With the Facebook-owned WhatsApp announcement, it’s pretty clear that end-to-end encryption has just gone mainstream. On March 31st, WhatsApp pushed for an update to their call and chat functionality. This has allowed its over 1 billion monthly active users to text each other with a guarantee of security.
End-to-end encryption is a system of connection where only the two ends communicating can read each other’s messages. No hackers can access the cryptographic keys which are required to decrypt the conversion. The encryption is guaranteed, whether one is sending a text, chatting in a group, making calls or even exchanging files with each other.
This move is being seen to woo people who want to protect their trade secrets, whistleblowers, crypto-hobbyists, etc. It will also provide security and privacy to the ordinary users.
According to a white paper released on 4th April, the users of WhatsApp are protected by strong encryption. It explains what happens when users text each other regarding the underlying cryptography. Developed by Whisper Systems, it’s based on Signal Protocol, which is known to use double ratcheting to give forward secrecy – i.e. even if a hacker gets the cryptographic keys, you will still be safe. The Signal Protocol is designed to make use of strong and well-vetted building blocks of cryptography for the construction and transmission of information. Also, communication is also encrypted by use of Noise Pipes from Noise Protocol framework between the client app and WhatsApp servers.
This new encryption workflow hides the cryptography functionality away from the end user while at the same time making it appear seamless and intuitive. It is also user-friendly. In each interaction, it gives a clear QR code to both ends that are communicating. The assumption here is that it’s simple for both parties to verify the exact same image, which consists of a series of fingerprints linked together.
End-to-end encryption provides a platform where no one will be able to access your chats, except you and the sender. Even the WhatsApp creators themselves will not be able to do this. Users are rest assured that, their conversation is private and secure –more like a face-to-face communication.
Though the encrypted message will not be read in transit through WhatsApp servers, metadata like date, time, and parties involved in the communication will still be accessible.
The process is still not 100% safe since many of the endpoint user devices are not encrypted. Apart from iPhones, other smartphones and tablets running on other operating systems e.g. Android, may not be encryption enabled. For WhatsApp group chats and messages encryption to work, all in the group must update to the latest version of the app.
As long as internet communication is around, encryption is here to stay. It should be a fundamental right for people to have private and secure communication online. The big question being to what extent do we trust people handling servers and infrastructures that power our communication?