When you message someone in WhatsApp for the first time, you’ll see a notification that your messages and conversations are end-to-end encrypted. And that no one can read them further. End-to-end encryption is that, or end-to-end encryption. What does that mean? Jelte explains the significance of end-to-end encryption for WhatsApp users.
What exactly is end-to-end encryption?
End to end encryption (or encryption) means something is encrypted from one end to the other. What is that something? This can be, for example, websites that work with https. It can also be messages in chat programs. That is what we focus on in this blog, and we mainly use WhatsApp.
Encryption on WhatsApp
In WhatsApp you have end-to-end encryption. The moment you send a message, it is encrypted on your phone. Then it goes to the internet, to a WhatsApp server. Then the server sends a message to the other phone. The other person’s phone picks up the message. And then it’s decrypted. This all happens in less than a second. The message is only readable by the sender and receiver. So not by WhatsApp, not by Facebook, not by your provider and not by the government.
How does end-to-end encryption work?
You are using an asynchronous key pair. That means: you have a private key and a public key. When you send a message, you first send that public key. Then you will see the message you see above. If you have a new phone and install WhatsApp, you may not be able to read some messages yet. Because that person hasn’t sent that public key yet. It has not yet been online after you installed WhatsApp. You will then receive a message that you have a message [Wait for this message. It may take a while.] but you can’t read it yet. If that person opens WhatsApp, you have exchanged public keys. The private key is, of course, private.
Example: I send Jelte an app
I’m typing a message to Jelte. There are two locks on it. One lock was locked with my private key. And the other lock is locked with Jelte’s public key. There goes the app -ping- encrypted with two locks. Jelte receives the message. He can open the message by opening the lock with my public key. And the second lock, which I closed with my public key, can be opened by Jelte with my private key. What’s special is that you don’t notice this at all. Not even in speed.
The moment someone intercepts the message, they can only open the lock of mine (which I closed with my private key). But not the other lock, only Jelte can open it. So: what can that person see? Still nothing. Think of a box with two locks, if you got one lock open, the box is not open yet.
Can Jelte see that someone has messed with the lock? This hardly ever happens in WhatsApp, but it does occur with websites. You will then see a message that the certificate is not trusted.
Why is end-to-end encryption important?
You don’t want all kinds of people or organizations to be able to read your messages, do you? So it’s a form of security. This encryption is standard in WhatsApp. But… the question is whether that will remain the case for long. In addition, it is also a protection against hackers. Hackers cannot enter your messages this way. Oh, in group apps, end-to-end encryption doesn’t work.
Can end-to-end encryption be ‘decrypted’?
Can your WhatsApp messages be intercepted? It is undoubtedly possible, because almost anything is possible. But it takes a lot of effort. If you want to hack a random person, it’s a hassle. It almost doesn’t happen.
Check it out for yourself!
If you don’t trust it, you can check yourself if there is someone between you and someone else. It works like this: I’m looking for an app with Jelte. I click on his name and then I see some information about him. If I scroll down a bit, I see: Encryption. There I see a QR code and below that a series of numbers. These numbers must be the same for Jelte and me. They are, so we’re in the right place . But if the numbers differ, something isn’t right – then the traffic is being read. Then it is better not to communicate via WhatsApp. We’ve checked all the info WhatsApp provides on this point, but it doesn’t say anything you can do to fix it. WhatsApp therefore assumes that it is unbreakable.
The Signal chat app works with the same encryption. If you have read the previous blog, you will see that the difference between WhatsApp and Signal is in the metadata that surrounds it.
Telegram: not encrypted
About Telegram: Also a popular chat program. Telegram was created by Pavel Durov, originally a Russian. He does not live in Russia, in fact: he is no longer even allowed to enter Russia by the government. Read more about Pavel Durov . here. He created this chat app with his brother. The headquarters are in Berlin and the company is more German than Russian. The European guidelines also apply to Telegram. But with Telegram, the traffic is not encrypted by default. The server can read it there. A message from me to Telegram is encrypted, and from Telegram to Jelte it is also encrypted. But the message itself is not encrypted. So Telegram’s server can read along with your messages by default. You can start a secret chat in Telegram, then it is encrypted. But not everyone agrees that this encryption is actually good.
Signal and WhatsApp use a widely used protocol that has been tested several times. Telegram has had its own encryption made, by someone who is not an encryptographer. They think it’s very good, it hasn’t been cracked yet. But that doesn’t mean it’s safe. Telegram is fairly in favor of privacy, the server is located in Germany (a very privacy-minded country). So the messages are certainly not just accessible. If you start a secret chat, it is encrypted. And otherwise it can just be read by Telegram.
But Telegram itself says: it is not encrypted, but it is also not readable. So a bit vague. Our conclusion: we are not sure whether Telegram is secure or not.
Government and end-to-end encryption
You regularly hear in the news about end-to-end encryption. The point is: governments want to be able to monitor criminals. But the moment you (read = the government) allow that, you also allow criminals to watch you. If you weaken encryption for the government, then it is easier for criminals to watch. You basically allow a cop to come right in on you all day long. That’s why you unlock the door. But: then a criminal can always enter…
In addition, the government should only legally be allowed to watch if national security is in danger. So don’t mess with this, Grapperhaus and Wray (director FBI)!
And now?
As a user, you can’t do much about end-to-end encryption yourself. It is offered to you or not. It is purely an aspect of safety, which we want to explain.
