End-to-end Encryption on Facebook, Google, Snapchat and WhatsApp


Recommended Posts

Plans for end-to-end encryption are being discussed by Facebook, Google, Snapchat and WhatsApp. The proposals, discussed on Neurogadget and The Guardian, would entail expanding the use of encryption for user data, in a move that is likely to cause further upset to governments and agencies.

However implementation is expected to be hampered by a reliance on access to customer data for personalisation of advertising, so it is quite possible that we will see the emergence of new encryption techniques, perhaps encrypted data packaged with meta data for advertising platforms.

Link to comment
Share on other sites

  • 3 weeks later...

WhatsApp’s end-to-end encryption system was launched on 5th April 2016 (PDF). It uses the Signal protocol, designed by Open Whisper Systems, as the basis for its encryption. The Signal protocol is designed to prevent third parties and WhatsApp from having plaintext access to messages or calls. The Signal protocol library is Open Source and available on GitHub.

Once a session has been established, clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. All communication between WhatsApp clients and WhatsApp servers is layered within a separate encrypted channel. On Windows phone, iphone, and Android, those end-to-end encryption capable clients use Noise pipes with Curve25519, AES-GCM, and SHA256 from the Noise Protocol Framework for long running interactive connections. No client authentication secrets are stored on the server. Clients authenticate themselves using a Curve25519 key pair, so the server only stores a client’s public authentication key.


Link to comment
Share on other sites

  • 2 weeks later...

Viber has announced provision of end-to-end encryption for users of the latest version of their app.

Encryption applies to one-to-one conversations, group messages, and cross-platform messages.

The announcement did not specify the encryption methods and rumours circulated that it was using (insecure) MD5. In a statement to TechCruch, Viber said that it's not using MD5, and it will not grant any backdoor access, regardless of the circumstance or country. “Viber can access records that show only that one phone number has contacted another phone number, however we cannot access the content of messages or phone conversations. Our encryption protocol was based on an open source protocol concept, with an extra level of security developed in-house”.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.