Messaging platforms have been in even greater demand in recent months, and it’s likely that you’re using one of them, and it may be WhatsApp. All platforms have been working hard to improve their services, and WhatsApp is no exception.
The world’s leading messaging platform now has 8-person video calls, “while QR contact codes, encrypted cloud backups and multi-device access are in beta or test,” Zak Doffman reports at Forbes, and more functions are being added. However, he adds, it is not all good news.
WhatsApp’s Achilles Heel
As he says, with the exception of multi-device access and encrypted backups, both of which are crucial, none of the rest are game-changers. However, what Doffman has witnessed in recent weeks during the protests across U.S. cities, is that hordes of users are abandoning WhatsApp due to an Achilles Heel in the system — Metadata.
As you’ll know from using the service, messages are end-to-end encrypted. Doffman says: “The stories you occasionally read about hackers attempting to access WhatsApp accounts relate to endpoint compromise, the vulnerability is your phone where you store your decrypted messages, not WhatsApp itself.”
But, the data around your messages is NOT encrypted. This data includes who you message, when and how often. This data can be recorded and law enforcement can access it, if it is provided to them. It is important to remember that the messages and attachments you send or receive can’t be accessed until it’s decrypted on a recipient device, but information about the sender can.
Therefore, that metadata is a powerful data source, enabling patterns to be drawn, joining links and mapping networks, which is why protesters are leaving it for the security-first alternative Signal: “Other than registering when you first installed and last accessed its platform, Signal doesn’t know anything about you or your contacts.”
The importance of metadata in 2020
WhatsApp is owned by Facebook and that is a concern for many, as its reputation for handling data is hardly squeaky clean. Furthermore, concerns that Facebook might use the data commercially are even more heightened now.
There is another reason the metadata is going to be an issue this year. Doffman writes: “Starting with Messenger, Facebook is looking at metadata as a possible defense against mandated backdoors in its encryption to flag child endangerment — adults messaging minors, for example.”
Facebook claims its new protections are designed to work with encryption, but there are question about this, such as what is known about both sides of a message exchange.
The EARN-IT Bill
The EARN-IT Bill proposes to make the messaging platforms responsible for the content sent, which is a major threat to end-to-end encryption. What is more messaging platforms may be punished in some way if they “can’t flag criminal or dangerous content.” Basically, it is a threat to the integrity of encryption.
So, back to WhatsApp. There are no signs that its metadata issue is going to be fixed, even if end-to-end encrypted backups are now available. The big concern is that Facebook will eventually want to monetise WhatsApp with some form of advertising, and that means using the metadata, so they are unlikely to change it.
Messaging encryption was being closely looked at before the protests — but now it has become even more important, and more people will be looking at exactly how each platform works and if it sufficiently protects their data.