Good News: WhatsApp Gets Serious About End To End Encryption

from the good-to-see dept

We recently noted that it was really good news to see companies like Google and Apple finally taking end user encryption seriously, and it appears that's spreading. The super-popular chat messaging app WhatsApp, which was acquired by Facebook not too long ago, just turned on full end-to-end encryption, powered by Open Whisper Systems, the makers of such great tools as TextSecure, which is the basis for the new encryption:
The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.

WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.
It sounds like this project started prior to the Facebook acquisition, so it's great to see it continue to move forward either way. Just recently, the EFF rated various messaging apps for their security (which resulted in some controversy...), and WhatsApp didn't score all that well, while TextSecure got a perfect score. Making messaging more and more secure is incredibly important, so it's great to see it happening here.

Filed Under: encryption, messaging
Companies: whatsapp, whisper systems

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 18 Nov 2014 @ 4:29pm


    Based on the description given in the WhatsApp article the end to end encryption would only store the keys at the end users not in a central server so all they could do with the server in the middle is get a copy of the encrypted stream but not be able to decrypt it so no worries of someone getting the message in real time.

    However since the ID is tied to a device you don't have anonymity so they can still try to get access to the source or destination device. A plus is that perfect forward secrecy is proposed so reading of the message shouldn't be possible except for when the man in the middle knows the long term key on the ends that is used to encrypt the temp key used for the current set of messages.

    Should be interesting to see what happens from this push in the right direction.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.