WhatsApp Adopted Encryption End-to-end. What Does That Mean?

How attentive user WhatsApp that is, you may have noticed a yellow background message saying “The messages that you send to this conversation and calls are now protected with encryption end-to-end.” The app’s most popular messages of the world finally did what hehad promised in 2014. But what does this mean for the more than one billion users?

According to this technical article WhatsApp itself, the novelty is active since March 31. The service states that “or cyber criminals, hackers, oppressive regimes, even we” can see the content of messages, that is, from now on, every link, every message, photo, video, file or voice message that you send or receive is encrypted end-to-end by default – and this also applies to groups. The only requirement is that you and your contacts are with the latest version of the app.

To find out if a conversation is already encrypted end-to-end, simply access the contact data screen or group. A closed or open padlock and an explanatory message appears just below features such as mute and custom notifications:

When messages are not encrypted, the information appears on the screen – as in the picture above. In the case of groups, one tap the message shows which members need to update the application to the latest version.

What is Encryption End-to-end?

The encryption end-to-end ensures that when the user sends a message to one person who can read its contents is the fact recipient and nobody else. It is as if only the parties involved in the dialogue were the key that unlocks the messages. The computer forensic expert Deivison Pinheiro Franco explains:

“In this context, the key concept is that only those who have the decryption key to be able to retrieve a message in readable format, even knowing the whole process to hide and recover the data, the unauthorized person can not find the information without decryption key. “

There are two types of encryption , the symmetric key, or private key encryption, and asymmetric keys, also called public key cryptography. The encryption end-to-end is the asymmetric type. In the case of WhatsApp , it works like this: to send a message to the user B, user A asks the WhatsApp server public key that applies to the user B. Then, the user A uses that public key to encrypt the message. On the other hand, the user B, owner of a private key that is only available on your phone, decodes the message sent by A.

Infographic: Wired

Deivison says that “what makes the encryption end-to-end better than the others is that it provides security keys only to those involved in communication, ie this type of encryption refers to a system in which the message out coded device that sends decoded and only the device that receives it, as if the sender send a lock to which only the recipient has the key (which features the encryption type of asymmetric keys).”

WhatsApp displays a code of the keys changed the contact information to both verify that they match. Simply scan a QR code or the other, when they are not physically close, share the numeric code that is displayed. If they match, it’s all protected:

The encryption end-to-end these keys are generated and stored on endpoints, ie the devices of the users, not servers. WhatsApp, which says that does not store messages after sending, is also not with the generated keys. According to Deivison, “it means that WhatsApp will not be able to decode the messages on their own, even if it is required by law.”

In tests here, the feature still seems to have problems: communication between an Android (I) and iOS (Ghedin), the lock was open, that is, the conversation was decrypted even though both with the updated app. In another test he was able to talk with encryption, with another person using Android. I suppose it’s a matter of updating on a large scale and, therefore, may be happening gradually, or some temporary halt in one of our smartphones.

There Is Competition, But Does Not Scale

WhatsApp is not the only one to offer encryption end-to-end. The Telegram, accused of being the preferred tool of communication of the Islamic State, also has the feature. The difference is that there it only works in the Secret Chat mode, while in WhatsApp it is standard and impossible to disable.

Besides Telegram, are also considered safe by the Electronic Frontier Foundation, an organization that seeks to protect the rights to freedom of expression also in the digital environment, the apps ChatSecure the TextSecure. Including, for eff WhatsApp is a step back insurance chats Telegram and the other because their code is not open to independent reviews can be made.

In addition to what competitors offer and all the security and privacy that WhatsApp begins to provide, to extend the encryption end-to-end all the work, automatically, the app moves to the life of a billion people, people who might not understand what it all means. And that to open this precedent among the messengers apps, WhatsApp purchase a very big fight with governments and the justice of several countries where it is a success, like Brazil.

The Soviet Union to Justice

From the time that the app was purchased by Facebook, the CEO and founder of WhatsApp, Jan Koum, is hitting keys as advertising, privacy and security. According to Koum, the question is too personal, especially after WhatsApp turned target processes. “I grew up in the Soviet Union during the communist regime, and the fact that people could not speak freely is one of the reasons that made my family moved to the United States.”

Out the personal stories of one of its founders, WhatsApp made ​​clear in his statement that the novelty has to do with the increasingly frequent demands of justice, including Brazil, where the vice president for Latin America Facebook, Diego Dozdan was arrested for not meet the requests of the judiciary and where, in November 2015, WhatsApp was blocked for 12 hours by similar reason.

For a few years before being large, popular and part of criminal investigations, WhatsApp did not care so much about issues such as security and privacy, details how this article Pando. However, since 2013 something changed. Just note the tone of the statement:

Every day we see stories about improperly accessed or stolen sensitive records. And if nothing is done, more digital information and communication between people will be vulnerable to attacks in the years to come. Fortunately, encryption, end-to-end protects us from these vulnerabilities. Encryption is one of the most important tools that governments, companies and individuals have to promote safety in the new digital era. Recently there has been much discussion about the encrypted services and the work of justice. While we recognize the important work of Justice to keep people safe, efforts to weaken the encryption risk exposure information from users of the abuse of cyber criminals, hackers and oppressive regimes.

Faced with this news, it is possible that the Justice Department get in fights like the FBI and the US Department of Justice against Apple in the iPhone of San Bernardino shooters. Neither the FBI nor the DOJ wanted to comment on the news WhatsApp to Wired, nor about the fact that its leaders refuse to open a back door (backdoor) to when the justice and governments require access to messages sent by the app. According to the New York Times , the Justice Department was preparing to go after WhatsApp on similar issues to what happened in Brazil. And now?

It is important to remember that in several episodes that WhatsApp was required to cooperate, including in Brazil, there were other ways of trying to intercept criminals. In the terrorist attacks in France, for example, they were used SMS messages and phones without encryption, as notified ArsTechnica .

Here, the lawyer specializing in digital rights Adriano Mendes already hit the ball that the police could make use of other data in the search for criminals, as the location of the devices that exchange messages, whether or not of WhatsApp. Deivison, the forensic expert who spoke to the User’s Manual explains: “Even if a sender is sending encrypted messages to a recipient, you can still use the conversation metadata, ie, information about when and from which phone these messages were sent. You can not say or know the contents of what was spoken, but it is possible to establish the connection between two phones and say that the phone ‘John Doe’ exchanged messages with the ‘John Doe’. “

The issue of privacy is that it does not tolerate exceptions. If one is open, its effectiveness can never be guaranteed again.

As pointed out the author of the article from Wired, Cade Metz, this is the knack of Silicon Valley: billionaires with sweatshirts and T-shirts to kangaroo style that did something huge because they wanted and just because they could. The encryption end-to-end is largely a positive end-user point of view, which has more security and gain more privacy, but what if these billionaires to do something that is not so beneficial? Who would stop them?