Open Whisper Systems is working in partnership with WhatsApp to implement end to end encryption within the instant messaging app. Which means that messages cannot be intercepted while it is being transferred through all the hops and connections that make the inter-web work. Read more here. This plus the fact that WhatsApp keeps no record of the text which are sent over it’s platform effectively means that WhatsApp might be one of the most privacy respecting applications of our generation (for the time being).
I’d like to believe that the privacy issue stays relevant only with regards to text messages, since other heavy bandwidth media messages (like pictures, videos and the likes) require them to store them somewhere while we (the users) decide whether or not we want to spend our bundles on that particular download. I believe WhatsApp also keeps the media messages “cached” since we have a nick for forwarding most media messages to someone else in our contact list and having the currently demanded items “cached” in the system will reduce the strain on the WhatsApp servers. Which is a plus for performance.
Which brings me to the point of why they haven’t yet developed the encryption for media messages as of yet. Despite the fact that encryption protocol is called TextSecure which might mean it is currently calibrated to handle text I assume it will be more then capable to encrypt multimedia some time in the near future. The caching functionality WhatsApp uses for media messages would have to be extremely altered as the asynchronous key feature, which in simple term means a message would be locked by the sender using a public key uniquely linked to the person receiving the message and that message is only unlock-able by using a secret key which is held by the receiver of the message (meaning the receiver will be the only one able to unlock a message which is locked with them in mind). This means that even when you cache a message it will only be visible to the intended user and so the whole exercise is a wasted computation. It is still manageable though, so it is no biggie.
The asynchronous key feature also has a way to ensure that a message was actually sent by the sender and not a fake trying to post malicious content. Some what like the counter intelligence used during times of conflict and unrest. But I’m not gonna explain that, you are advised to visit your nearest library or Google the matter if you want. I would also like to assume that the encryption system will use randomly assigned keys so the user will not even be aware of the keys and features at all.
One more thing the user is not aware of will be the way WhatsApp implements new features while maintaining compatibility with old versions. This might be superb software engineering development on the part of the kind People at WhatsApp. I call them kind because even though they force us to install a new version of WhatsApp every month or so, they still allow our “first year” free subscription to go over and way beyond it’s first year. I started using it on the 6 June 2013 and it’s telling me that it will expire 06 June 2015. God bless WhatsApp!
You are advised to visit this very blog item next week again to see what I update as I’m too lazy to write anything else about this matter now. Please let me know if any corrections should be made as most of these are just my thoughts at the time.0