What is end-to-end encryption, end-to-end encryption explained, Is Whatsapp secure and private|Reality of Whatsapp messages: This question must have crossed your mind that how were the Whatsapp chats of Deepika Padukone and Rhea leaked? How were the media able to access Deepika Padukone’s and Rhea’s messages? Are the messages that you write on Whatsapp safe? Can someone else read them?
So the answer to all these questions is given in this article along with the possible solutions that you should follow in case you don’t want your messages to be leaked like theirs and understand what is end-to-end encryption.
What is end-to-end encryption explained
It is claimed that the messages you send on Whatsapp are “end to end encrypted”. What is end-to-end encryption in Whatsapp?
This in simple language means converting any information into a secret code that cannot be deciphered when read literally that is, writing it in a secret language to encrypt it. Now the question which will come to your mind that how can they get leaked if they are end-to-end encrypted and what is end-to-end encryption? And how can you keep them safe and private?
End to end encryption means that if you send a Whatsapp message to a particular person then no one, apart from you and that particular person can read those messages as long as you and that particular individual have not shown it to any third person. That means if you keep your phone with yourself and show it to no one else, then no one, apart from you both can read those messages.
Platforms we use which are not end-to-end encrypted
Let us take SMS for example, as you know is not end-to-end encrypted. When you send an SMS from one phone to another, it goes through telecom operators like Airtel and Jio and if they wish to they can access your messages. In fact, even if the government wants, it is possible for them to access and understand who wrote what and when.
Similarly, email is too not end to end encrypted. Anyone can intercept the emails that you send to someone, to intercept means any third person can anyhow manage to see your emails and read the messages along with it.
Similarly, for things that aren’t end to end encrypted, it is possible for a third person to intercept and read your email or your message or hear your voice call.
What is end-to-end encryption explained with an example
Let me explain it to you what is end-to-end encryption with the help of a real-life situation, basic type of encryption that you can do on these platforms which are not end to end encrypted. Say you stay in Delhi while your parents stay in Mumbai and you did give them the credit card but not the pin. Now, how will you convey the pin to your parents?
You can make a voice call, but technically a service provider could be hearing your call or a scammer might be hearing your voice call and could intercept your call and find out your pin. You could email, but emails too, are not end-to-end encrypted, anyone can intercept it and find out your pin.
What would you do in such a situation? There is a very interesting solution to this situation that you can do is,
send an SMS to your parents there would be nothing in that SMS apart from a number, for example, that number could be 1234567890 along with that, send an email to your parents and this email would read that the PIN of your credit card is in the SMS that you sent.
Here you can tell them that the 1st, 3rd, 6th, and 8th digit in the SMS is the PIN combine these digits together. It is a very creative solution because your parents would have to read both your SMS and your email to figure out your PIN.
Even if someone is intercepting your SMS stealthily, then he would be confused. He would not know that actually the PIN is being sent. Similarly, even intercepting the email would not be enough as it will necessary to read both the SMS and the email to figure out the PIN. So, basically, you did an “encryption” here.
Your SMS was encrypted, the instructions of the method of decryption of that SMS was provided in your email. So, imagine your message to be a box and there is a lock on your box. The box has your credit card PIN inside, but no one can figure out your credit card PIN simply by looking at the box.
The lock can be opened by a key, that key is the email sent by you. The end to end encryption of Whatsapp works in a similar manner. When you send a Whatsapp message to your friend, then Whatsapp encrypts that message shuts it in a box, and puts a lock on it and the key to that lock is only within your friend’s phone.
In fact, not even Whatsapp has the key. So, even Whatsapp cannot read your messages if they are end to end encrypted. This is the reason why, whenever you open any chat on Whatsapp, there’s an option for security where you can see the encryption option.
Whatsapp shows you the security code, Whatsapp basically says that you can compare the security code with your friend and this is the way to match your box with the key to ensure that the right box and key are matched together. You can ensure that by matching the security code.
Loopholes of end-to-end encryption explained
So, now the question is what are the loopholes that allow a third person to read your messages. There are 2-3 loopholes.
The first is that if someone snatches your phone physically, or your phone gets stolen. He can open your phone and access your messages because your phone has been physically stolen. In such a case, what can you do to ensure your security and avoid the loophole?
Put a passcode on your phone, putting a passcode on your Whatsapp is even better these days. You can put in your face ID or Touch ID in iPhones, you can put in biometric authentication so that another passcode is required to open Whatsapp. Even if someone steals your phone, first he should know the passcode of your phone before he can access Whatsapp.
Another loophole is Whatsapp groups. For namesake, even Whatsapp groups are end-to-end encrypted but if a person that you don’t want is added, he can read your Whatsapp messages. What’s even more problematic than that is that invite links of WhatsApp groups can be sent somewhere else.
Say you make someone else the admin of your Whatsapp group he can invite someone else by sending the invite link and if that invite link is pasted on some non encrypted websites, or sent through SMS or pasted publicly anywhere then anyone can click on the invite link and can join your Whatsapp groups and read the chats of the Whatsapp groups.
The simple solution to this is to avoid WhatsApp groups especially the ones in which you’re not an admin. As anyone can join the Whatsapp group and read chats through an invite link of the group.
The third loophole is the backup of your Whatsapp messages. A lot of you would know that there is an option to backup chats in Whatsapp, you can keep a backup of all chat history on Google Drive or iCloud to access it later, but most of you would not know that the back up involves the removal of end to end encryption.
If you keep a backup on, you are keeping your messages at risk that a hacker can hack into them or anyone else can read them. A simple solution is to avoid this is to keep your backup off.
Go to settings and keep all the different types of backups off if you want to remain end to end encrypted on Whatsapp. This is the exact loophole that is suspected in the case of Deepika Padukone and Rhea Chakraborty.
Investigative agencies took their phones and cloned it and forensic experts retrieved the old data of her phone which had Google drive and iCloud backups where Whatsapp chats were saved. Some experts believe that to show her chats on TV and conduct primetime shows on it is a strong violation of privacy.
If the same had happened in a developed country, it would have been illegal But unfortunately in India, no data privacy law exists until now. The government had tried to bring a data privacy law but there were several shortcomings in that attempt as well recently, the government banned more than 200 Chinese apps like TikTok and PubG because it was alleged that they were misusing your data.
What is end-to-end encryption explained and few bonus tips
So until now, you must have understood what is end-to-end encryption. Now I’d like to tell you more tips to protect your data and your privacy, first- keep your phones updated to the latest software because most of the time a loophole is found in software because it is on older versions. Hackers target the older versions because it is easier to look for loopholes there.
Second, keep the auto-download option on Whatsapp that automatically downloads photos and videos off, because if you get a message from an unknown number, say they send you a virus in the Whatsapp message then it gets automatically downloaded and gets saved in the photo gallery and the virus automatically gets downloaded in your phone.
Also, keep all the apps in your phone updated because it is easier to look for loopholes in older versions and whenever an app asks for permission to access your photos and contacts, then do not grant all the permissions, because not all permissions are required all the time.
If there is an app that does not have anything to do with your photos but it asks for access to all your photos and contacts, then what is the need to grant that? Deny that access. This is fairly easy to do in the iPhone If you scroll down, you can see all the permissions that you have granted to the app.
Another tip is to keep the two-factor authentication on in Whatsapp. This ensures that whenever you register with your phone number on Whatsapp, In order to do this again, a PIN would be required which Whatsapp will send as an SMS on your phone number and will ensure that the correct phone is used to use Whatsapp and that no one else is installing Whatsapp using your phone number.
Apart from Whatsapp, another tip is to use apps like Signal. In Signal, you can send messages with a time limit, your messages will automatically get deleted after a certain time. Those messages would get deleted after a day without getting saved anywhere. No one would be able to read them ever.
In general, when you use the internet on your phone or computer, then the best and easiest way to protect your privacy is to use a VPN. The messages and photos that you send on Whatsapp are encrypted but when you use a VPN, whatever activity you do on the internet is encrypted to the extent that you can even spoof your location.
You can pretend to be in an entirely different country and accessing the internet from there. A lot of companies offer their VPN services, and you can choose anyone of your choices.