LightBlog

lundi 18 avril 2016

What Encryption Means For WhatsApp And Its 1 Billion Users

Some days ago, WhatsApp introduced the long awaited end-to-end encryption to all users. We heard the process has been going on for a while now , with Android-to-Android messages encrypted; now the encryption feature has reached almost every WhatsApp user out there, regardless of their mobile platform though one has to be running the latest version of WhatsApp to be enjoying its benefits. WhatsApp has stated that outdated versions of its client will expire over time, therefore meaning that, in due course, almost everyone will be running a version supporting end-to-end encryption.

A number of existing chat applications offer end-to-end encrypted communications, including Threema, Signal and Wickr. So it was kind of weird to hear that WhatsApp (probably the most popular IM app) still hadn’t implemented it yet until recently. To some people this may all sound like jargon. What is this encryption?, Why implement it? Why use it? Is it that essential? How does this affect the me? We hope to explore this and more over the course of this article.

Encryption is the act of encoding data in a manner that results in only authorized parties being able to read it. Encryption doesn’t prevent someone intercepting the information, but stops the interceptor being able to view the content. In essence, an encrypted message can only be held by those who have access to the key. Provided this key is properly kept secret, your messages are secure. In end-to-end encryption, this key is only accessible to the parties in the chat, and it’s not exposed outside of their devices, rendering the messages unreadable to anybody else.

_89096627_whattaapp

With end-to-end encryption, no one can have access to your chats, except you and the sender – even WhatsApp themselves. Users should be rest assured that all their chats are now private, more like a face-to-face conversation. To explain this further, here’s an excerpt from WhatsApp legal page:

Messages between WhatsApp users are protected with an end-to-end encryption protocol so that third parties and WhatsApp cannot read them and so that the messages can only be decrypted by the recipient. All types of WhatsApp messages (including chats, group chats, images, videos, voice messages and files) and WhatsApp calls are protected by end-to-end encryption. WhatsApp servers do not have access to the private keys of WhatsApp users, and WhatsApp users have the option to verify keys in order to ensure the integrity of their communication.

The content of actual messages are encrypted and cannot be read in transit through WhatsApp’s servers, but metadata like date and time of communication, and the parties involved in a conversation are still accessible. All these can be categorized under metadata and can be made available for government and security agencies to access whenever the need arises. Funnily, this is even what they might be interested in.

To further clarify, the metadata can be used to reveal the following:

  • Whom a particular user communicated with,
  • When they did the communication,
  • How frequently they communicated,
  • Where the communicating parties were located when the conversation took place. (Probably possible if location is turned ON).

“WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.”

That being said, after the encrypted communication, the process is still in doubt because most of the endpoint devices are not encrypted. Many iPhones are, but other smartphones, tablets etc, running Android or other operating systems do not have encryption enabled. Looking at another angle, it’s not just encrypting to keep data secure. Now that we have seen the leverage Facebook/WhatsApp still retains over user information, it is now totally down to them. To what extent can they go to protect customers when faced with a court order? It also appears that, for WhatsApp group chats, the encryption won’t work unless everyone in the group updates to the latest version of the app. Even pdf sharing won’t work until the same condition are met.

Encryption has come to stay as far as internet communications is concerned. In fact, it has become a fundamental right for people to have their communications kept private and secure while online. The big question is : How much do we trust the people handling the servers and infrastructure powering our communications?

Do you trust WhatsApp with your metadata? Are there any encryption experts in the house to explain things better for us? Do you think the WhatsApp encryption move was necessary? Leave a comment below!



from xda-developers http://ift.tt/1S60lgu
via IFTTT

Aucun commentaire:

Enregistrer un commentaire