Two questions.
My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said
“oh Whatsapp is encrypted, it’s perfectly secure”.
First, is it actually as encrypted and safe as my brother claims? That would solve everything.
Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?
My understanding is that it IS encrypted, and its supposed to use the Signal protocol (Signal developed it and released it for others to use)
The problems are with
- metadata (like the other comment explained)
- closed source, so we take their word on it for how it works. It’s possible they’re being misleading or doing something shady
See this image from a few years ago:
Note that signal does require this, which isn’t in the chart:
- phone number (for now)
- last active date
- sign up date (I think)
To be frank with you, humans are the weakest security point in any system. Even if you did somehow (impossibly) 100% secure your device… you’re literally sending everything to X other family members who don’t care about security anyway and take zero preventative measures. That’s sort of the point of a chat app. All they would need to do is target your family instead of you to get the exact same info - this is how Facebook has everyone’s telephone number and profile photo, even if they don’t have an account. And if it’s a WhatsApp data breach… well. Your family is just one in a sea of millions of potentially better/easier targets.
If there’s anything interesting about your family chats that is actually secret info, it probably shouldn’t be put into text anywhere except maybe a password manager. Just tell them not to send passwords or illegal stuff or security question info via whatsapp. It’s all you can realistically do in situations like this.
We literally cannot keep all information private from everyone all the time, you have to pick and choose your battles. And even then, you’ll still lose some, even if you’re perfect.
Technically, yes, it is encrypted. However, Facebook still gets metadata on who you talk to, when you talk to them, how long you talk to them, your contact information, etc. As an example, if you talked to your girlfriend, then you talked to her doctor, and then you talked to your mom. There’s a good chance that your girlfriend may be pregnant, even if I did not know what was said. Or, if I know you are at the top of a bridge and that you contacted a suicide hotline… So just because it is encrypted does not mean it is safe.
You and family use WhatsApp to talk to each others, just like millions families out there and so far no chats have been leaked because the encryption is bypassed.
You make your own life so complicated for what?
This is the privacy community, and they were discussing the privacy aspect.
The concern isn’t about getting your chats leaked, there’s no incentive to just give away data that is collected. The concern is usually about a malicious group (company, government, criminals) abusing the data that they can get their hands on.
He is talking about encryption, which I addressed. Maybe reading comprehension, eh?
“It must be encrypted well because nothing has been leaked yet” is a very, very bad stance on encryption.
In fact, every encryption is working well until it’s broken the first time.
So no, you didn’t address shit.
Yea yea, if even Signal Protocol cant do shit, your shit can’t do anything as well. 🤣
All you guys do is talking without any solid base. Sigh.
That comment does not make sense.
If you lack knowledge , admit it.
WhatsApp is using Signal Protocol.
It is very unpleasant to communicate with you.
It is still unclear what you meant with “your shit”.
Apart from that I did not argue against the signal protocol, I argued against your idiotic stance on encryption.
Maybe reading comprehension, eh?
deleted
Cybersec researcher here. The content of your chat is encrypted end to end. Their servers can’t read what you write. This is because they use the same protocol as signal, x3dh and double ratchet. However, they can and will collect everything else. Contact info, for example, phone, etc
deleted by creator
I assume Whatsapp encryption is equivalent to https, your connection to the server is encrypted and “impossible” to be intercepted and decrypted, but on the server end everything arrives as clear text, so the only people that can watch your conversation is the recipient of the messages and whatsapp.
