The Facebook owned communication app WhatsApp came under heat as ProRepublica’s findings in regards to the end to end encrypted chats on WhatsApp being accessed by contractors when required. With much on the plate of Facebook in regards to cases of privacy infringement, they decided to stomp the curb before it could grow into a full fledged case, which is a surprise in itself that it already has not.
Uzma Barlaskar, product leader at Whatsapp, explained the difficulties involved in producing a method to back up the data by encrypting it as per the user’s demands. The scale of the difficulty was determined by the fact that no other company has reached a scale as big as WhatsApp let alone carry out an entire 2 billion user specific encryption system.
She further added that a plethora of solutions were being considered as the problem had existed on their whiteboard for a long time. This specific solution was demanding as they had to create an entirely new framework for both the key and cloud and doing that on a huge scale presents more complications there exist.
Concluding that, Mark Zuckerberg announced in a post regarding the update as WhatsApp being the first in line to do so. The encryption done by WhatsApp would now be activated following two methods, optional to the users. Both the method result in the same level of encryption on the data of the user. The first method is an activated password that allows the user to protect a WhatsApp generated key that would be used to encrypt the chat. This password secured key would be secured in a cloud specifically designed for the key and would only reflect to the password.
The second method is the user generating their own 64 digit code that would be secured on the WhatsApp key cloud unbeknownst to the company. To back up the claim of zero intrusion with passwords and keys, WhatsApp would be provided with multiple warnings that loss of either of the two would result in no provision of any sort for backup, confirming, at least on a superficial level that WhatsApp or government agencies could not snoop around our chats.
Another important factor to be noted is that, once the passwords and keys are set in place, all previous backups will be removed. However, with its cons, this is a big step for users to take and from WhatsApp as well. Providing a path to complete transparency and privacy.
Read next: WhatsApp Tests A Feature That Allows Users To Delete Chats Across All Devices (Handy For Those Who Use Multi-Device Option)
Uzma Barlaskar, product leader at Whatsapp, explained the difficulties involved in producing a method to back up the data by encrypting it as per the user’s demands. The scale of the difficulty was determined by the fact that no other company has reached a scale as big as WhatsApp let alone carry out an entire 2 billion user specific encryption system.
She further added that a plethora of solutions were being considered as the problem had existed on their whiteboard for a long time. This specific solution was demanding as they had to create an entirely new framework for both the key and cloud and doing that on a huge scale presents more complications there exist.
Concluding that, Mark Zuckerberg announced in a post regarding the update as WhatsApp being the first in line to do so. The encryption done by WhatsApp would now be activated following two methods, optional to the users. Both the method result in the same level of encryption on the data of the user. The first method is an activated password that allows the user to protect a WhatsApp generated key that would be used to encrypt the chat. This password secured key would be secured in a cloud specifically designed for the key and would only reflect to the password.
The second method is the user generating their own 64 digit code that would be secured on the WhatsApp key cloud unbeknownst to the company. To back up the claim of zero intrusion with passwords and keys, WhatsApp would be provided with multiple warnings that loss of either of the two would result in no provision of any sort for backup, confirming, at least on a superficial level that WhatsApp or government agencies could not snoop around our chats.
Another important factor to be noted is that, once the passwords and keys are set in place, all previous backups will be removed. However, with its cons, this is a big step for users to take and from WhatsApp as well. Providing a path to complete transparency and privacy.
Read next: WhatsApp Tests A Feature That Allows Users To Delete Chats Across All Devices (Handy For Those Who Use Multi-Device Option)