WhatsApp End-to-End Encryption is Now Live but Ultimately, Security Starts with You

1
Shares

“Security starts with you” is a controversial statement attributed to an advertisement featuring President Kenyatta in the media at the height of terrorist attacks on Kenyan soil from Islamist militant group Al-Shabaab.

However, when it comes to your online safety, that is not even up to discussion. It is true, that statement just describes the state of your security (and privacy) online.

Early this month, Facebook-owned messaging application WhatsApp, started encrypting the over 42 billion messages and 1.6 billion photos shared on the platform daily. The end-to-end encryption, simply put, ensures that no one sitting somewhere in a government office or any other place for that matter can snoop on whatever you send to your church youth WhatsApp group, your family WhatsApp group or to your friend in a far-flung country. You are safe. Ok, that’s a very naïve statement to make. Let’s just say, sort of. On the internet, you are never really safe.

Why am I saying so?

Screenshots

If you are a Kenyan who is active on social media then you may have heard of Bro Ocholla, a Kenyan internet sensation in late October 2015, thanks to a screenshot of a misplaced chat he sent to a church prayer group. The ever thirsty (for gossip and anything along those lines) Kenyans on social media pounced on it and it went viral. It trended for several days and the real guy even went on air via phone on several morning FM radio shows to clarify the matter. A WhatsApp screenshot got him there.

Then there was the famous #HelloChallenge on Twitter days after UK singer Adele released the first song from her then-unreleased album, 25, Hello. Hilarious as it was, the #HelloChallenge involved all manner of privacy breaches. Someone starts a conversation on WhatsApp on an unsuspecting friend, colleague, family member or even total stranger like an Uber cab driver who just dropped them with the hopes of using lyrics from the song to prank them then share screenshots from the ensuing conversation on Twitter without the direct approval of the other party.

While there is end-to-end encryption to all your chats on WhatsApp, you are still not notified every time the person you are chatting with or the people you are sending messages to in a group, take screenshots. This means that the privacy and confidentiality of whatever it is you are sharing is at the mercy of the recipient.

Old school snaps

Whatsapp_Link_Previews

Now, even if WhatsApp introduced a feature where you get notified when someone takes a screenshot of a conversation (as is the case in Telegram’s secret chats) or totally prohibits the taking of screenshots (like in Signal), anyone with malicious intentions can still go the long route of taking a photo of the device with the chat window open. Simple as that.

Backups

WhatsApp does not send your chats to a central server for storage. At least, that’s what they’ve been telling us. Messages, photos, videos and documents you share are stored on your mobile device. WhatsApp, depending on your settings, does daily backups and they are stored on your mobile device. From last year, the same can also be stored on cloud storage service Google Drive. These backups while kept for good intention, are a weak link. Should anyone access your mobile device and transfer the backup folder or gain access to your Google account then it’s over, your privacy goes out of the window.

What do we do now?

Trust.

If you can’t get someone to have a conversation with them face to face then even online it’s still a challenge and last time I checked, there was still no way to circumvent that.

WhatsApp already has over 1 billion monthly active users. There are very many ways that these users can come up with that essentially waters down any gains made in making sure your private chats are just that, private. What other ways can your conversations on WhatsApp be compromised and end up in the eyes of many unintended recipients?

Shares