Growing up in Soviet Ukraine in the 1980s, Whatsapp founder Jan Koum learned to distrust the government and detest its surveillance. After he emigrated to the U.S. and created his ultra-popular messaging system decades later, he vowed that Whatsapp would never make eavesdropping easy for anyone. Now, Whatsapp is following through on that anti-snooping promise at an unprecedented scale.
On Tuesday, Whatsapp announced that it’s implementing end-to-end encryption, an upgrade to its privacy protections that makes it nearly impossible for anyone to read users’ messages—even the company itself. Whatsapp will integrate the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device. The result is practically uncrackable encryption for hundreds of millions of phones and tablets that have Whatsapp installed—by some measures the world’s largest-ever implementation of this standard of encryption in a messaging service.
“Whatsapp is integrating Textsecure into the most popular messaging app in the world, where people exchange billions of messages a day,” says Moxie Marlinspike, Open Whisper System’s creator and a well known software developer in the cryptography community. “I do think this is the largest deployment of end-to-end encryption ever.”
Textsecure has actually already been quietly encrypting Whatsapp messages between Android devices for a week. The new encryption scheme means Whatsapp messages will now travel all the way to the recipients’ device before being decrypted, rather than merely being encrypted between the user’s device and Whatsapp’s server. The change is nearly invisible, though Marlinspike says Whatsapp will soon add a feature to allow users to verify each others’ identities based on their cryptographic key, a defense against man-in-the-middle attacks that intercept conversations. “Ordinary users won’t know the difference,” says Marlinspike. “It’s totally frictionless.”
By Andy Greenberg – Wired.com –