How secure is WhatsApp E2EE?

When they said the messages are encrypted, how real is? I don’t use whatsapp anymore but i want to know more about that, thanks a lot!

There was a blog a few years back indicating that WhatsApp moved to the Signal protocol. Aside from this, anyone can use mitmproxy to verify that whatever’s being sent is truly encrypted: Signal >> Blog >> WhatsApp's Signal Protocol integration is now complete

2 Likes
  • … unlike in Signal where this is actually done well.

Just felt that this remark was needed due to the mention of the Signal protocol above.

3 Likes
5 Likes

One more comment: E2EE for chat backups is an optional (opt-in) feature. Unless ALL parties in a chat have it enabled, the backup of that chat can be theoretically accessed by Google, Apple, governments etc.

3 Likes

Exactly. And some other services (e.g. Viber) don’t even have an option for encrypted backup. So no matter how you are handling backups, other side can give Google their chats with you unencrypted. And from there, anything is possible :smiley:

This is a valid thing to be aware of and take seriously. But I think saying it “breaks” E2EE is to strong. As much as I distrust meta, in this specific instance it seems like somewhat reasonable compromise, that doesn’t actually fundamentally change things.

This approach seems somewhat aligned with the limitations of private conversations in the non-digital world . A private note discretely passed between 2 people is private, unless one of those two people shares the content of that note with someone else. That is a fundamental limitation of private conversations whether online or offline, you rely on the other party to keep what you said in confidence and they rely on you for the same.

Maybe there is something I am not seeing, but It seems to me that the Whatsapp approach is inline with this. Whether Signal or Whatsapp, or in person conversation, if you tell me a secret, you must rely on me not to share that secret, there is nothing stopping me from sharing it. Meta has made it a little easier to do what was already possible (‘flagging a whatsapp message’ is a bit more convenient than screenshotting a signal or whatsapp message, but it is still an action on the users part (i.e. the other ‘end’ of the E2EE communication), and it isn’t a totally new threat vector).

We must remember Meta is hated for many reasons, not just privacy invasion. Meta is equally or more hated for amplifying or at least allowing and profiting from the spread of misinformation, hate speech, etc, and an in extreme cases enabling genocide. *

My read of this policy is that it is an attempt to address these concerns in Whatsapp (either in good faith, or to placate critics), at a somewhat minor cost to privacy (the biggest privacy costs to using Whatsapp in my opinion are sharing your contacts and metadata, and that the 2 ‘endpoints’ of the e2e tunnel are proprietary untrustworthy apps from an untrustworthy company).

You are right that the risk grows the larger the group chat is, but then I think that applies to real life as well, if you tell your best friend a secret you can have moderate confidence that they won’t tell anyone or will only tell their significant other, if you tell that same secret to a group of your 100 closest friends, you can be pretty sure that secret won’t stay secret. I think the same applies to group chats online.

Whatsapp deploys hundreds of moderators who inspect reported Messages. Just another points to consider.

2 Likes

In this case, it’s not an E2EE anymore, as a ton of people can also read your messages regardless of your encryption key.

1 Like

That is a misunderstanding. E2EE relies on your encryption key, and the other person’s encryption key.

Moderation on Whatsapp can only occur if you or the other person report a message. Whatsapp has no visibility to your conversation. The way it works, is if one of the two of you report a message, that message is copied (along with the 4 messages preceding it, so 5 total) and those copies are shared with Whatsapp.

In simple terms, the only the content of your communication is visible to Whatsapp is if one of the two of you explicitly shares it with Whatsapp (by flagging it).

I think this paragraph from the article @jonah linked to (which I encourage you to read, its a good overview of the limitations of Whatsapp’s e2ee) sums it up well:

Although nothing indicates that Facebook currently collects user messages without manual intervention by the recipient, it’s worth pointing out that there is no technical reason it could not do so. The security of “end-to-end” encryption depends on the endpoints themselves—and in the case of a mobile messaging application, that includes the application and its users.

I think this is not relevant in the context of E2EE. The issue arises when I can’t be so sure that the review team only do the review, not also monitoring users messages. The power to adjudicate this shouldn’t belong to the system/people hired by the system that’s promised E2EE.

think this is not relevant in the context of E2EE.

I think you may be misunderstanding the scope of protection END to END encryption provides on its own. My understanding is e2ee applies between 2 endpoints which in this case is between 2 untrusted Whatsapp Apps. E2EE on it’s own does not indicate privacy outside of this, especially when using untrusted proprietary apps from Meta. The flagging system doesn’t seem to introduce any new risks, the risks were already present (one reason why using Open Source apps from reputable developers is so important)

As an example, If you send someone something that they find distasteful or immoral that they wish to report:

  • Via Whatsapp: the other person could “flag” that message, the app will copy the flagged message and the 4 before it, and copy those messages on device, and send them off for moderation. This is still e2ee, remember, the app is the endpoint, e2ee gives you no gaurantees about the trustworthiness of the app or the person using the app, it applies between endpoints
  • Via Whatsapps before this new system, or other e2ee channels: the other person could just screenshot or copy/paste the message they find objectionable and send it to whatsapp’s anti-abuse dept or to law enforcement or post it online publicly.

The issue arises when I can’t be so sure that the review team only do the review, not also monitoring users messages.

This is a very valid fear, but that fear exists regardless of whether there is some system of moderation in place or not and regardless of whether the comms channel is e2ee or not. Because the capability is always there, and you have no easy way to verify since both endpoints (the apps) are untrusted proprietary apps.

This is why it is important to not just have E2EE , but to TRUST both endpoints and trust the person you are communicating with. A service can be both E2EE and still be anti-privacy/untrustworthy (which is the case with Whatsapp I think).

Basically, the TL;DR of what I am trying to articulate is a channel of communication being E2EE doesn’t eliminate your need to also trust the endpoints, and trust the other person.

edit: and just in case it isn’t clear. We agree (1) Whatsapp is bad and untrustworthy (2) Meta is untrustworthy (3) Whatsapp’s privacy is insufficient even with e2ee.

1 Like

The credibility of the endpoints is not relevant to E2EE a bit, as that’s on the users’ responsibility, not on the protocol/encryption. The other end might capture the screenshot of your messages to the police, to publish online, or for whatever reason is another point entirely. If anything, E2EE is not related to trust in any way.

If E2EE works, your messages should be protected by your key unless you accept someone else into your session as recipients. That’s why it’s called end-to-end encryption - only the intended recipients can read your messages. If WhatsApp’s E2EE lets other people than your intended recipients to view your messages without your consent, it’s not E2EE or its E2EE is implemented in a broken way.

First, we need to separate the trusting matter from a zero-trust system like E2EE. We’re not talking about should or can we trust WhatsApp, we’re talking about whether their E2EE is secure. Apparently, there’s a team ready to view your messages without your consent, encryption or not, that is definitely not secure :joy:

1 Like

^ This is the point I am trying to make too. It seems we are misunderstanding one another.

E2EE reduces the need to trust anything between the 2 endpoints. But you must still trust the endpoints themselves and the other person. I think you and I and Whatsapp agree on all of that. Whatsapp’s mechanism relies on the other person having access, not on having access themselves.

If WhatsApp’s E2EE lets other people than your intended recipients to view your [chat] without your consent, it’s not E2EE

It doesn’t. I Really think you need to read the article Jonah linked before we continue. Because I think you are fundamentally misunderstanding the details of the situation described. (I’ll go back and read it again as well, as maybe it is me who misunderstood something).

If E2EE works, your messages should be protected by your key unless you accept someone else into your session as recipients**. That’s why it’s called end-to-end encryption - only the intended recipients can read your messages.

Exactly. And this (bolded part) is the mechanism Whatsapp uses to allow reporting/review without breaking e2ee, and why I see it as separate to the E2EE.

My understanding is Whatsapp is never granted any access to your E2EE encrypted comms channel or message history. That is between you and the the person you are communicating with.

What Whatsapp seems to be doing is allowing either you or the other person to ‘flag a message’, (I think that word “flag” is probably what is giving you the wrong impression). I think that word gives the wrong impression. Based on the article what I understand to occur when you “flag” a message, is that you (the user) are instructing the app to locally copy the flagged message and 4 before it, then send off those 5 messages to Meta for review. You’ve copied and forwarded messages, you have not given Meta access to your E2EE comms channel.

This is a user decision, that doesn’t grant Meta employees or anyone else access to the encrypted channel, you as the user, have just chosen to forward copies of specific messages outside of that confidential e2ee channel to Whatsapp reviewers.

3 Likes

This is not relevant to E2EE either, as the forward messages should belong to the session of the one who forwarded it, not yours, thus couldn’t be used against you. But if it can be used against you, that means WhatsApp knows and is able to prove that the forward messages were from your session, which means they should be able to read your session without your consent through a broken E2EE implementation. That’s why your chat on WhatsApp is not private after all.

I think I am not misunderstanding the concept of E2EE :joy:

1 Like

Again. That is the point. That is exactly what I am trying to communicate.

Whatsapp’s mechanism for flagging, is separate from E2EE and does not grant any 3rd party access to your encrypted conversation. As to how it is linked to you specifically, metadata in Whatsapp was never covered by E2EE to begin with (That is one of the biggest (intentional) flaws of Whatsapp’s e2ee) and of course the Whatsapp app itself is in a privileged position. The content of your messages may be protected from Meta, but who you communicate with, when, how frequently, at what times, on what device, etc etc etc, should not be assumed to be protected (this was always true, and is unrelated to anything to do with flagging a messsage.

I think I am not misunderstanding the concept of E2EE :joy:

Please read the article.

3 Likes

literally the third paragraph of the linked article explains what’s going on:

The loophole in WhatsApp’s end-to-end encryption is simple: The recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient’s device and sent as a separate message to Facebook for review.

@xe3 has basically explained the key points of the article and what it means for e2ee in the context of WhatsApp – including the fact that metadata is what would prove the veracity of reported messages

1 Like

How did you know I didn’t read the article?

This article basically saying that your chat is not private on WhatsApp, someone even got caught by that, and the article couldn’t even tell all of what was being used against the user exactly.

I’m OK if you want to argue on my points. But you keep telling me to read the article I already read is kind of disrespectful to me :rage: Please stop telling people to read something you don’t even know for sure if they already read.


That aside. Embedding a ton of metadata in the users messages completely mutes the point of using E2EE in the first place. It’s fair to say that their implementation is broken/useless/not real.


Yes, that’s why I keep saying that is not what E2EE should behave. Moreover, no one knows for sure that’s how it actually works, i.e. only metadata was used against the users, since the app is not open-source, and there’s also AI in the mix.

Yes, in the same article:

Although we don’t know exactly what metadata is present in these PMPs, we do know it’s highly valuable to law enforcement.

In the end, no one knows for sure of what’s going on.

1 Like

Because (from my perspective) you are repeatedly making incorrect assumptions about the flagging system that are clearly and directly addressed in the first couple paragraphs of the article.


One thing that we do all agree on. Whatsapp is a horrible choice for a private communications channel.

3 Likes

How? I wasn’t the one who raised this point. I talked about their broken E2EE implementation in general regardless of the flagging system. Even though it’s said that they used metadata against the users, that’s still not change the fact regarding how E2EE should protect the users’ messages from non-intended recipients.

Yes, 100% agree on this.

1 Like