Written by Staff Writer
06 Apr, 2016 | 4:02 pm
Messaging giant Whatsapp has fully implemented end-to-end encryption on its platform and also across all mobile platforms for which it offers apps.
According to Whatsapp’s spokesman securing the cross-platform video comms was the last piece of the puzzle for whatsapp which means users of the latest versions will have their comms and media end-to-end encypted by default.
End-to-end encryption means the content of communications are not stored in plaintext on WhatsApp’s servers. Nor is the company able to decrypt users’ messages to access them since it does not hold the encryption keys. So WhatsApp will be unable to be compelled to hand over messaging data — even if served with a warrant by authorities demanding access.
While the WhatsApp news may seem timely in light of the recent high-profile battle between Apple and the FBI over an encrypted iPhone, the company has in fact been implementing encryption since 2013, the year NSA whistle blower Edward Snowden triggered a global privacy storm by revealing the extent of government mass surveillance programs.
WhatsApp then went on to partner with Open Whisper Systems the following year, and has been integrating its widely respected end-to-end encryption Signal Protocol specifically since late 2014. In a blog post today the not-for-profit hacker collective behind the latter open source tech confirmed the WhatsApp implementation is now complete.
Although the completion of default end-to-end encryption is a hugely important security milestone for the WhatsApp platform, it does not mean that from here on in every communication sent via the app is end-to-end encrypted, because that’s reliant on all users being upgraded to the latest version of the software. But the WhatsApp client will now notify users of the encryption status of chats, including showing a notice in the messaging screen, to help bridge the transitional phase.
WhatsApp users will also be able to confirm the person they are chatting with is the person they think it is, rather than an imposter performing a man-in-the-middle attack, by verifying the authenticity of the encryption session via scanning a QR code or reading aloud a number string.
13 May, 2020 | 12:26 PM
09 Jan, 2020 | 08:05 PM
Are you interested in advertising on our website or video channel
Please contact us at [email protected]