Whatsapp’s end to end encryption – what it means to you
Last night (depending on your timezone) you probably saw a Whatsapp notification saying: “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info” and you are wondering what the hell that means to you.
For starters I am a journalist and blogger not an IT guru but I have been using encrypted chats and e-mails for a year now and I hope that I will be able to explain this without having to use unnecessary technical jargon.
What it means
The most simple explanation is that your texts sent through Whatsapp messenger are now safer than ever before.
There are a lot of people and institutions that are interested in your private communication and having an encrypted messaging service ensures that the chances of them getting that info without your approval is reduced.
End to end encryption is by far the most secure form of encryption. It ensures that messages are encrypted the moment you hit the send button on your device (phone). If anyone intercepts your message (receives the message before it gets to the intended recipient) it’s nothing but gibberish to them. The message is decrypted when it reaches the intended recipient’s device and they can read it normally because they have a decryption key (usually an inbuilt process that does not require any other technical effort from you).
Why is encryption important?
To the average internet user encryption is never an important concern but all the same we are once in a while faced with situations when we need to send confidential information without worrying that it might fall in the wrong hands.
The most secure way to ensure that your info is not intercepted is probably a face to face meeting but at times we find ourselves in situations where we need to pass information and do not have the luxury of meeting the recipients in person maybe for our or their personal security reasons or because of the distance between us. In such situations, it is important to know how to communicate securely without having to have technical internet security knowledge.
Before Whatsapp introduced the end to end encryption, it was one of the most susceptible instant messenger when it comes to third party interception. A lot of people have had the information sent through this platform intercepted.
Currently the most unsafe platform is the Facebook messenger but because Whatsapp is now owned by Facebook, the messenger might also just introduce some level of encryption.
(Though I will not talk about it here, as we approach elections in Kenya please learn how to install Virtual Private Networks (VPNs). We might need them in case the government decides to shut down social media like they did in Uganda.)
Other encrypted messaging platforms
- Viber – used to be one of the safest platforms to communicate on. The software offers basic encryption but has successfully been hacked by US Federal security agencies and it is possible that even in Kenya the NIS can intercept communication on this platform.
- Telegram – This used to be one of the safest communication platforms…actually still is. Users can initiate a private chat in which the messages communicated between them become instantly encrypted. The level of encryption on this platform though is still very basic but definitely better than Whatsapp. The only advantage Whatsapp has over Telegram is that you do not need to initiate a private chat, the encryption is on at all times during your chats as long as you are both on the latest version of Whatsapp.
- Cryptocat – This is an open source (meaning not paid for) mobile and desktop application that offers the most secure form of end to end encryption. It is availble for use on iOS, Windows, Mac OS and Linux. Unfortunately the version for Android is still undergoing tests. Word has it that the Cryptocat servers are located inside a decommissioned cold war nuclear bunker in Sweden!
- GMAIL – Gmail offers basic encryption services but you have to be a bit tech savvy. You can Google how to use your “public key” to encrypt your mails.
- Hushmail – When using Hushmail (which is available for free), the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.
- ProtonMail – This is the safest secure e-mail provider. It’s servers are based at the CERN HQ in Switzerlan, that means that user data is protected by the strict Swiss privacy policies. It was developed by CERN and MIT scientists. All emails are secured automatically with end-to-end encryption. This means that even ProtonMail cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties. To use ProtonMail you have to make an application explaining why you need the secure service (without divulging too much details). Your account is normally set up within a week if accepted.
Having explained all that, your secure communication is only secure if the intended recipient understands why they need to remain so. It is utterly pointless to go through all the stress to have a secure communication link just for them to voluntarily hand over this information to third parties. Remember that these tools do not protect you from screen captures as well.
The flip side of having easy to use end to end encryption
While the benefits of these services cannot be overemphasized, we also have to be aware that they create an opportunity for criminal elements and terrorists to communicate freely over the internet.
Follow me on Twitter @IamOminde