December 7, 2021

robertlpham

Just another WordPress site

WhatsApp Fixes Its Biggest Encryption Loophole

Few, if any, services have done more to bring secure messaging to more people than WhatsApp. Since 2016, the messaging platform has enabled end-to-end encryption—by default, no less—for its billions of users. No complaints there. But if you back up your WhatsApp messages to iCloud or Google Cloud, those chats no longer have that level of protection, a lesson that former Trump campaign chair Paul Manafort and others have learned the hard way.

To be abundantly clear, this does not mean that WhatsApp’s encryption is somehow faulty, or that anyone is spying on your messages. (Unless they have a subpoena.) It’s a loophole, a function of WhatsApp relying on other people’s clouds to stash your stuff. Now, thanks to some clever cryptography, the Facebook-owned company has cooked up a way close it.

Over the next few weeks, WhatsApp will roll out an update that adds end-to-end encryption to backups, should you so choose. Facebook CEO Mark Zuckerberg announced the feature in a Facebook post this morning. It’s a complex solution to a longstanding issue, and one that sets a precedent for companies that don’t want to rely quite so extensively on the security of the world’s handful of dominant cloud providers.

Recommended Reading
Recommended Site
describes it
description
dig this
directory
discover here
discover more
discover more here
discover this
discover this info here
do you agree
enquiry
experienced
explanation
extra resources
find
find more
find more info
find more information
find out here
find out here now
find out more
find out this here
for beginners
from this source
full article
full report
funny postget more
get more info
get more information
get redirected here
get the facts
go
go here
go now
go right here
go to the website
go to these guys
go to this site
go to this web-site
go to this website
go to website
go!!
going here
good
great post to read
great site
had me going
have a peek at these guys
have a peek at this site
have a peek at this web-site
have a peek at this website
have a peek here
he has a good point
he said
helpful hints
helpful resources
helpful site
her comment is here
her explanation
her latest blog
her response
here
here are the findings
here.
his comment is here
his explanation
his response
home
home page
homepage
hop over to here
hop over to these guys
hop over to this site
hop over to this web-site
hop over to this website
how much is yours worth?
how you can help
i loved this

“We’ve been working on this problem for many years and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems,” says WhatsApp product manager Calvin Pappas.

To better understand that solution, it helps to clarify the problem. WhatsApp encrypts messages between senders and recipients; the service can’t see them at any point on that journey, nor after they arrive. (An exception here is that if you report a message as abusive, WhatsApp contractors may review it. This doesn’t break or even undermine its end-to-end encryption; once someone receives a message they can show it to whomever they want. Encryption isn’t magic!) So far, so good. The potential trouble starts if you back up your messages to iCloud or Google Cloud, which are not end-to-end encrypted, which in turn means that Apple or Google could hand them over to law enforcement if it comes knocking.

“So many companies’ services run on a different company’s cloud, and the security of that cloud isn’t under their control,” says Riana Pfefferkorn, research scholar at the Stanford Internet Observatory. It’s not, she says, that Apple or Google or any other cloud provider is necessarily unsafe. But the saying “the cloud is just someone else’s computer,” and the liabilities it portends, apply whether you’re an individual uploading a few photos from your phone or a company with billions of privacy-minded users.

WhatsApp isn’t ditching Google Cloud or iCloud. But it’s going to let you encrypt your backups before they head to those clouds in the first place. Think of it like handing a secret message to a courier. If you write it out in plain English and they get apprehended, you’re toast. But if you write it in a code that they themselves don’t know how to decipher, all you’ve given up is a bunch of squiggles and dots.

Courtesy of WhatsApp