Tech

WhatsApp “end-to-end encrypted” messages aren’t that private after all

WhatsApp logo

Enlarge / The security of Facebook’s popular messaging app leaves several rather important devils in its details. (credit: WhatsApp)

Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform’s privacy claims. The service famously offers “end-to-end encryption,” which most users interpret as meaning that Facebook, WhatsApp’s owner since 2014, can neither read messages itself nor forward them to law enforcement.

This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as “improper.”

End-to-end encryption—but what’s an “end”?

This snippet from WhatsApp's <a href="https://faq.whatsapp.com/general/security-and-privacy/end-to-end-encryption/">security and privacy</a> page seems easy to misinterpret.

This snippet from WhatsApp’s security and privacy page seems easy to misinterpret. (credit: Jim Salter)

The loophole in WhatsApp’s end-to-end encryption is simple: the recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient’s device and sent as a separate message to Facebook for review.

Read 14 remaining paragraphs | Comments