hugo7-
TBH, I don't know for sure that it's encrypted at-rest on their servers... but you've got the inbetween bit right.
-
Is my understanding and explanation of the end-to-end point correct?
[EDIT] When the Whatsapp client is installed and run for the first time it creates a public key and a private key. Anything encrypted with the public key can only be decrypted with the private key. The public key is sent to Whatsapp's servers (and anyone that wants to communicate with you). The private key is not sent anywhere and should only remain on the phone. The private key is unrecoverable so if you lose your phone you either need a backup of your phone (e.g. using iTunes/cloud for Apple) or the private key is gone forever.
[EDIT] WhatsApp web interface is still secure. I'll give an outline of how that works without WhatsApp being able to read any messages a bit later if anyone is interested.
The communications are encrypted end-to-end, that is, each message you send to an individual is encrypted in such a way that only that end user should be able to decrypt it. (The messages are encrypted with a public key but can only be decrypted with the corresponding private key.)
If you send a message to a group then actually you're sending messages to each person individually using their unique key.
So, in either case above, Whatsapp (servers) should not be able to see the unencrypted contents of any message. But they do know the metadata, e.g. you sent a message to person B, or that you have persons C, D and E in your contacts, or that you're in a group with persons F, G and H. They have to know this so they can deliver your messages appropriately. This metadata is still valuable even if they can't read the content of the messages.
However, and here's the first but (there are three), Whatsapp also controls the client which obviously has access to the private key that is required to decrypt messages, otherwise it wouldn't be able to display the decrypted messages to you.
It also controls which keys a message is encrypted with when you send a message. If it is only encrypted messages you send with the public key of the recipients then Whatsapp cannot know the contents of your message as Whatsapp should not know any of the private keys.
You are relying on Whatsapp to play nicely. They could:
a) Encrypt each message you send with an extra key that Whatsapp has the private key for, and also send this each time, and so they'd be able to decrypt every message sent by anyone.
b) Act as a Person-In-The-Middle and tell you that Person B's public key is X (when it is actually Y) and when you send a message to B you encrypt it with X, but Whatsapp intercepts this, decrypts it (as they have the corresponding private key for X), stores the message and re-encrypts it with public key Y and then sends it on to B, which then decrypts it without any idea that it has been messed about with.
c) The WhatsApp client could take your private key (which should remain only on your client) and send it to WhatsApp. They could exfiltrate it bit by bit inside other WhatsApp communications and you'd never know and people would be very unlikely to notice.
d) The WhatsApp client could purposely generate 'weak' or easily attackable keys, so that someone with a bit of computing grunt could determine the private key from just the public key.
e) ...lots of other possibilities...The source code for the client is not public, and even if it was, there's no way to verify that the app you are running on your phone was built from that source code. There's a lot of trust there (and being a FB company there's no much trust going around).
The second 'but' relates to backups of your chats. If you enable this then Whatsapp stores a backup of your chats on Google Drive and they are encrypted with a key that is derived from your phone number. This means that if you lose your phone then you can retrieve all of your old messages as Whatsapp can restore this backup onto your phone as it can work out the key again.
If Whatsapp can do this onto a new phone they can, theoretically, retrieve any chat backup from Google Drive, derive the key from the corresponding phone number, and then pore through the messages at their leisure. They can also hand over the key derivation function to a nation state (such as a three letter agency in the US) which will also have access to arbitrary google drive information, and so they can look through anyone's Whatsapp data.
The final 'but' is the leaking of information due to link previews. That doesn't leak the specific content of messages but it does leak valuable information.
Signal is better in many respects, but nothing can be perfect. Signal doesn't offer the same backup with obvious security flaws. Signal has open source code (and people do perform verifiable builds). etc.
You are reading a single comment by @hugo7 and its replies.
Click here to read the full conversation.
Velocio
Greenbank
From their statement: They're connecting the WhatsApp and Facebook profiles to allow businesses to communicate with you.
From their ToCs: They're connecting the WhatsApp and Facebook profiles and can use that how they like.
From their legal docs when they bought WhatsApp: We will never connect WhatsApp and Facebook profiles... you can trust us.
In simple terms, they're going back on their promise and granting themselves a huge pool of data from WhatsApp, and they don't have to keep that use to just what they've said.
That's the very paraphrased high level... the question is: Do you trust Facebook? And really, at this point you shouldn't.