WhatsApp Is To "Go Dark" with End-to-End Encryption Provided by Whisper Systems

WhatsApp, the most popular messaging system in the world, is partnering with Whisper Systems to roll out end to end encryption by default with all of its messaging products. The move is surprising, given that WhatsApp is owned by Facebook which has been a strong supporter of centralized encryption which is significant less secure, but allows Facebook to snoop on traffic for marketing data.

The move to end-to-end encryption would catapult WhatsApp to being among the most private messaging services in the world. The recent messaging privacy scorecard by the Electronic Frontier Foundation scored the top services as TextSecure, RedPhone, SilentPhone, and SilentText. Whisper Systems is the company that makes SilentPhone and SilentText, so if the implementation that is brought to WhatsApp follows the privacy best practices of SilentPhone and SilentText we can expect strong and true end to end encryption in the messenger. Currently, Facebook Messenger and WhatsApp are among the lowest scores on the EFF's scorecard.

The details at this time are sparse. The most important detail to watch for is how keys are generated. If the keys are generated and stored remotely, this is not the true end-to-end encryption as is being advertised. I am skeptical of the announcement due to this factor alone, as Facebooks primary reason for buying large social apps like WhatsApp is to read conversations for marketing data. End-to-end encryption would make Facebook/WhatsApp unable to read the messages to scrape for information, reducing the value of the product to the corporation. If the keys are actually generated on your device, and never leave your device, it will be a huge step forward in privacy. I'll believe it when I see it in action.

< last
next >