That’s the essential difference that means it’s end 2 end encrypted rather than other types of encryption. Only the sender and the recipient have the key to encrypt and decrypt the message.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
WhatsApp to Roll Out Multi-Device Support, Hints at Future iPad App
- Thread starter MacRumors
- Start date
- Sort by reaction score
Everyone who keeps ******** all over the app; we get it. You don’t like Facebook and what’s app. But try to expand your thinking a bit and understand that the rest of the works has been using WhatsApp for years. For example, I was just in Guatemala and that is the primary form of communication. Majority of that population cannot afford An iPhone let alone an android. WhatsApp is universal and works for everyone.
Yeah, signing up to the Giving Pledge what an evil thing to do, he's one evil bastard.
I should care. Many prepaid SIMs where I travel include free WhatsApp usage, in that it doesn’t count against data caps. This allows me much more flexibility in communicating both here and there.
Maybe not everyone sees the world the way you do.
iCloud backup is not encrypted and apple will provide it with proper warrant (or none at all). An encrypted message needs to be decrypted before displaying to user. That means a compromised decryption should be enough to eavesdrop actual contents, let alone metadata, which may not be encrypted at all because there’s gonna have some unencrypted message to initiate the communication.
I’m not saying Facebook is actively leaving back door on their WhatsApp encryption, but someone else can build one and break into “end to end encryption”, which Facebook can’t really control.
Besides, EU fine for companies like Facebook is more or less like a pocket change. Facebook is more than happy to pay the fine in exchange for continuing to operate in EU, when avoiding fine is not possible.
Thanks for your explanation.
I knew it was end to end encryption, what I don't/didn't know is that it means that there's no key for Whatsapp/Facebook.
"iCloud backup is not encrypted"
I didn't say anything about iCloud, I said it's encrypted (End to End), no-one can crack that.
"but someone else can build one and break into “end to end encryption”
Erm...Nope, no-one can do this.
"Besides, EU fine for companies like Facebook is more or less like a pocket change."
Not if they will get fined again and again, believe me, there will be a time in a not too distant future without Facebook, which I applaud.?
It quite (and perhaps purposely) difficult to follow, if you don’t know.
In layman’s terms, the basic types of encryption are:
In transit (such as https when using the internet)
Encrypted at rest (such as a password vault online)
End to end encrypted (such as signal or WhatsApp)
The first one pretty much only applies to the internet and browsing or sending/receiving data, http is not encrypted, https is. Most of the internet is https these days and most browsers try to force this connection. But attention needs to be paid still.
The second relates to the data and where it’s kept (email, Dropbox type stuff, iCloud etc. The company tends to own the keys so it’s possible (though unlikely except for court orders) for anyone with the keys to view the data (although you can encrypt the data yourself before uploading in some cases, which will mean that they can see the container, but not the data - essentially this is end to end)
The third, end to end encryption refers to any encryption whereby you own the keys, as in the above example. It’s popularised with messaging apps (signal, whatsapp for example), some email apps (protonmail for example), but really it applies to any case where you decide the password and you only know it. Obviously, there are no passwords in relation to e2e messaging apps, and that’s where the encryption protocols come in to play, such as the signal protocol that signal and WhatsApp both use.
This is only a basic overview. Obviously there are caveats and other things involved, and tech companies like to blend and twist the words so pay attention to what they’re saying and seek other advice if it’s critical.
Encryption remains strong mainly becuase the code to actually do the encryption is generally open source, which means that anyone can view the code and those in the know can verify its authenticity and whether or not it’s been tampered with. Obviously in the case of WhatsApp and others, the app itself is closed source, which essentially means they can adjust the code and no one would know. Then there is trust involved. Most companies proclaiming e2e encryption would be reluctant to break that trust, due to the reprocussikms involved, and if it was the case, the wider security community would know almost immediately.
I know the messages themselves are encrypted, but follow the money...
Why would a for profit publicly traded company buy a software for $19B and give it away for free? Something is fishy, isn't it? Thats 19 billion dollars. Now add in there that Facebook is not the most ethical company out there. hmmmm...
Huh? I wasn’t giving an excuse, but consider if you are a developer. If you developed an app in 2009, you probably wouldn’t think of making the app to be on multiple devices and on a tablet that was just a rumor. Thus there are probably underpinnings inside the app that has to be reconstructed. Since the original WhatsApp founder had left Facebook many moons ago, it would be up to whoever maintaining the app in Facebook.
In contrast if you are developing an app in 2014, the tech climate was already different than 2009, with people owning multiple gadgets and the iPad has existed for a while. Then you would have thought of making such necessary support for multiple devices.
I believe it’s common sense, not an excuse. The WhatsApp web was a just a bandaid. If you were developing an app today, would you be able to put in features expected by users 5 years from now? If you could, you should invest in the stock market then.
They probably can, and I'd bet they do when it comes to requests from security agencies. If they decrypted messages for their own ends though, it'll only be a matter before they're caught, and when they're caught, they will suffer consequences that will change what's left of Facebook forever.
WhatsApp is on Mac both as a native app and via the web. It's just missing a Mac native app, as well as a limitation that you can only have it open in one other place in addition to your phone at any point in time, and they have to be on the same network.
As someone suggested, this is likely to do with technical debt. They must have made some technology choices in the early days that mean retrofitting the app to offer this will be as good as replacing the foundation of a house, with people living in it.
It's not just fines though. They still have the nuclear option of forcing the breakup of Facebook. and are far more likely to initiate this than the Americans.
I too have little trust in Facebook, but it's end to end encrypted, and they would get into huge trouble if, for instance, the EU/US found out.
Again, there's no food for conspiracy theories here.
Huh? I wasn’t giving an excuse, but consider if you are a developer. If you developed an app in 2009, you probably wouldn’t think of making the app to be on multiple devices and on a tablet that was just a rumor. Thus there are probably underpinnings inside the app that has to be reconstructed. Since the original WhatsApp founder had left Facebook many moons ago, it would be up to whoever maintaining the app in Facebook.
In contrast if you are developing an app in 2014, the tech climate was already different than 2009, with people owning multiple gadgets and the iPad has existed for a while. Then you would have thought of making such necessary support for multiple devices.
I believe it’s common sense, not an excuse. The WhatsApp web was a just a bandaid. If you were developing an app today, would you be able to put in features expected by users 5 years from now? If you could, you should invest in the stock market then.
Facebook didn’t even add e2e encryption until 2016, it wasn’t built with that in mind. How much technical debt can there be that won’t allow an app to be ported and/or synced to an app on essentially the same os as the original app, yet fully allows syncing with desktop platforms and the web? I think rather they don’t have much interest in the iPad as a platform. None of fb other apps either work well or have dedicated iPad apps.
FUD. They use the Whisper/Signal protocol which has been directly implemented by the Signal guys (moxie and co) and also independently audited.
WhatsApp and Facebook might suck, doesn‘t change the fact that WhatsApp has proper E2EE.
I can think of many approaches that might make it easy for you to update a secondary device over wifi to mirror the first, than for another source to keep multiple devices in the same state, regardless of whether a 'primary' device is online. It'll need different infrastructure which can be hard to retrofit without re-engineering the app.
There are loads of leaked mails and official-ish interviews that outline why they bought WhatsApp: it was their biggest competitor, threatening to kill Facebook in terms of userbase and app engagement.
Zuckerberg calls Apple their biggest competitor for a reason: instant messaging is the future, they see iMessage as a threat in their home territory and need to grab as much marketshare in that market as possible.
Instant messengers more and more evolve into lightweight social networks (e.g. profiles, stories, sharing content etc) and they do it way better than dedicated social networks like Facebook or Twitter, because they are focused on conversations and intimate, private discussions. Ever tried to hold a discussion in a comment thread on Facebook or Twitter? Good luck with that.
I Travel a lot and Mostly all prepaid SIMs include some GB of data traffic. So you can use whatever Voice IP. But Ok if you got unlimited WhatsApp usage I understand your choice. But it is a question of choice. I don’t like Facebooks business model and prefer to pay a bit more to escape it.
yes but how would they monetise that? As with the original arguement, Whatsapp is encrypted and free to use. So where is the money flow?
They are already monetizing it with the business features and data sharing with Facebook in non-GDPR regions. There are also plans to introduce ads sooner or later.
That being said, it‘s less about money in the first place but more about the fact that they now have a stranglehold on the messaging market with their 3 solutions, which they plan on combining into one big messaging ecosystem in the future (e.g. being able to message someone on Facebook from WhatsApp).