WhatsApp Censors User Messages, End-to-End Encryption Cannot Be Verified?
WhatsApp often boasts of using end-to-end encryption technology to protect user messages, but a recent report shows that Facebook does censor WhatsApp content, and the company’s CEO, Mark Zuckerberg, did not tell the truth to the U.S. Senate.
In 2016, Facebook announced to use of end-to-end encryption for all communications on WhatsApp. And this move turned out to be one of the best strategies employed by WhatsApp to retain its existing users. End-to-end encryption means that the information transmitted by users is absolutely private. Only the sender and receiver can decrypt and view it. Neither Facebook staff nor other third parties can peek.
However, a recent report from ProPublica said Facebook hires more than 1,000 contract workers to censor millions of private messages, images, and videos of WhatsApp users. These workers use special Facebook software to review the content reported by WhatsApp users that “include predefined keywords typically used in sextortion/blackmail messages.”
In testimony to the U.S. Senate in 2018, Zuckerberg had said, “We don’t see any of the content in WhatsApp.”
The report also said a confidential whistleblower complaint, which was filed in 2020 with the U.S. Securities and Exchange Commission, details WhatsApp’s extensive use of outside contractors, artificial intelligence systems, and account information to examine user messages, images, and videos. It alleged that the company’s claims of protecting users’ privacy are false.
It’s not the first time WhatsApp is being pointed out as having security issues.
In fact, as early as 2017, a study by Rösler, Mainka, and Schwenk found that the end-to-end encryption of WhatsApp group chat had a “backdoor”. Anyone with access to the server, such as staff or government officials, can add new members to a private group without permission of its admin members and then access the keys shared by the phone of every member to read all decrypted messages.
WhatsApp’s end-to-end encryption is based on Signal Protocol developed by Open Whisper Systems. End-to-end encryption takes place at the application layer that protects the content of messages in a group chat.
Changes to the group occur at the transport layer. The information regarding changes to the group, like adding a new member or removing an existing one, is not end-to-end encrypted.
From WhatsApp security issues, we can point out 2 questions:
- Is a software security design reliable, and will there be loopholes in itself?
The Facebook company leaves a backdoor in the encryption design of WhatsApp group chat; whether intentionally or accidentally, it does pose a threat to user data security.
With this backdoor, Facebook employees can spy on user data and may even give it to government agencies. Even if the Facebook company does not be evil, then what if their servers are hacked?
September 2018, Facebook Security Breach Exposes Accounts of 50 Million Users
July 2021, Facebook reportedly fired 52 employees who were caught spying on users
- Does developers keep their words, and can users trust what they say?
Facebook has repeatedly boasted that WhatsApp uses end-to-end encryption technology to protect user messages, and Zuckerberg has always insisted that “we can’t see any content”, but all of these were found to be lying in the end.
You need to know that apps may not work really as their developers claim, even for well-known big companies.
August 2018, Google records your location even when you tell it not to
February 2021, Amazon Admits Alexa Saves Your Conversations — Even After They’re ‘Deleted’
Data security has become an important issue that everyone should care about. As a manufacturer, in addition to improving product security and treating users sincerely, it is also necessary to make the technologies as transparent as possible. While as a user, shouldn’t blindly trust developers’ claim, but try to figure out how the apps work and learn more about how to protect your data.