According to this Intercept article, WhatsApp is vulnerable to “traffic analysis” a technique that “relies on surveying internet traffic at a massive national scale”. It basically works by correlating different data points to be able to guess who’s communicating with whom. The article gives 2 examples:
« In one, a WhatsApp user sends a message to a group, resulting in a burst of data of the exact same size being transmitted to the device of everyone in that group.
Another correlation attack involves measuring the time delay between when WhatsApp messages are sent and received between two parties — enough data, the company believes, “to infer the distance to and possibly the location of each recipient.” »
The article mentions that WhatsApp is not the only IM app that’s vulnerable to this type of attack and links to an article that is discussing a Signal vulnerability related to its sealed sender feature.
So I wanted to know what you think about this? I know that I’m going to get answers like this an attack directed at higher threat models personalities. But it is not. Let’s not forget that over 2 Million Palestinians are being targeted by the IDF using an AI that relies on this WhatsApp vulnerability. At this scale, I don’t think we can just disregard it as a risk only relevant to high threat models.
Unfortunately, this is a well known and still basically unsolved problem with low latency communications. It’s the same reason Tor can’t defend against global adversaries.
If your adversary is able to monitor both your internet connection and the internet connection of who you’re messaging in real time, using any instant messenger will be problematic.
I don’t know of any messengers which defend against this with things like randomized delays off the top of my head. SimpleX is considering it, but if it’s optional then using that feature could possibly make you stick out more, as pointed out in the first article you linked.
Given how indiscriminate the AI tools being used to find targets in Gaza are, I’m not sure there really is a good defense at all. It sounds like they’re just targeting anyone they can, and using AI as an excuse. If the intelligence isn’t legitimate in the first place then… what can be done on the individual’s end?
Probably not, which is why it isn’t included in Tor’s threat model
But with Tor you’d need a worldwide adversary because of the random worldwide routing, which is obviously unlikely. With regular apps like WhatsApp on the other hand, this traffic analysis would be much more easily done by a single ISP or government.
