The WhatsApp privacy issue is back, with the Facebook subsidiary saying it will go ahead with its new information-sharing plan with the parent.

A few weeks back, the seemingly powerful social media giant Facebook, which owns WhatsApp (WA), had to shell out big bucks on full-page ads in traditional media to clarify its privacy policies. It had lost a significant number of users, who took to FB’s competitors. This backlash against WA seems to have helped Telegram and Signal. Telegram claims to have gained over 25 million new users prior to the WA media blitz. Signal, created by a breakaway group from WA, is predicted to gain even more.

WA has been a Facebook subsidiary since 2014. It is no more a joke that WA is the last thing a person checks before going to bed and the first thing when waking up. An average individual is on 7-8 WA groups, whether active or passive. Schools have been forming WA groups for students even before 2020. The Covid pandemic has only increased the traffic on WA.

WhatsApp proliferation

While the ease of use and wide reach have been attributed to the proliferation of WA, Indians didn’t have much of a concern for privacy and security aspects — until now, when it said user-data would be shared with Facebook. Indeed, in 2016, WA did an update globally that mandated user data sharing with FB and placing the onus on the users to opt out within 30 days. This went mostly unnoticed.

In essence, WA is just a communication platform turned into a social network. Communication is the essence of humanity and development. Traditional media of print, radio, TV and the Internet have all played their part in the process. Homo sapiens consider themselves superior and more intelligent than other species, but are they really? In cyber-security circles, the saying is “Humans are the weakest link in the entire security chain.”

The question is whether privacy really is breached by WA and other global apps. Even though WA provides some robust security and privacy options, it is actually up to the user to think clearly and start practising the security aspect. Don’t we have a choice to keep our privacy? If not, there is an issue with the app.

A number of recent WA message leaks in the media ever since the controversial death of actor Sushant Singh Rajput and the alleged involvement of some Bollywood actors in the drug-use/peddling has made the average man, woman and some children wonder how secure or private are their conversations in WA. The biggest worry for them is whether someone in a corporate cubicle with sinister or voyeuristic traits is snooping on their private conversations.

From a technology perspective, nobody can possibly read all the messages sent on WA.

The end-to-end encryption that WA has implemented ensures that any communication between two people is encrypted and the Man-In-The-Middle (MITM) breach is impossible. Secure key pairs are exchanged between the sender and the receiver, and it is used for encrypting the entire communication. The basic tenets of cryptography — the integrity, confidentiality and non-repudiation — are followed.

WA cannot snoop into your private messages or calls, nor can Facebook. Whatever you share stays between you and the recipient or the members of the groups you are part of.

Once the message reaches the other party, the end-to-end encryption is over. Thereafter, the messages are in plain text. The responsibility of safeguarding those messages, what cyber security experts call Data-at-Rest, is that of the individual. A security or privacy leak of messages is unlikely from a tech perspective.

It mostly happens on account of human stupidity or errors due to lax security measures.

As most people now know, because of the PR goof up of WA, the messaging app does not provide a native built-in backup for the chats but lets users opt for third-party cloud backups.

Consider this: An iPhone user has iCloud as backup with a relatively easy password. If that account is breached, the stored chats could be leaked if it is of media value. The onus is on the user to avoid this situation by using stronger passwords, with frequent changes.

Dangers of screenshots

A leak can also occur when one of the parties involved in the secure chat takes a screenshot of the chat and shares it.

There is no technology available to disable the screenshot option directly. Even if there is a disable option, someone can take a picture using another device.

A user will never have a control on such a situation as it is dependent on others outside his or her control. Avoiding controversial messaging in groups is the best option.

The third source of leak is possibly from the other party involved in the secure chat. Anyone who has access to their unlocked phone or computer (if they are using desktop version of WA) can take a screenshot of a secure chat and share it. It is always a good practice to have an auto screen lock after five seconds of inactivity (that it will reduce power consumption is a bonus).

The added trouble of using a desktop WA is that malware could be hiding there and unleash havoc. Use of standard anti-malware tools to scan for common infections such as key-loggers, trojans and screen-capture will also help.

So, should apps, like WA, be blamed for the leaks of chats? Or, is the underlying human behaviour the real culprit? Privacy has to be an individual’s choice as long as the tech features of apps are adequate and to global standards.

Of course, things will change dramatically if more Indians, like Europeans, demand stringent regulations, which at this moment looks unlikely. Meanwhile new features of Telegram and Signal will wean some users away from WA for sure.

Muneer is a stakeholder in the Silicon Valley-based deep-tech company Rezonent Corp. Sangameswaran is an US-based cyber security expert

Related Topics
comment COMMENT NOW