End-to-end Encryption (Messaging)

From SI410
Revision as of 21:19, 9 February 2023 by Benproe (Talk | contribs) (Add WhatsApp summary)

Jump to: navigation, search

End-to-End encryption (E2EE) is quickly being adopted by more messaging applications as users become more conscious of how secure their digital communications become. The cryptography of each application works differently, but the concept of E2EE is similar for each application. When two users begin a conversation on an E2EE application, a private/public key combination is generated; when messages are sent, the message is encrypted using the public key on the senders' device[1]. Now the encrypted packet can be sent to the server to be delivered to the recipient; only when the message reaches the recipient with the correct private key can the message be decrypted and read. Most End-to-End encrypted messaging applications claim that “Messages are end-to-end encrypted. No one outside of this chat, not even [messaging service], can read or listen to them, [2] ” each service has a different privacy policy that fundamentally changes the amount of privacy afforded to the users. There is little clarity given to the consumer on how secure their data is after it has reached the recipient and, for example, how each company deals with violations of their terms of service or if there are governmental requests for the information. This article seeks to provide information to potential users about the fine print contained within the privacy policy of the applications that promise to keep our messages and personal data safe.

Signal

Signal messenger was initially released on iOS in 2014 and Android in 2015 by Open Whisper Systems (OWS) after combining their existing technologies of RedPhone and Text Secure[3] Signal was the first free service to allow users to make end-to-end encrypted calls, something that would have cost ~4¢/minute on the next cheapest service in 2014.

PRivacy Policies

From the outset, Open Whisper Systems was committed to keeping its users' information private and secure. The service was designed so that OWS could only see when a users’ account had been created, the phone number linked to the account, and when they had last connected to the Signal Servers [4] . Signal can offer privacy that other end-to-end encrypted messaging platforms cannot because it is built as an open-source project; collectively built by developers who are concerned about their privacy and will look for bugs and loopholes that are present within the service.

Governmental Pressures

OWS stood firm on their core values, and in October of 2016 when they received their first subpoena for data on one of their users[5] . The Federal Bureau of Investigation subpoenaed Signal for the records of two individuals who were using Signal as their main form of communication to run a crime ring. Signal did comply with the demand for information, but they were very limited in the information that they were able to provide. Signal only collects data on

  1. The phone number used to create the account,
  2. The time that the account was created and,
  3. The last time that the account was connected to the Signal Servers

Creation Of The Signal Technology Foundation

In 2018, Moxie Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Technology Foundation, whose mission is "to support, accelerate, and broaden Signal's mission of making private communication accessible and ubiquitous"[6] . During this time the Signal Foundation continued on their mission of creating a more accessible private communication system by including support for more devices, still at no cost to the end user. As Signal continued to work on building a private communication system, it started to gain more traction, especially during the George Floyd and subsequent Black Lives Matters protests of 2020[7]. Protesters were worried about how the United States government and police forces would react, and they knew that Signal was time tested in not releasing user data. Organizers were concerned about the privacy policies of competing applications like WhatsApp because “WhatsApp is owned by Facebook, so it makes money off of who is talking to whom, when.” In addition to having the most secure privacy policy, Signal has other features that make it popular among people trying to avoid government oversight, like automatically blurring people's faces in photos.

Signal Protocol

The Signal Foundation (Open Whisper Systems at the time) created the Signal Protocol (formerly TextSecure protocol), an open-source, non-federated cryptographic standard used to encrypt all calls and texts within Signal. The signal protocol is constantly being upgraded to allow developers to incorporate more privacy features in the products they create, including sealed sender which encrypts everything except the address the message is supposed to arrive at, further protecting the users. Numerous closed-source applications have adopted the Signal Standard, including WhatsApp[8] , (some of) Google Rich Communication Services[9] , Facebook Messenger (secret conversations only) [10] , and Skype Private Conversations[11] . Despite private companies using the Signal Cryptographic Standard, they can choose how much metadata they wish to encrypt in the packet, allowing companies to collect more data on their users than what Signal does.

WhatsApp

WhatsApp is an encrypted messaging service that is now owned by Meta (parent company of Facebook). WhatsApp was originally launched in February 2009 as a free service that allowed users to share their statuses with friends; the company followed the principle, “No Ads! No Games! No Gimmicks! – Brian Acton”[12]. The service began to be revolutionized when, in June of 2009, Apple added Push Notification functionality to their iOS operating system. WhatsApp utilized push notifications to share with friends when someone’s status was updated, and this quickly turned into a pseudo-messaging service. With this new-found capability, WhatsApp 2.0 was released in August 2009 with the addition of instant messaging. At this point, WhatsApp transitioned to a $1 yearly subscription model to cover the costs of ad-free messaging and SMS verification [13]. The app gained traction with it’s instant messaging service and grew from 10 million monthly active users to 465 million from October 2010 thru February 2014 [14]. In February 2014, Facebook (now Meta) acquired WhatsApp for $19 billionCite error: Invalid <ref> tag; refs with no name must have content. This led to another change in the business model of WhatsApp. The messaging service became freeware, and some user data was shared with their parent company, including account phone number, name, statuses, and profile pictureCite error: Invalid <ref> tag; refs with no name must have content. Once Facebook acquired WhatsApp, monthly active users skyrocketed until February 2016, when the app reached 1.00 billion active users Cite error: Invalid <ref> tag; refs with no name must have content. With more than a billion active users, Facebook decided to fully encrypt the service using the Signal Protocol Cite error: Invalid <ref> tag; refs with no name must have content. This change was due to reports of sensitive information being breached in one-on-one and group chats. In a statement from the WhatsApp when end-to-end encryption was released, they include that “every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats,[15]” however they make no mention of encrypting other information sent between the users’ device and the company.

Privacy Policy

Governmental Pressure

Telegram

Privacy Policy

Governmental Pressure

iMessage

Privacy Policy

Governmental Pressure

References

  1. IBM. (2022). What is encryption? Data Encryption defined. IBM. Retrieved January 24, 2023, from https://www.ibm.com/topics/encryption
  2. WhatsApp Help Center. (2021). About end-to-end encryption: WhatsApp help center. About end-to-end encryption. Retrieved January 24, 2023, from https://faq.whatsapp.com/820124435853543/?locale=en_US
  3. Greenberg, A. (2014, July 29). Your iPhone Can Finally Make Free, Encrypted Calls. Wired. Retrieved January 24, 2023, from https://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/
  4. Delima, D. (2022, July 21). Big Brother: Recent subpoena response reveals exactly how much data Signal collects about you. Hindustan Times. Retrieved January 24, 2023, from https://tech.hindustantimes.com/mobile/news/recent-court-filing-reveals-exactly-how-much-data-signal-collects-about-you-71619595504148.html
  5. Signal Foundation (2016, October 4). Grand jury subpoena for Signal user data, Eastern District of Virginia. Signal. Retrieved January 24, 2023, from https://signal.org/bigbrother/eastern-virginia-grand-jury/
  6. Marlinspike, M. (2018, February 21). Signal Foundation. Signal. Retrieved January 26, 2023, from https://signal.org/blog/signal-foundation/
  7. Nierenberg, A. (2020, June 11). Signal Downloads Are Way Up Since the Protests Began. Retrieved January 26, 2023, from https://signal.org/blog/signal-foundation/
  8. Marlinspike, M. (2016, April 5). Google is rolling out end-to-end encryption for RCS in Android Messages beta. Signal. Retrieved January 26, 2023, from https://signal.org/blog/whatsapp-complete/
  9. Bohn, D. (2020, November 19). Google is rolling out end-to-end encryption for RCS in Android Messages beta. Retrieved January 26, 2023, from https://www.theverge.com/2020/11/19/21574451/android-rcs-encryption-message-end-to-end-betasp
  10. Meta (n.d.). End-to-end encryption. Facebook Messenger Support. Retrieved January 26, 2023, from https://www.facebook.com/help/messenger-app/1084673321594605/?helpref=breadcrumb
  11. Skype Support (n.d.). What are Skype Private Conversations? Retrieved January 26, 2023, from https://support.skype.com/en/faq/FA34824/what-are-skype-private-conversations
  12. Pahwa, A. (2022, August 3). The History Of WhatsApp. Retrieved February 8, 2023, from https://www.feedough.com/history-of-whatsapp/
  13. Issac, M. (2016, May 5). WhatsApp Introduces End-to-End Encryption. Retrieved February 8, 2023, from https://www.nytimes.com/2016/04/06/technology/whatsapp-messaging-service-introduces-full-encryption.html
  14. Ruby, D. (2023, February 1). Whatsapp Statistics 2023 — How Many People Use Whatsapp. Demand Sage. Retrieved February 8, 2023, from https://www.demandsage.com/whatsapp-statistics/
  15. WhatsApp Support (2016, April 5). Whatsapp Statistics 2023 — How Many People Use Whatsapp. WhatsApp. Retrieved February 8, 2023, from https://blog.whatsapp.com/end-to-end-encryption
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=End-to-end_Encryption_(Messaging)&oldid=114674"