A question about secure chats
A question about secure chats
Two questions.
My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn't secure. My brother has just said
"oh Whatsapp is encrypted, it's perfectly secure".
First, is it actually as encrypted and safe as my brother claims? That would solve everything.
Second, if it isn't, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn't make me look like a raving loony?
My understanding is that it IS encrypted, and its supposed to use the Signal protocol (Signal developed it and released it for others to use)
The problems are with
- metadata (like the other comment explained)
- closed source, so we take their word on it for how it works. It's possible they're being misleading or doing something shady
See this image from a few years ago:
Note that signal does require this, which isn't in the chart:
- phone number (for now)
- last active date
- sign up date (I think)
Technically, yes, it is encrypted. However, Facebook still gets metadata on who you talk to, when you talk to them, how long you talk to them, your contact information, etc. As an example, if you talked to your girlfriend, then you talked to her doctor, and then you talked to your mom. There's a good chance that your girlfriend may be pregnant, even if I did not know what was said. Or, if I know you are at the top of a bridge and that you contacted a suicide hotline... So just because it is encrypted does not mean it is safe.
When you type a message a message and send it to your counter part, WhatsApp says it encrypts it and the recipient will decrypt it on their side with WhatsApp. However, WhatsApp is closed source. That means you trust WhatsApp to do what it says.
It's like going to a contractor and telling them your message and handing them a key. The contractor says they'll deliver it to the other party in a manner that nobody else will be able to read that message. You can ask them provide the tools they do it, explain how they do it, and show you how it's done, but they say "no can do, trade secret". Do you trust them?
Alright, let's say you do trust them, they really do make the message unreadable to anybody but the other party. But every time you want to send a message, you have to go to their building, write down the message on a notepad, and then hand it + the key to the messenger. If you told them "Just to be sure, I'd like to verify that nobody else is here possibly looking at the message while I write, nor reading it when you go into the backroom to render it unreadable" and asked "Can I check for other people here?" to which they respond "no can do, trade secret". Do you trust them?
Alright alright, so you still trust them. They won't let you check anything, but you still trust them. The messenger is employed by the one and Sauron Inc. The owner has been caught lying about stuff before, but you trust them. No problem.
Let's says the messenger says "hey, you know, all the communications you have when you go into the small room there, we can make copies for you! if the messages were ever misplaced, this building burned down or anything, you could always have the communication history". You find it a great idea! Wow, it's so convenient. They even suggest to put copies in a building in another city and the building is owned by Darth Vader Inc. You're ecstatic! To get the process started, WhatsApp walks into your room with a bunch of blank papers and chest, then asks you to hand over your key and closes the door behind them. You are escorted out of the building and wait for the process to be over.
A few months later, the city is bombarded by Megatron. The WhatsApp building is destroyed and your communications are gone! The key you had for the messenger to render your communications unreadable? Gone too! Well, luckily you can just go to another WhatsApp building. You enter, say your name, fill in your details and you are escorted to a room that looks just like the one in the building the Megatron destroyed!
The elation is great! ... until you notice that all your messages are readable. Not only that, but the key that's used to make then unreadable by WhatsApp is sitting there on the desk - pristine and undamaged as it ever was.Wait a moment... how did the unreadable messages and the key get restored? What exactly did Darth Vader Inc. get from WhatsApp?
Must just be a coincidence, right? You probably had the key in your pocked the whole time and gave it to WhatsApp while you were at the reception filling in your contact details. Your trust is unwavering, the security unrattled, and your communication unscathed.
Whatsapp is encrypted. The problem is the Metadata they want - i.e. your whole address book.
I do not agree to Facebook having my phone number, but if you use WA and have my number, they have it, too - even if I don't use WA myself.
If you can convince your family to switch, use Signal or Matrix.
Otherwise, use Shelter on your phone with a limited, WA-ony address book.
In a similar situation as you (entire society revolves around whatsapp). I came to this conclusion:
-
Others won't share my view on personal privacy at all will happily give out any metadata or data. No matter what secure channel we use, the destination (people) will always leak.
-
Because of (1), consider all communication with others as public, no matter the inferred intimacy, no matter the platform or its security.
-
Consider (2) as true even if they somehow used Signal or any secure platform, because of (1). (E.g. "Hey, did you hear about $familyMember? Yes, the weird kiddo who forced me to use some strange blue shit for chat. He got positive on blood exam for $badCondition. Go check on him")
As for whatsapp itself, i use Android and isolate it in a separate profile, also frozen until opened. I also used a burner phone number for account registration, not my actual number.
People are more receptive of whatsapp accounts with "alternate" numbers when you explain you "got hacked in the past" or any plausible reason.
-
I case they're set on WhatsApp:
You could use something like:
https://github.com/mautrix/whatsapp
and bridge WA to a secure Matrix server of your choice. That way you can have a secure environment and they can use whatever they like.
Here is an overview table about messengers, in case you want to compare them and have more arguments in the discussion:
https://www.messenger-matrix.de/messenger-matrix-en.html
I wouldn't consider WA secure. They do tracking, they have your phone numbers and those of all of your friends and know exactly who you talk to, when, and how often. Even if they don't know the content of the message because it's encrypted, that's a lot of information for the algorithm to feed on. Apart from that, I'm not sure if they have access to the encryption keys. They might be able to decrypt everything if they want.
I'm sure someone wrote a lengthy blog article about WA. But unless someone does a proper security audit including where the encryption keys are stored and the implications of that and how extra features like breaking encryption in case someone flags an inappropriate post turns out... The 'it's safe' is just a claim by your brother or Meta. You're free to believe in anything you want. But it's not necessarily true.
To be frank with you, humans are the weakest security point in any system. Even if you did somehow (impossibly) 100% secure your device... you’re literally sending everything to X other family members who don't care about security anyway and take zero preventative measures. That's sort of the point of a chat app. All they would need to do is target your family instead of you to get the exact same info - this is how Facebook has everyone's telephone number and profile photo, even if they don't have an account. And if it's a WhatsApp data breach... well. Your family is just one in a sea of millions of potentially better/easier targets.
If there's anything interesting about your family chats that is actually secret info, it probably shouldn't be put into text anywhere except maybe a password manager. Just tell them not to send passwords or illegal stuff or security question info via whatsapp. It's all you can realistically do in situations like this.
We literally cannot keep all information private from everyone all the time, you have to pick and choose your battles. And even then, you'll still lose some, even if you're perfect.
You can for example have a look on the online resource below:
https://www.securemessagingapps.com/
It is very interesting with a big comparison grid between plenty of messaging solutions.
WhatsApp gives you the option to back up all messages to Google or Apple Cloud unencrypted.
My way around the issue with the app and its collection is :
- Install in a separate profile with empty everything. (So they get an empty contact list)
- Install beeper in a different profil and connect WhatsApp to beeper.
- Remove all permissions from WhatsApp. There if I need to reconnect sometime.
Oh and using fake number is also a good idea. And yes not as good as selfhosting I know. Signal is an option if you can get them to switch. Telegram is crap.
I assume Whatsapp encryption is equivalent to https, your connection to the server is encrypted and "impossible" to be intercepted and decrypted, but on the server end everything arrives as clear text, so the only people that can watch your conversation is the recipient of the messages and whatsapp.