WhatsApp will finally let users encrypt their chat backups in the cloud
WhatsApp said on Friday it will give its two billion users the option to encrypt their chat backups to the cloud, taking a significant step to put a lid on one of the tricky ways private communication between individuals on the app can be compromised.
The Facebook-owned service has end-to-end encrypted chats between users for more than a decade. But users have had no option but to store their chat backup to their cloud — iCloud on iPhones and Google Drive on Android — in an unencrypted format.
Tapping these unencrypted WhatsApp chat backups on Google and Apple servers is one of the widely known ways law enforcement agencies across the globe have for years been able to access WhatsApp chats of suspect individuals.
Now WhatsApp says it is patching this weak link in the system.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” said Facebook’s chief executive Mark Zuckerberg in a post announcing the new feature.
Store your own encryption keys
The company said it has devised a system to enable WhatsApp users on Android and iOS to lock their chat backups with encryption keys. WhatsApp says it will offer users two ways to encrypt their cloud backups, and the feature is optional.
In the “coming weeks,” users on WhatsApp will see an option to generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed. The cloud-stored encryption key can’t be used without the user’s password, which isn’t known by WhatsApp.
“We know that some will prefer the 64-digit encryption key whereas others want something they can easily remember, so we will be including both options. Once a user sets their backup password, it is not known to us. They can reset it on their original device if they forget it,” WhatsApp said.
“For the 64-digit key, we will notify users multiple times when they sign up for end-to-end encrypted backups that if they lose their 64-digit key, we will not be able to restore their backup and that they should write it down. Before the setup is complete, we’ll ask users to affirm that they’ve saved their password or 64-digit encryption key.”
A WhatsApp spokesperson told TechCrunch that once an encrypted backup is created, previous copies of the backup will be deleted. “This will happen automatically and there is no action that a user will need to take,” the spokesperson added.
Potential regulatory pushback?
The move to introduce this added layer of privacy is significant and one that could have far-reaching implications.
End-to-end encryption remains a thorny topic of discussion as governments continue to lobby for backdoors. Apple was reportedly pressured to not add encryption to iCloud Backups after the FBI complained, and while Google has offered users the ability to encrypt their data stored in Google Drive, the company allegedly didn’t tell governments before it rolled out the feature.
When asked by TechCrunch whether WhatsApp, or its parent firm Facebook, had consulted with government bodies — or if it had received their support — during the development process of this feature, the company declined to discuss any such conversations.
“People’s messages are deeply personal and as we live more of our lives online, we believe companies should enhance the security they provide their users. By releasing this feature, we are providing our users with the option to add this additional layer of security for their backups if they’d like to, and we’re excited to give our users a meaningful advancement in the safety of their personal messages,” the company told TechCrunch.
WhatsApp also confirmed that it will be rolling out this optional feature in every market where its app is operational. It’s not uncommon for companies to withhold privacy features for legal and regulatory reasons. Apple’s upcoming encrypted browsing feature, for instance, won’t be made available to users in certain authoritarian regimes, such as China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda and the Philippines.
At any rate, Friday’s announcement comes days after ProPublica reported that private end-to-end encrypted conversations between two users can be read by human contractors when messages are reported by users.
“Making backups fully encrypted is really hard and it’s particularly hard to make it reliable and simple enough for people to use. No other messaging service at this scale has done this and provided this level of security for people’s messages,” Uzma Barlaskar, product lead for privacy at WhatsApp, told TechCrunch.
“We’ve been working on this problem for many years, and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems and that took time.”
WhatsApp said on Friday it will give its two billion users the option to encrypt their chat backups to the cloud, taking a significant step to put a lid on one of the tricky ways private communication between individuals on the app can be compromised. The Facebook-owned service has end-to-end…
Recent Posts
- Five ways Trump’s new policies will impact electric vehicles in the US
- Trump Says He Ended the ‘EV Mandate.’ What Does That Mean?
- NYT Strands today — my hints, answers and spangram for Wednesday, January 22 (game #325)
- Trump says he’s open to Musk or Ellison buying TikTok
- Microsoft is letting OpenAI get its own AI compute now
Archives
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011
- August 2010