Why WhatsApp (and Telegram) messages are not really private?
End-to-end encryption is not everything!
Yes, WhatsApp implements E2E using the Signal Protocol:
The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for instant messaging conversations.
End-to-end encryption ensures that your message is turned into a secret message by its original sender, then only decoded by its final recipient.
So now you may think chatting in WhatsApp is completely private.
No, sadly it's not.
Why Metadata Matters
Metadata is all the information about a message except for the content of the message: you could describe them as “activity records”
Some examples of metadata are: sender, recipient, time sent, and sender location.
WhatsApp will still keep records of its users’ metadata.
This means that even though the contents of a message cannot be accessed by anyone including WhatsApp itself, the phone numbers involved in the exchange, as well as the timestamps on the messages, are still being stored on the company’s servers.
This means that if a court orders WhatsApp to share all the info it has on a particular user, the amount of metadata the company would be handing over would most likely be sufficient to create a profile and draw some strong conclusions.
So WhatsApp don't know what you texted someone but it knows whom you talked with and when.
Facebook bought Whatsapp.
Combining your WhatsApp metadata with your Facebook, they can create your more accurate profile.
And then it could proceed to serve you some targeted ads with a side of invasion of privacy.
Really interesting this post by Bertrand Le Roy:
WhatsApp communication are end-to-end encrypted, right?
Well, yes, but it still leaks confidential information. Here's an interesting story that happened to me this morning…This morning, I was chatting with my friend @morrisonbrett on WhatsApp about laptops. He was telling me how he was excited about the new Dell he bought, and I told him how much I liked the one I got recently.
Anyway, just some random chatting as friends do, not anyone else's business, especially advertisers, which is why that conversation was had on WhatsApp, given that it's encrypted. Right? Right?
Well, think again. Almost immediately after that, I started getting exclusively Dell XPS ads on YouTube. WTAFF? How is that possible? Also, why would the Facebook-owned, fully encrypted app give confidential information to the competition?
Finally, Telegram records essentially the same metadata as whatsapp, but there seems to be no evidence that these data are being sold to third parties or used for commercial purposes.
So what?
It's simple, choose a more secure messenger service!
In my opinion, there are some features one can look out for when choosing a messenger:
- End-to-end Encryption
Already addressed above: means that only you and the person you send your message to can read the message content. - OpenSource
If the source code of the application is available to read, it allows those with the time and knowledge to verify it is secure. - Required registration information
Where a phone number is required, achieving anonymity will be hard because phone number is usually linked to your real identity. - Collected Metadata
If your threat model is focused on privacy, it may be important to ensure certain metadata is not recorded. - P2P communications
Peer-to-Peer allows your messages go directly to your contacts device, and that there is no third party (servers) involved that could collec your metadata.
So, based on these factors, I can suggest some alternatives: as you can see, there is no perfect solution.
Signal
Signal is an open source messenger.
It provides privacy by end-to-end encrypting messages and calls.
However, since Signal requires a phone number to register it is not anonymous, but it records only you last logged into their server. Furthermore, it doesn’t record the hour, minute, or second — only the day - of sent messages.
Briar
Briar is an end to end encrypted messenger which utilizes the Tor network to stay anonymous.
Briar works as a peer-to-peer messenger inside Tor so your metadata and message content are protected.
However, due Briar’s peer-to-peer nature, both parties must be online at the same time to send messages, which harms it's usability.
Riot.im
Riot.im is a decentralized messenger that rely on the Matrix protocol, a open protocol supporting E2E encryption.
It doesn't need telephone number or email in order to register, so it can be anonymous, but collected metadata like the room name, room picture, list of members and all 'events' are NOT encrypted, and even worse can be shared with other servers due to federation.
Finally, you can find a very good analysis on ThinkPrivacy, on section "Messaging":
