Hi,
I need to use WhatsApp on my phone but I don’t want to install the app. So I installed it on an Android VM on my PC, and created an account. Then I connected it to my phone using this WhatsApp Web To Go - Mobile Client for WhatsApp We | F-Droid - Free and Open Source Android App Repository . A half a minute later my account was suspended.
Does anyone know if it has to do with the app or of a better solution for my issue?
Thanks!
How does this sort of service effect the E2E encryption of Whatsapp?
The server that runs the bridge becomes one of the two ends in “E2EE”.
Good to know. So between Whatsapp (the other peron’s Whatsapp client?) and the bridge it is E2E encrypted using Whatsapp’s encryption (signal protocol), It is decrypted by the bridge and than re-encrypted with Matrix’s encryption between the bridge and the matrix client?
Whether it is encrypted between the bridge and Matrix client depends on the bridge implementation. It might also be unencrypted. But yes, between the bridge and the other person’s WhatsApp client it is the regular E2EE used by WhatsApp.
Now that is the state today. Potentially if WhatsApp would use an encryption method compatible with the protocol used by the bridge (Matrix in this example), then there would be no need for the bridge to have the ability to decrypt. That’s why RFC 9420: The Messaging Layer Security (MLS) Protocol might become interesting, especially if certain regions were to force encryption compatibility by law.
This is my hope (possibly in a few years if the EU forces Apple, Meta, et al to open up their messaging services. However based on the little info I have, I doubt that if this were to happen, Meta would switch to Matrix’s encryption, since they already use Signal’s which seems to be the emerging standard (Signal, Whatsapp, Google RCS, Skype and I believe the not-yet-fully-implemented e2ee chat in Instagram and Facebook all make use of Signal Protocol under the hood, Twitter has expressed an interest in Signal as well).
I’ve been using the WhatsApp Web To Go app for about a year - not heavily, most of the time it’s just not running - and not had any problems. If I understand correctly, it’s just a nice wrapper around WhatsApp’s own web interface, so I don’t see why they should object to it being used on your account. I’m sure they can detect the wrapper somehow rather than the site being accessed in a regular web browser on a PC as they probably intended (just check User-Agent?), but unless they’re just trying to force you to use the proper WhatsApp app, I see no reason they should care. (Even then, wouldn’t they be better just stopping their web interface working if they detect the app, rather than suspending your account? If your account is suspended you aren’t going to be bothering to install their app “properly”.)
If I had to guess I’d suggest running the WhatsApp app on an Android VM on your PC is what raised red flags at their end. As for a better solution - do you have an old mobile you could dedicate to running just the WhatsApp app, instead of using an Android VM on your PC? That’s what I’m doing. The phone with WhatsApp on doesn’t have the SIM with the WhatsApp number in any more either and it doesn’t seem to matter. (I still have that SIM in another phone and can enter any code they text me to prove I control the number, not that this has happened.)
Do they store your messages? I think the puppeteer-ing config has a flag for not storing the bridged messages.
so it’s affected.
I not sure I understand, if it’s e2e it means the message is encrypted before it leaves the device but if it is the bridge that encrypt the message then it’s not e2e.
I have a contact who does this with iMessage. Personally, I don’t like it. When I use an encrypted platform with someone I’m trusting the network it’s on and the recipient. Not a middleman they’ve inserted in-between without telling me.
I don’t use Whatsapp, but if I did I would prefer that using an unsecured circumvention would cause you to be removed from the network. Or, at a minimum, some kind of notification to me that messages to you are insecure.
That’s what I thought so the problem is that the bridge is a middle man who can read your messages and you have to trust it.
That is not the same using only Whatsapp and I would not recommend it.
As I said earlier, the problem is you as the sender are aware of all this. The remote party is not.
The message IS NOT encrypted from end to end.
WhatsApp is terrible for privacy because it’s owned by facebook which collects dozens of your metadata
I’m sure everyone here is aware of this by now, but sometimes there are no options
WhatsApp tends to quickly ban new accounts if they start their activity by talking to people not in their contacts, or if they register in a VM instead of a physical device, or if they use VoIP numbers, or any combination of those things. They do it for preventing spam.
I doubt using the web wrapper had anything to do with your ban. I’d bet they banned you because you had a new WhatsApp account signed into the app running in a VM and because you started conversations with people outside your contacts (probably because you never shared your contact list with WhatsApp.
Again, I don’t think these measures are there to force people to use the app. Their business is in the sweet sweet metadata hoarding and network effect to lure more victims into their scheme.