It may be hilarious when you see a meme like that turn up every time there’s a debate about privacy and how it’s being encroached online, but things get a lot more serious when that feeling finally hits you with full force… that Orwellian feeling telling you that:
Whatsapp, one of the most popular communication apps, with more than a billion users around the world, recently rolled out an ‘end-to-end encryption’ feature that will be applied by default on every host device after they are updated next. While most of us were happy about the fact that our texts and calls on Whatsapp would now be ‘shrouded’, there still isn’t much explanation about what the feature actually is and how it does what it claims.
So let’s decrypt this encrypted tech mystery!
What is end-to-end encryption?
End-to-end encryption is a very powerful feature that basically codes your messages. When you send a text to a friend, it gets scrambled (and hence encrypted) on its way and can only be decoded on the recipient’s device. The same algorithm applies for sharing files and making calls. The benefit of such scrambling is that it keeps your chats and calls protected against unwelcome acts of privacy breaching by a third party.
What this basically means is that the conversation you’re having with your friends/relatives is read only by them and no one else; not by Whatsapp, not by your service provider, not by your haters, and not even by the government!
How does end-to-end encryption work?
The aim of end-to-end encryption is to code sender’s information (in this case, messages, calls and shared files) in such a way that only the recipient’s device can decode it, making it immune from any external interception. This is achieved by providing only the recipient’s device with the decryption keys that can decode the message sent by the sender. This is where two main types of keys enter the picture of encryption: public keys and private keys.
Public Keys and Private Keys
The term ‘public key’ refers precisely to what it sounds like, only in the world of encryption, it’s a complex code instead of a physical key made of steel. Anyone can generate public keys (and private keys) on their devices. To better understand what I’m talking about, take a look at what public keys and private keys typically look like:
As you can see for yourself, these keys are incredibly complex and almost impossible to make any real sense out of with just a cursory glance. That’s why there are algorithms and systems in place that do the technical toiling for you in the background while you tap away on the screen of your phone.
When you first register yourself with Whatsapp by installing it on your phone, a bunch of Public Keys for your phone are generated and stored on Whatsapp’s server and are then used to encrypt texts that someone sends you. The number of Public Keys assigned to a device can vary for different apps and programs. In the case of Whatsapp, for example, there are three public keys, namely the Identity Key, Signed Pre Key and One-time Pre Key (this one is used only for the first time someone texts you and is then deleted afterwards).
Here’s how you can understand this process in simple words; when someone, say, Sam, sends a message to Emma, Sam’s phone uses the Public Keys of Emma’s phone to encrypt the message and deliver it to Emma. However, the system has to make sure that the message can only be read by Emma (i.e., the intended recipient) and no one else, not even the server that is relaying the message.
This is where Private Keys enter the picture. Every device has a unique private key that is stored on the device and not anywhere else. Therefore, when Sam sends a message to Emma, it is encrypted and transmitted using the Public Keys of Emma and decrypted using the Private Key when it reaches Emma’s phone.
To give a simple analogy, think of how mailboxes (post-boxes) work. Anyone can put their letters into the box (server) through the narrow slot (Public Key), but only the postman, who has a unique key (Private Key), can unlock the box and retrieve all the letters. Encryption on devices works similarly, but they do it using huge chunks of algorithms and codes.
Note that this is just the basic description of how end-to-end encryption works; for an in-depth explanation of how Whatsapp applies this encryption to host devices, check out the Whatsapp Security Whitepaper.
Pros and Cons
In a world where everything from ordering a pizza to sharing highly sensitive documents is done online, there is an urgent, almost desperate need for tools and systems that are able to safeguard one’s privacy. The need becomes even more pressing in the context of apps that we use on a ‘hyper-regular’ basis, such as social media apps and certain communication apps that feature ‘free’ texting and calling.
With all that being said, the end-to-end encryption feature of Whatsapp is undoubtedly a welcome measure for its users, but like everything, it also has its downside. Since this is a technically sophisticated automated feature that encrypts chats and calls on every device, it gives peace-keeping authorities and governments a tough time keeping an eye on anti-social elements and other nefarious activities.
All in all, it’s a useful feature that marks a significant step towards privacy safety on an end-user level; how it’s going to influence society on a global scale is something that we’ll have to keep our eye on.
- WhatsApp Security Paper Analysis / MIT Computer Science and Artificial Intelligence Laboratory