Privacy isn’t a new issue regarding online activity and social networks, but it certainly has been a hot topic of discussion recently.
There are many different features that make some messenger platforms more attractive than others depending on the user and their unique needs and preferences. One such feature is safety and security.
In terms of modern technology and the safeguarding of personal and private information, it’s generally agreed that the ultimate user privacy and security can only be enforced by means of absolute end-to-end encryption.
Thus, for users who prioritise the privacy and security of their personal data over anything else, end-to-end encryption is what they look for in messaging platforms.
However, controversy has recently arisen in the world of messaging apps and platforms, with industry giant Whatsapp having been accused of making false claims regarding the authenticity of their so-called “end-to-end” encrypted messages.
Whether Whatsapp has actually misled consumers with regards to using end-to-end encryption or perhaps their terms have been misunderstood by consumers, there’s no getting away from the fact Whatsapp’s messages aren’t as private as many previously believed, and as a result, a lot of people are unhappy about this recent development.
An Introduction to Encryption and How it Works
To really get the gist of the Whatsapp encryption drama, you need to have a proper understanding of exactly what end-to-end encryption is and how it influences privacy and security.
In the world of cryptography, encryption is a method whereby data is scrambled. What does this mean?
Well, if the data we’re referring to, for example, is an ordinary text, non-encrypted data will simply appear exactly as it is – that means that anyone who comes across the data will be able to read it.
When data is encrypted, however, it’s mixed up and “scrambled” in such a way that it’s unrecognisable and unreadable at face value. Encrypted data can only be deciphered by means of an encryption key that is held by authorised parties.
Using the proper lingo, the encryption process converts plaintext (that is, ordinary text) to ciphertext, and decryption using a key or code is used to convert the ciphertext back to plaintext.
That’s regular encryption, but what about end-to-end encryption?
What is End-to-End Encryption?
End-to-end encryption is a big step up from ordinary encryption. It provides a lot more privacy and security by means of its heightened ability to safeguard personal data.
Essentially, encryption, also known as transport-layer-encryption (and sometimes referred to as ordinary encryption) only encrypts data that is transferred between individual users and service providers. The data is only encrypted on the end of the initial sender, making it vulnerable during the transfer process and when it reaches the recipient.
End-to-end encryption, on the other hand, encrypts data transferred between individual users and service providers as well as information transferred from one individual to another.
That means that end-to-end encryption scrambles and protects all data transfers, while transfer-layer-encryption is limited to data being transferred from individuals to service providers which, ultimately, isn’t really the data that’s of the greatest concern. Or, rather than it not being a concern, it only makes up for small portion of data being transferred at any given time, leaving the majority open and unprotected.
More from Tech
- The Best eSIMS for Your Summer Holiday
- Digital Banking Solutions: Revolut Vs. Wise
- What Risks Does Digital ID Bring To The UK?
- Digital Banking Solutions: Chase Vs. Monzo
- Digital Banking Solutions: Chase Vs. Wise
- How To Protect a Retail Business From Hackers
- Digital Banking Solutions: Chase Vs. Starling
- AI Agents In Customer Service: How To Build And Implement Them Effectively
How Does End-to-End Encryption Influence Privacy and Security?
According to these explanations of transport-layer encryption and end-to-end encryption, the former allows anybody with access to the data during the transfer process to access it freely. Whereas, data that has been end-to-end encrypted isn’t dependent on whether or not the recipient is using the same security measures – it’s encrypted either way.
Essentially, the idea is that transport-layer-encryption only allows for superficial protection of data as it can be easily accessed during the transfer process, while data that has been end-to-end encrypted is completely safe and secure and cannot by decoded without being given the key by the relevant authority.
Therefore, when an app or platform says that it uses end-to-end encryption, this is generally understood to mean that the data being transferred – in the case of Whatsapp, text messages and media – is completely safe, secure and private and is kept away from prying eyes.
And this is where the Whatsapp issue begins.
Are Whatsapp’s Messages Really End-to-End Encrypted?
Up until recently, Whatsapp has advertised itself as using end-to-end encryption methods, implying that all data sent by means of the popular messaging platform is private. Specifically, this was taken to mean that none of this data could or would be shared with Facebook (AKA Meta), Whatsapp’s owner, or authorities.
However, this has turned out to not be the case.
Indeed, Whatsapp’s sharing of data with Facebook is evident in the fact it recently became clear that Meta employs more than 1,000 people as “Whatsapp moderators”. These moderators are in charge of reviewing messages that have been flagged as inappropriate, meaning that employees are being given access to data and messages that were previously believed to be private.
How does this work?
Well, essentially, Whatsapp users are provided with a feature that allows them to flag specific messages they’ve received as inappropriate. As soon as this happens, the message in question, along with a few previous messages from the thread, are sent off to the moderation team and a human moderator reviews the data in plaintext to determine whether or not the flag was warranted.
The burning question, at this point, is how on earth this is possible if Whatsapp is actually using end-to-end encryption, and the answer is that it actually is possible – they’ve just created a loophole.
For the system to work, recipients need to flag the messages in question, and at the point at which this happens, the data has already been decrypted. Thus, the data that is sent off to human moderators is done so in plaintext, free for anyone to read.
While this certainly does conflict with what most people believed to be true about Whatsapp’s privacy regulations, it doesn’t mean that data isn’t end-to-end encrypted.
Essentially, the data is very much end-to-end encrypted and there’s no reason to doubt that process in particular. However, the problem is the fact that the use of end-to-end encryption tends to imply that data is kept completely private and secure, while Whatsapp was “breaching” this privacy outside of the end-to-end encryption process.
Thus, while Whatsapp and Meta weren’t lying about the encryption methods being employed, many users are unhappy with the fact that they feel like they’ve been duped – intentionally misled under the guise of absolute privacy.
Do Human Moderators Matter?
Having humans moderating messages and looking out for harmful criminal content as a result of messages being flagged is one thing, but this slightly sneaky move on behalf of Whatsapp has led many to question other possibilities, including whether or not there are any automated (or “non-manual”) ways to collect user data.
As of yet, there doesn’t seem to be any evidence of this, however, a growing concern is that there also doesn’t seem to be any particular technical reason why this isn’t possible.
Overall, a large part of the privacy that end-to-end encryption relies on the security and encryption at each specific endpoint in itself.
And, in the case of a mobile messaging app like Whatsapp, endpoints (that is, users) can choose to share previously protected data, and with this very real possibility, the chances of random messages (as opposed to flagged messages) being reviewed and stored becomes possible.
Indeed, it certainly seems concerning that Whatsapp has been using a surreptitious method of moderation while most users have been under the impression that their messages, both sent and received, were totally private.
For now, it remains to be seen what Whatsapp will choose to do in this regard going forward.
