Whatsapp Just Switched On End-To- End Encryption For Hundreds of Millions of Users

image

              Ambuli Victor

Growing up in Soviet Ukraine in the
1980s, Whatsapp founder Jan Koum
learned to distrust the government
and detest its surveillance. After he
emigrated to the U.S. and created
his ultra-popular messaging system
decades later, he vowed that
Whatsapp would never make
eavesdropping easy for anyone.
Now, Whatsapp is following
through on that anti-snooping
promise at an unprecedented scale.
On Tuesday, Whatsapp announced
that it’s implementing end-to-end
encryption, an upgrade to its
privacy protections that makes it
nearly impossible for anyone to
read users’ messages—even the
company itself. Whatsapp will
integrate the open-source software
Textsecure, created by privacy-
focused non-profit Open Whisper
Systems, which scrambles messages
with a cryptographic key that only
the user can access and never
leaves his or her device. The result
is practically uncrackable encryption
for hundreds of millions of phones
and tablets that have Whatsapp
installed—by some measures the
world’s largest-ever implementation
of this standard of encryption in a
messaging service.
“Whatsapp is integrating Textsecure
into the most popular messaging
app in the world, where people
exchange billions of messages a
day,” says Moxie Marlinspike, Open
Whisper System’s creator and a
well known software developer in
the cryptography community. “I do
think this is the largest deployment
of end-to-end encryption ever.”
Textsecure has actually already
been quietly encrypting Whatsapp
messages between Android devices
for a week. The new encryption
scheme means Whatsapp messages
will now travel all the way to the
recipients’ device before being
decrypted, rather than merely
being encrypted between the user’s
device and Whatsapp’s server. The
change is nearly invisible, though
Marlinspike says Whatsapp will
soon add a feature to allow users to
verify each others’ identities based
on their cryptographic key, a
defense against man-in-the-middle
attacks that intercept conversations.
“Ordinary users won’t know the
difference,” says Marlinspike. “It’s
totally frictionless.”
In its initial phase, though,
Whatsapp’s messaging encryption is
limited to Android, and doesn’t yet
apply to group messages, photos or
video messages. Marlinspike says
that Whatsapp plans to expand its
Textsecure rollout into those other
features and other platforms,
including Apple’s iOS, soon. He
wouldn’t specify an exact time
frame, and Whatsapp staffers
declined to comment on the new
encryption features. Marlinspike
says the Textsecure implementation
has been in the works for six
months, since shortly after
Whatsapp was acquired by
Facebook last February.
Whatsapp’s Android users alone
represent a massive new user base
for end-to-end encrypted
messaging: Whatsapp’s page in the
Google Play store lists more than
500 million downloads. Textsecure
had previously been installed on
only around 10 million gadgets
running the Cyanogen mod variant
of Android and about 500,000 other
devices.
The only encrypted messaging
system that compares in size is
Apple’s iMessage, which also claims
to use a version of end-to-end
encryption. Compared with
Textsecure, however, Apple’s
iMessage security has some serious
shortcomings. iMessage doesn’t
track which devices’ cryptographic
keys are associated with a certain
user, so Apple could simply create a
new key the user wasn’t aware of
to start intercepting his or her
messages. Additionally, many users
unwittingly back up their stored
iMessages to Apple’s iCloud, which
renders any end-to-end encryption
moot. Plus, unlike Textsecure,
iMessage doesn’t use a feature
called “forward secrecy” that
creates a new encryption key for
each message sent. This means that
anyone who collects a user’s
encrypted messages and
successfully cracks a user’s key can
decrypt all their communications,
not just the one message that uses
that key.
Whatsapp’s rollout of strong
encryption to hundreds of millions
of users may be an unpopular move
among governments around the
world, whose surveillance it could
make far more difficult.
Whatsapp’s user base is highly
international, with large
populations of users in Europe and
India. But Whatsapp founder Jan
Koum has been vocal about his
opposition to cooperating with
government snooping. “I grew up in
a society where everything you did
was eavesdropped on, recorded,
snitched on,” he told Wired UK
earlier this year. “Nobody should
have the right to eavesdrop, or you
become a totalitarian state—the
kind of state I escaped as a kid to
come to this country where you
have democracy and freedom of
speech. Our goal is to protect it.”

“THIS IS THE LARGEST DEPLOYMENT
OF END-TO-END ENCRYPTION EVER.”

In its initial phase, though,
Whatsapp’s messaging encryption is
limited to Android, and doesn’t yet
apply to group messages, photos or
video messages. Marlinspike says
that Whatsapp plans to expand its
Textsecure rollout into those other
features and other platforms,
including Apple’s iOS, soon. He
wouldn’t specify an exact time
frame, and Whatsapp staffers
declined to comment on the new
encryption features. Marlinspike
says the Textsecure implementation
has been in the works for six
months, since shortly after
Whatsapp was acquired by
Facebook last February.
Whatsapp’s Android users alone
represent a massive new user base
for end-to-end encrypted
messaging: Whatsapp’s page in the
Google Play store lists more than
500 million downloads. Textsecure
had previously been installed on
only around 10 million gadgets
running the Cyanogen mod variant
of Android and about 500,000 other
devices.
The only encrypted messaging
system that compares in size is
Apple’s iMessage, which also claims
to use a version of end-to-end
encryption. Compared with
Textsecure, however, Apple’s
iMessage security has some serious
shortcomings. iMessage doesn’t
track which devices’ cryptographic
keys are associated with a certain
user, so Apple could simply create a
new key the user wasn’t aware of
to start intercepting his or her
messages. Additionally, many users
unwittingly back up their stored
iMessages to Apple’s iCloud, which
renders any end-to-end encryption
moot. Plus, unlike Textsecure,
iMessage doesn’t use a feature
called “forward secrecy” that
creates a new encryption key for
each message sent. This means that
anyone who collects a user’s
encrypted messages and
successfully cracks a user’s key can
decrypt all their communications,
not just the one message that uses
that key.
Whatsapp’s rollout of strong
encryption to hundreds of millions
of users may be an unpopular move
among governments around the
world, whose surveillance it could
make far more difficult.
Whatsapp’s user base is highly
international, with large
populations of users in Europe and
India. But Whatsapp founder Jan
Koum has been vocal about his
opposition to cooperating with
government snooping. “I grew up in
a society where everything you did
was eavesdropped on, recorded,
snitched on,” he told Wired UK
earlier this year. “Nobody should
have the right to eavesdrop, or you
become a totalitarian state—the
kind of state I escaped as a kid to
come to this country where you
have democracy and freedom of
speech. Our goal is to protect it.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s