We live in era of Internet and social networks. Instant messengers are extremely popular today. And WhatsApp is one of the most desired and popular mobile messaging service. Now it has over 1 billion users every day. That is absolutely fantastic figure!
Many people want to be private, secure and safe in the Internet. If you want to be sure that your WhatsApp messages are not reviewed by third party you must take care about your security!
Facebook as a parent company of WhatsApp implemented encryption but not everyone trusts it.
If you want to be really secure – use a VPN – this is real encryption and privacy!
Now WhatsApp uses a part of Open Whisper Systems security protocol. It is quite good and reliable.
WhatsApp has taken a few hits and been in the news recently, and the somewhat limited understanding of encryption means it can be a bit confusing. Here are a few examples of WhatsApp in the news, and what it really means.
In January 2017 the Guardian reported claims that WhatsApp ‘has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.’
The Guardian claimed that WhatsApp has a ‘backdoor’. If WhatsApp covertly changed security keys of a user, the company could, according to Tobias Boelter, a cryptography and security researcher at the University of California, ‘disclose its messaging records, it can effectively grant access due to the change in keys’ at the request of government agencies.
WhatsApp claims this loophole exists so that if someone changes their phone, and therefore their automatic security key, messages will still send so as not to disrupt service. This is, to be fair, a valid point, as not doing so would disrupt the service of 1 billion people relatively frequently.
Despite this, here is our guide on how to turn on WhatsApp encryption in the first place, and also how to opt out of adverts on the platform.
Wikileaks’ Vault 7
On Tuesday 7 March 2017 Wikileaks caused a stir by releasing ‘Vault 7‘, thousands of confidential documents it claims are from CIA internal networks. This has raised some concerns that WhatsApp messages, which are end to end encrypted, could be read.
Reporting can be slightly confusing in this instance; it’s not actually the encrypted nature of the messages that could be compromised. The reports detail the intelligence agencies’ ability to remote control single devices and access them as though they were the user. Obviously in this case, the encryption is still strong, but it is the end user’s device that has been compromised.
Therefore since this news, you needn’t worry about the validity of the encryption in WhatsApp, worrying though it is that Wikileaks is claiming the CIA and others have the power to hack individual devices.
So that’s the news side. Here’s the tech side.
WhatsApp encryption information
Chances are you’ve probably sent a fair few WhatsApp messages already today. As of 5 April, all those messages are now encrypted end-to-end – provided you have the most up to date version of the app downloaded on your iPhone, Android, Nokia, Window or BlackBerry smartphone handset. Here we break down what the somewhat confusing issue means for you – what is WhatsApp encryption?
How to turn on encryption in WhatsApp
WhatApps now securely encrypts every single message, call, picture, video or any other type of file you send so that the only person who can read or view it is the recipient. Not even WhatsApp has the ability to intercept and view those messages.
As a user, you don’t have to turn this feature on, nor can you turn it off. You should receive a message within your chats if you are using the latest version of the app (which is required) to let you know the change has been implemented for you.
What is encryption?
Encryption is the scrambling of messages from the sender on their journey to the recipient, largely to discourage the interception and reading of those messages by other parties.
This concept dates back thousands of years to coded written message sending, but now, modern forms of communication can be encrypted automatically with complex coding.
Thanks to the smartphone revolution, we now send and receive an awful lot more data between devices. All this data, be it voice calls, text messages or mobile data, is managed by whichever service provider whose service you are using. Whether or not this data is encrypted varies depending on the policy of the company providing the service.
For example, voice calls and text messages are handled by your mobile operator. This operator also provides your 3G or 4G connection to the Internet on your smartphone, but they don’t encrypt all the services you use.
If you tend to message via WhatsApp rather than text message, your mobile operator is not responsible for encrypting that WhatsApp data – it merely provides you with your connection to the wider Internet, the connection that allows apps such as WhatsApp, Facebook and Twitter to send messages all over the world.
How does WhatsApp end-to-end encryption work?
WhatsApp encrypting messages ‘end-to-end’ is a big deal because it means that the company itself has decided to run a system in which even it cannot intercept and read messages sent on its own platform.
When you send a message, it can only be ‘unlocked’ by the intended recipient, thanks to a very complex code that took WhatsApp several years to develop. It’s no mean feat to achieve, particularly given that 1 billion people use the service.
This differs to many messaging apps, which only encrypt messages between you and them. This means that your messages are stored on the services servers, usually not permanently, so hypothetically could be accessed and read.
Why has WhatsApp introduced end-to-end encryption?
Now that WhatsApp has end-to-end encryption, it means that they and no party – governments, police, hackers, other users – can intercept and read your messages.
WhatsApp has done this because as a company they believe in your right to have private conversations when you use their service.
Why is end-to-end encryption important?
The reason the decision is getting a lot of attention is because of high profile cases in which communications service providers like Facebook are put upon by authorities to release sensitive personal data.
A high profile case is the FBI asking Apple to unlock an iPhone 5C that was used by one of the San Bernardino shooters, a move which Apple refused, underlining the integral values many large communications companies hold when it comes to personal data, security and encryption.
Does every app have end-to-end encryption?
The short answer is no – but also this is not something to be alarmed about.
WhatsApp’s decision is one of the first of its kind, and is particularly interesting because traditionally smartphone messaging services have played down the importance of security.
Facebook Messenger only encrypts messages between your device and their servers. This means, by law, Facebook could be obliged to divulge private messages. The same applies to Instagram, which Facebook owns, though interestingly, it also owns WhatsApp.
Facebook bought WhatsApp in 2014 and the latter will now share users’ phone numbers with Facebook to provide advertisements. It’s a clear sign that the platform is having to monetise its offering after a few years of providing a free service.
It seems if you opt in, Facebook will recieve information in order to better target you with adverts on the Facebook platform. It’s a small but significant sign that the Facebook-owned WhatsApp is having to concede some of its privacy values.
If you don’t want to share additional information such as your phone number cross-platforms, here’s how to opt out of WhatsApp adverts.
You will be given the following screen where you can agree to the changes.
Instead of pressing agree, tap the arrow at the bottom of the screen to read more details. You’ll then get this screen, where you uncheck the box, opting out of sharing additional information:
If you’ve already clicked Agree, you can still reverse your decision for the next 30 days. Simply open WhatsApp and go into Settings > Account, then untick Share my account info.