[6 min read]
Hacking that affects individuals is very widespread. The Pew Research Center reports nearly 2/3 of online Americans have experienced some form of data theft. A total of about 50% of onliners think their personal data are less secure than five years ago (see previous post for other details).
What does “data theft” look like? Pew examined seven types, and found that only two – fraudulent credit charges and stolen tax refunds – entailed direct financial loss. The others involved some less definable harm, such as an attacker getting his hands on social security numbers or login credentials for social media accounts. We call it “compromising” the data.
This amorphous concept of “compromised data” is growing into one of the chief barriers standing in the way of advances in cybersecurity for end-users. It takes what’s already invisible and annoying (see: strong passwords), and adds a hefty dose of abstraction. Exactly when can we say a piece of data has been sufficiently “compromised” to start worrying and take action? What kind of action?
Let’s look at WhatsApp to see how a popular messaging service handles security for a billion users – and how adding security can actually lead to trouble as well as safety.
Last year WhatsApp announced deployment of end-to-end encryption (E2EE) for all messages and media crossing its systems. Their FAQ assures users that everything they send is “secured from falling into the wrong hands” – right from the sender’s device all the way to the recipient’s (hence “end-to-end”). Marketing wants to be reassuring, not to mention emphatic as to why their platform is better than competing platforms.
Is WhatsApp better i.e. more secure? Yes, compared to some options, like text messaging, but not as secure as others (like Signal, the service on which WhatsApp security is based: hold that thought).
The launch of end-to-end encryption created a huge headache for WhatsApp. Controversy flared over whether it had put a “backdoor” in its platform – a chink designed to allow third parties, like law enforcement, to sneak past the encryption. Fortunately, that debate also provides some good talking points on informed decision-making.
For the vast majority, the only information that matters in choosing a messaging service is what their friends use. Secure messaging is a bonus for a tiny fraction of users, such as those at risk from predatory surveillance.
So here’s the question: if a mainstreamer is safer on WhatsApp than e.g. on wireless text messaging, should she worry about understanding what makes it so?
The short-term answer: maybe not. But in the long term, security issues are going to get much worse, thanks to the relentless spread of “smart” devices like refrigerators that tell you to buy milk on the commute home. Not only will the number of incidents increase greatly; they will also result in damage not just to digital data but to our physical world (your home, your car, your nuclear power plant).
Even in the commonplace world of personal messaging, the mere rumors of a WhatsApp “backdoor” show how challenging it is to be informed. Although the rumors were debunked, we can be sure some users dropped WhatsApp, fearing hacking or surveillance. And those who did lost little sleep over why a common Web strategy looked like a deliberate attempt to undermine their security.
It’s possible no one has been harmed by switching. Still, those who opted for a less secure platform to escape the “backdoor” – knowingly or not – made a lousy tradeoff. On the other hand, switching to a really secure platform involves hassles like transmission delays that aren’t worth the effort for everybody.
One of the surprises here is that WhatsApp chose the uncompromising Signal Protocol for its encryption. In implementing Signal, however, WhatsApp decided to do things differently in its handling of undelivered messages. That ploy increased risk slightly for the sake of greater convenience – in keeping with the company’s stated focus on “keeping the product simple.”
This strategy is very common: major platforms try to keep their users safe, while keeping their services simple. It’s a tricky and endless balancing act. “Too much” security annoys users, prompting them to leave or cut corners, potentially making them less secure as a result.
It’s easy to say users would be well advised to understand that more convenience usually means less security. The tough part is recognizing where the tradeoffs come, even as online resources and our needs keep changing.
Activity records: often referred to unhelpfully as “metadata” – transmission data like phone number and location, versus actual message content. WhatsApp encrypts content but not metadata. Is that a problem?
Sharing without hacking: WhatsApp says your information is safe from intruders. It doesn’t say it’s safe from Facebook, which happens to own WhatsApp. How do the risks compare?
- Tobias Boelter sends white-hat report to Facebook (Apr 2016): WhatsApp Retransmission Vulnerability
- Story heats up in the blogoshpere (Jan 2017): Why I told my friends to stop using WhatsApp and Telegram
- Gets picked up by The Guardian (Jan 2017): WhatsApp vulnerability allows snooping on encrypted messages
- Prompting a backlash by a big group of cryptographic experts (Jan 2017): In Response to Guardian’s Irresponsible Reporting on WhatsApp: A Plea for Responsible and Contextualized Reporting on User Security
- The WhatsApp FAQ on End-to-End Encryption
- Info on the all-powerful Signal app and its developer: Open Whisper Systems
- NYT column criticizing Facebook for trying to turn WhatsApp into rival Snapchat and undermining the simplicity that made WhatsApp popular (Facebook acquired WhatsApp in 2014 for $19 billion)