps mail and transportation officials is metadata.
Through unencrypted metadata, companies, rogue states, and any party that wishes to establish communication patterns can do so. They can collect large amounts of information from chat servers, information such as who is talking to whom, when, and for how long. This says a lot of things and can be processed into meaningful information.
Transparency and trust
WhatsApp uses the Signaling Protocol, which people are familiar with, but part of the mechanism is closed. There is definitely a part of the work that remains opaque. That part could be dirt for back door access. To what extent do you trust Facebook, the company behind WhatsApp?
For many of the billion users, with or without encryption, things remain the same. They have nothing to hide and they don’t care if their messages are intercepted. In addition, people are aware that just by creating an account on networks like Facebook and WhatsApp, they are exposing themselves to the world, and most of them agree with it. The introduction of end-to-end encryption should not make them paranoid about privacy. As for those who are concerned about privacy and security, although they should feel a little more secure, they have questions to think about here.