I recently came across a post, in his post Oz is trying to explain a bit about the method that is used by WhatsApp’s End-to-End Encryption (E2EE for short) system.
That post got me thinking about the details behind the encryption itself.
As a former IDF cyber security specialist, when I hear something that is security related the question that immediately pops into my head is “What EXACTLY do you mean? what exactly is secured?”
Think about this; How does Facebook benefit from the acquisition of WhatsApp? The simple answer is data. the more complicated answer will be explained below.
After all, you must’ve come across Facebook’s friendship suggestions where Facebook suggested you someone you did not know before, who you were only speaking to for the first time on WhatsApp just the day before.
But how? WhatsApp claims to encrypt your data, so how could they know I spoke to him?
The deets
If we checked the official WhatsApp site, and looked at the security information page, we’d see the following claims:
It might seem as though they encrypt everything — messages, photos, videos, voice messages, documents and calls. They also claim that the only one who can read those is the recipient, But is there anything missing from this list?
Well, what about the metadata?
What is Metadata?
Metadata is “data that provides information about other data”. In other words, it is “data about data”. — Wikipedia
In our case metadata can be:
- The people you speak with
- The time you send the message
- The link preview that accompanies you links
- Where your message was sent from
- The device you used to send the message
or really any other additional metadata that accompanies the message or even the conversation.
All of these were not taken into account when encrypting the data within WhatsApp — and I don’t think it’s by mistake. WhatsApp needs this data to make money, to grow bigger and to get to know you better!
Second Look
Now when we know more about the messages and the data that accompanies each message — lets have a second look at the claims from WhatsApp:
When end-to-end encrypted, your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.
As you can see, there is no mention of the metadata involved with each message or conversation.
Technically, they’re not lying.
How Does It Affect You?
This metadata can be used in many ways to manipulate the ads around you, to know when and where are you talking from, if links and more content is involved even the context of your messages can be revealed.
In a recent Forbes article it is explained what data is transferred to the authorities when it is asked for.
It is further explained that with that metadata they can map it and get a really good picture about your life.
“Whilst WhatsApp might not provide full content of messages, the kind of metadata it provides is often enough to draw an informative map of a target’s life” — Forbes
What Can You Do?
First of all, Know about it. Now after reading this article you are more informed about the problem; let others know about it and inform them too.
Now you might consider changing your messaging apps to something that is more secure, or even stop using those apps altogether.
One recommended app is the Signal App.
I will no get into detail about why or how is this app better, you can read more here and here or in many other places.
After all, it is your data and you should be able to do whatever you want to do with it.
Just remember:
If it looks like it’s encrypted, sounds like it’s encrypted, and feels like it’s encrypted, then it doesn’t mean it’s properly encrypted..
