WhatsApp says it is rolling out end-to-end encrypted backups for Android and iOS users
WhatsApp has announced that is rolling out end-to-end encrypted backups for users on iOS and Android. The feature was revealed about a month ago, and had been spotted in the beta version of the popular instant messaging app. The Facebook-owned platform says that it is releasing the feature for the stable channel.
The popular IM app uses end-to-end encryption for chats, to secure the messages that you send and receive. If you have been using the app, you are probably using the Chat backup option already. For those of you who don't know, WhatsApp allows you to store a backup of your conversations, including images, videos, etc., on the cloud. On Android you may use Google Drive, and iCloud on iOS as the backup solution.
While that is a useful feature, the cloud backup is not encrypted by the app before it is sent to the server. That means anyone who has access to the contents stored in the cloud, (including your cloud storage provider) will be able to access the content. That's not good for your privacy, and precisely what the latest feature is meant to address.
WhatsApp end-to-end encrypted backups
WhatsApp end-to-end encrypted backups are not enabled by default. Check the official help portal to learn how to enable end-to-end encrypted backups in WhatsApp. I'll save you the trouble. It tells you to navigate to the WhatsApp Settings menu > Chats > Chat Backup, and enable an option called "End-to-end Encrypted Backup".
According to the announcement, you will need to create a password or a 64-bit digital key for enabling the feature. WhatsApp stores the encryption key locally on your phone, and uses it to secure your data before uploading it to the cloud storage service. You cannot recover the password if you lose it, in which case your data will be lost too. Once you enable the option, WhatsApp will start prepping the encrypted copy of your data, and upload it to your Google Drive or iCloud account.
When you try to access the backup, WhatsApp will prompt you to enter the password and use it to decrypt the data.
If you are interested in the technical details, you may want to read this paper. When you set up the encryption password, the key that is created is placed in a "Backup Key Vault", that relies on a component called a hardware security module (HSM). If a user enters the wrong password several times, the HSM will permanently prevent access to the encryption key. This prevents your data from being hacked using brute-force methods.
I don't have the E2EE setting on my phone even though it is the latest version of the app, WhatsApp 2.21.20.21. I remember when WhatsApp Pay was rolled out in my Country, most people I know had it in the app, and only a couple of my friends and I didn't have it, though all of us were on the same build. So, if that is anything to go by, the WhatsApp end-to-end encryption option is probably a server-side update that is being rolled out in phases.
Do you have the end-to-end encrypted backup option in WhatsApp Messenger?
End-to-end encryption does not mean that the algorithm or the implementation does not support a master key for decrypting everything.
Encrypted my a*s…try to break the Law and you will see FBI at your house at no time. lol
For those who trusted Facebook about their communication application being E2EE, time to find out one of the reasons why it was a lie and it was in cleartext online chat storage. I remember Apple playing the same trick.
It was stupid to trust Facebook the first time and it will be stupid again to trust them for announcing that. Assume everything the GAFAM say is a lie.
Use Signal
WhatsApp, the encrypted messenger whose encryption Facebook can break any time they want. Could they make this any more complicated? Is anyone who cares about privacy still using WhatsApp? Do you trust Facebook to not be able to scrape the private key (like no one even knows how to generate one) or backup pwd?
Facebook is global malware; they broke WhatsApp long ago and told everyone they did so this is pointless.
………….therefore?