WhatsApp said on Friday it would give its twothe option to encrypt their chat backups to the cloud, taking a significant step to put a lid on one of the tricky ways private communication between individuals on the app can be compromised. The Facebook-owned service has had end-to-end for over a decade. But users have had no option but to store their chat backup to their cloud — iCloud on iPhones and on Android — in an unencrypted format.
Tapping these unencrypted WhatsApp chat backups on Google and Apple servers is one of the widely known waysagencies across the globe have for years been able to access WhatsApp chats of suspect individuals. Now it is patching this weak link in the system. “WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a tough technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” said Facebook’s chief executive Mark Zuckerberg in a post .
Store your encryption keys.
WhatsApp says it will offer users two ways to encrypt their cloud backups; the feature is optional. The company said it devised a system enabling password manager of their choice or create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed. The cloud-stored encryption key can’t be used without the user’s password, which WhatsApp doesn’t know.on Android and iOS to lock their chat backups with encryption keys. In the “coming weeks,” an option to generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a
“We know that some will prefer the 64-digit encryption key, whereas others wantthey can easily remember so we will be including both options. It is not known to us once a user sets their backup password. They can reset it on their original device if they forget it,” WhatsApp said. “For the 64-digit key, we will notify users multiple times when they sign up for end-to-end encrypted backups that if they lose their 64-digit key, we will not be able to restore their backup and that they should write it down. Before the setup is complete, we’ll to affirm that they’ve saved their password or 64-digit encryption key.” A that the last backup copies would be deleted once an encrypted backup is created. “This will happen automatically, and there is no action that a user will need to take,” the spokesperson added.
Potential regulatory pushback?
The move to introduce this added privacy layer is significant and could have far-reaching implications. End-to-end encryption remains a thorny topic of discussion as governments continue to lobby for backdoors. After the FBI complained, Apple was pressured not to add encryption to iCloud Backups. While Google has allowed users to encrypt their data in Google Drive, the company allegedly didn’tgovernments before it rolled out the feature.
When asked by live more online, we believe companies should enhance the security they provide their users. By releasing this feature, we are allowing our users to add this additional layer of security for their backups if they’d like to. We’re excited to give our users a meaningful advancement in the safety of their messages,” the company told TechCrunch., had consulted with government bodies — or if it had received their support — during the development process of this feature, the company declined to discuss any such conversations. “People’s messages are deeply personal, and as we
Rate, Friday’s announcement comes days after ProPublica reported that private end-to-end encrypted conversations between two users could be read by human contractors when users write messages. WhatsApp is uncommon for companies to withholdfor legal and regulatory reasons. For instance, the Applepcoming encrypted browsing to users in specific authoritarian regimes, such as China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda, and the Philippines. WhatsApp, they were also confirmed that it would be rolling out this optional feature in every market where its app is operational.
“Making backups fully encrypted is hard, and making it reliable and simple enough for people to use is tough. No other messaging service at this scale has done this and provided this level of security for people’s messages,” Uzma Barlaskar, product lead for privacy at WhatsApp, told TechCrunch. “We’ve been working on this problem for many , and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems, and that took time.”