Encrypt all the things!

WhatsApp remains encrypted end-to-end... but that was never the threat.

The threat is what happens at the ends... on the servers, and on the client. i.e. could WhatsApp access the messages on the server, would they use the client to read them?

We know they could access the messages on the server, as some of their search and sharing functionality reveals the capability, plus encryption requires keys and the fact that you could lose a phone and activate on a new phone shows that if things are encrypted then WhatsApp possessed the keys at their end... which should be freaking obvious to all, of course they hold the keys.

When it comes to encryption, who holds the keys is a question of security vs convenience, and WhatsApp (when owned by Facebook) showed that they now prioritised convenience over security.

What of the client, the other end? Well... the client has the messages decrypted, it must simply by virtue of being able to show them to you in a way that you could read. And did it use this in a way that profited them? Well yes! The most common form was the link preview... if we chatted and I shared a link to a product in that chat, the link typically showed a summary of the web page in question... the client made a web request using the WebView component, thus placing a cookie and leaking some details. If you ever then opened Instagram and got a highly relevant advert and wondered how that could be because you'd only mentioned it once in a private chat in the "encrypted" WhatsApp... well, now you know.

So WhatsApp under Facebook ownership kept end-to-end encryption (govts and 3rd parties couldn't intercept on the wire) but used their ownership of both ends for their profit.

Now Facebook have come clean... they're going to fully linked WhatsApp and Facebook accounts, meaning the full advertising force is coming your way. And they've already shown you how... by using the fact that they have access to the unencrypted messages at both ends.

This was always obvious despite their many denials that they would. And those who sought refuge in the "but it's end-to-end encrypted" failed to understand what that implied... it's encrypted end-to-end, meaning everywhere but the end - all the stuff inbetween. But the ends... the server and the client... can both access messages unencrypted.

My view is simple: For all your private communications with anyone that you care about, you should use Signal https://signal.org .

Signal has drawbacks, but that's because when the question comes up of security vs convenience they choose security every time. What does this mean? Well if you lose your phone and buy a new phone, you can activate the same Signal account because you own the phone number, but you cannot access old messages because Signal didn't have ownership of the encryption key, this was on your old phone and if you didn't make a backup of the chat then nothing could restore it.

Signal is basically perfect from a security perspective, but not so great on the convenience and usability perspective (because security was prioritised)... so what it comes down to:

• Do you want to have every private chat made available as source data for profile enrichment that can then be sold on to advertisers?
  
• Or do you want full privacy and security at the cost of a few rough edges?
  
  

I'll keep my WhatsApp account, but I pressed "Not Now" and am currently in the process of manually deleting every chat, all media, and exiting all groups on WhatsApp and instigating the chats anew on Signal. WhatsApp will exist only so that those who try and reach me can do so... but I'll only actually chat on Signal.