You are reading a single comment by @Greenbank and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
@Greenbank
There's more stuff about the Whatsapp backups on HN recently (in a thread about a Telegram backdoor).
It confirms that if you enable the cloud backup then the Whatsapp client uploads them to Google Drive encrypted with a key derived from your phone number. That's how you're able to restore messages on a new phone without needing anything else, but only if you have cloud backup enabled.
Whatsapp's servers don't have the unencrypted messages, but they do have everything they need to get it if you have cloud backups enabled.
(I wouldn't enable cloud backup of my whatsapp messages based on that. Whatsapp will have written the key derivation function and so they could retrieve and decrypt any of the backups. Most likely this is so they can give access to Government agencies who probably already have access to arbitrary Google Drive data stores at will. They just need the key derivation function details from Whatsapp.)
Personally I just rely on periodic local backups of my phone (which will backup all of the data) and knowing that I may lose the few days data since my most recent backup. I wouldn't touch the cloud backup with someone else's stick.