Category Archives: Encryption

Are private conversations truly private? A cybersecurity expert explains how end-to-end encryption protects you – The Conversation

Imagine opening your front door wide and inviting the world to listen in on your most private conversations. Unthinkable, right? Yet, in the digital realm, people inadvertently leave doors ajar, potentially allowing hackers, tech companies, service providers and security agencies to peek into their private communications.

Much depends on the applications you use and the encryption standards the apps uphold. End-to-end encryption is a digital safeguard for online interactions. Its used by many of the more popular messaging apps. Understanding end-to-end encryption is crucial for maintaining privacy in peoples increasingly digital lives.

While end-to-end encryption effectively secures messages, it is not foolproof against all cyberthreats and requires users to actively manage their privacy settings. As a cybersecurity researcher, I believe that continuous advancements in encryption are necessary to safeguard private communications as the digital privacy landscape evolves.

When you send a message via an app using end-to-end encryption, your app acts as a cryptographer and encodes your message with a cryptographic key. This process transforms your message into a cipher a jumble of seemingly random characters that conceal the true essence of your message.

This ensures that the message remains a private exchange between you and your recipient, safeguarded against unauthorized access, whether from hackers, service providers or surveillance agencies. Should any eavesdroppers intercept it, they would see only gibberish and would not be able to decipher the message without the decryption key.

When the message reaches its destination, the recipients app uses the corresponding decryption key to unlock the message. This decryption key, securely stored on the recipients device, is the only key capable of deciphering the message, translating the encrypted text back into readable format.

This form of encryption is called public key, or asymmetric, cryptography. Each party who communicates using this form of encryption has two encryption keys, one public and one private. You share your public key with whoever wants to communicate securely with you, and they use it to encrypt their messages to you. But that key cant be used to decrypt their messages. Only your private key, which you do not share with anyone, can do that.

In practice, you dont have to think about sharing keys. Messaging apps that use end-to-end encryption handle that behind the scenes. You and the party you are communicating securely with just have to use the same app.

End-to-end encryption is used by major messaging apps and services to safeguard users privacy.

Apples iMessage integrates end-to-end encryption for messages exchanged between iMessage users, safeguarding them from external access. However, messages sent to or received from non-iMessage users such as SMS texts to or from Android phones do not benefit from this level of encryption.

Google has begun rolling out end-to-end encryption for Google Messages, the default messaging app on many Android devices. The company is aiming to modernize traditional SMS with more advanced features, including better privacy. However, this encryption is currently limited to one-on-one chats.

Facebook Messenger also offers end-to-end encryption, but it is not enabled by default. Users need to start a Secret Conversation to encrypt their messages end to end. End-to-end encrypted chats are currently available only in the Messenger app on iOS and Android, not on Facebook chat or messenger.com.

WhatsApp stands out for its robust privacy features, implementing end-to-end encryption by default for all forms of communication within the app.

Signal, often heralded by cybersecurity experts as the gold standard for secure communication, offers end-to-end encryption across all its messaging and calling features by default. Signals commitment to privacy is reinforced by its open-source protocol, which allows independent experts to verify its security.

Telegram offers a nuanced approach to privacy. While it provides strong encryption, its standard chats do not use end-to-end encryption. For that, users must initiate Secret Chats.

Its essential to not only understand the privacy features offered by these platforms but also to manage their settings to ensure the highest level of security each app offers. With varying levels of protection across services, the responsibility often falls on the user to choose messaging apps wisely and to opt for those that provide end-to-end encryption by default.

The effectiveness of end-to-end encryption in safeguarding privacy is a subject of much debate. While it significantly enhances security, no system is entirely foolproof. Skilled hackers with sufficient resources, especially those backed by security agencies, can sometimes find ways around it.

Additionally, end-to-end encryption does not protect against threats posed by hacked devices or phishing attacks, which can compromise the security of communications.

The coming era of quantum computing poses a potential risk to end-to-end encryption, because quantum computers could theoretically break current encryption methods, highlighting the need for continuous advancements in encryption technology.

Nevertheless, for the average user, end-to-end encryption offers a robust defense against most forms of digital eavesdropping and cyberthreats. As you navigate the evolving landscape of digital privacy, the question remains: What steps should you take next to ensure the continued protection of your private conversations in an increasingly interconnected world?

Read more from the original source:
Are private conversations truly private? A cybersecurity expert explains how end-to-end encryption protects you - The Conversation

Cracking the Code: How Podchasov v. Russia Upholds Encryption and Reshapes Surveillance – EJIL: Talk!

On February 13, 2024, the European Court of Human Rights (Strasbourg Court) issued its verdict in Podchasov v. Russia. The case involved a statute that (i) established a data retention scheme, and (ii) permitted law enforcement to order the decryption of collected data. The applicant in this case, a Telegram user, challenged an order that required Telegram to decrypt their communications protected by end-to-end encryption (E2EE).

This decision is particularly important because a case involving the weakening of E2EE encryption is uncharted waters for both the Strasbourg Court and the European Court of Justice (Luxembourg Court). This represents a significant victory for privacy advocates as the Strasbourg Court ruled that mandating the decryption of E2EE data constituted a violation of Article 8 of the European Convention of Human Rights the right to privacy. In this analysis, I will delve into the Strasbourg Courts decision, examining both its ruling on the data retention scheme and the decryption of E2EE data.

Data Retention Scheme

The case hinged on the contentious Russian Code of Criminal Procedure and the Operational-Search Activities Act. This law demanded that internet communication organisers (ICOs) store all communication data (metadata) for one year and the content of communications for six months in Russia. The ICOs were mandated to provide all metadata and content data collected by them to law enforcement authorities upon request (Section 10.1(3.1)).

The Strasbourg Court noted that the data retention scheme was very broad in nature. It required the retention of all internet content data and metadata for a prolonged period, without any circumscription of the scope of the measure in terms of territorial or temporal application or categories of persons liable to have their personal data stored (Para 70). The Court found the retention scheme to be exceptionally wide-ranging and serious because:

It affects all users of Internet communications, even in the absence of reasonable suspicion of involvement in criminal activities or activities endangering national security, or of any other reasons to believe that retention of data may contribute to fighting serious crime or protecting national security (Para 70).

The Strasbourg Court held that the data retention and access scheme violated the right to privacy, as it did not offer adequate safeguards against abuse, considering the seriousness of the interference. The Court noted that it had previously examined the same statute in the case of Roman Zakharov v. Russia (2015), and the data retention and access scheme were subject to the same procedures and safeguards (Para 74). Therefore, the Court did not carry out its analysis of legality (quality of law) de novo, it found no reasons to reach a different conclusion in the present case (Para 75). The Court concludes that this legislation permits the public authorities to have access, on a generalised basis and without sufficient safeguards, to the content of electronic communications. Therefore, it impairs the very essence of the right to respect for private life (Para 80). The language in the concluding paragraph and the rationale of the Court, closely aligns with the Luxembourg Court decision in Schrems I (2015), even though its not directly referenced here.

Podchasov continues the Strasbourg Courts trend of focusing on procedural inadequacies rather than substantive issues, a phenomenon termed procedural fetishism by Zalnieriute. For example, in the case of Big Brother Watch and Centrum fr Rttvisa (2021), the Court highlighted procedural flaws in the bulk surveillance law without explicitly examining whether bulk interception itself is inherently impermissible. These two decisions have normalised mass surveillance/bulk interception within the Strasbourg Courts jurisprudence. This trend can also be observed in the approach of the Luxembourg Court, exemplified by the verdicts in Privacy International and La Quadrature du Net (2020).

Similarly, in Podchasov, the Court limits its analysis to the legality of the data retention and access scheme without considering whether such a broad scheme could inherently violate Article 8 (right to privacy). While Podchasov recognizes that bulk data retention constitutes a serious interference, affecting all users of Internet communications, even in the absence of reasonable suspicion. (Para 70) However, it fails to take the next step and concludes that such a significant infringement cannot be justified.

Decryption Order

Section 10.1(4.1) of the Russian Code of Criminal Procedure and the Operational-Search Activities Act, requires ICOs to provide, along with the requisite metadata and content data, any information necessary to decrypt communications. The Federal Security Service ordered Telegram to help decrypt communications for six mobile numbers, including the applicants, by providing data relating to the [encryption] keys. These six users were using the secret chat feature on Telegram, which enables E2EE protection for the messages. This order was challenged by Telegram, the applicant, and others.

The Strasbourg Court at the outset, before initiating its analyses, explains the important role played by encryption within the Internet age:

In the digital age, technical solutions for securing and protecting the privacy of electronic communications, including measures for encryption, contribute to ensuring the enjoyment of other fundamental rights, such as freedom of expression (see paragraphs 28 and 34 above). Encryption, moreover, appears to help citizens and businesses to defend themselves against abuses of information technologies, such as hacking, identity and personal data theft, fraud and the improper disclosure of confidential information. This should be given due consideration when assessing measures which may weaken encryption (Para 76).

The Strasbourg Court held that the requirement for ICOs to facilitate the decryption of E2EE-protected communication data was a disproportionate measure (Para 79). Two key facts led the Court to an adverse conclusion. Firstly, the Court highlights that enabling decryption for specific individuals would necessitate creating a backdoor, accessible to both law enforcement and malicious actors. Noting:

in order to enable decryption of communications protected by end-to-end encryption, such as communications through Telegrams secret chats, it would be necessary to weaken encryption for all users. These measures allegedly cannot be limited to specific individuals and would affect everyone indiscriminately, including individuals who pose no threat to a legitimate government interest. Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general and indiscriminate surveillance of personal electronic communications. Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users electronic communications (Para 77).

The Court observation here is an important win for privacy advocates who have argued over the years that E2EE-protected data cannot be accessed without introducing systemic vulnerabilities, posing risks to users, commercial entities, and national interests alike.

Second, while acknowledging that encryption may pose challenges to criminal investigations, the Court observed, relying on expert submissions, that there are alternative encryption-preserving methods of investigation (Para 78). This is indeed correct. There are alternatives to rolling back E2EE that can contribute to the state goals in a real and substantial mannerrelying on metadata or circumventing encryption, for example, by indirectly hacking. Thus, the Court concludes that:

in the present case the ICOs statutory obligation to decrypt end-to-end encrypted communications risks amounting to a requirement that providers of such services weaken the encryption mechanism for all users; it is accordingly not proportionate to the legitimate aims pursued (Para 79).

A close reading of this conclusion would suggest that unlike the Courts holding vis--vis the data retention provisions, the Courts determination here of the privacy violation is not contingent on the absence of adequate safeguards. Therefore, the Courts holding is that decryption of E2EE data is, in principle, against the right to privacy, regardless of the degree of robustness of safeguards in place. In this context, member states do not possess any acceptable margin of appreciation (Para 80).

Conclusion

Podchasov is a landmark decision, which safeguards encryption, which has become sine qua non for secure and confidential communication in the digital age. The decision offers valuable lessons for other courts where similar issues may arise, given that E2EE has been under threat in multiple countries globally in the last decade. The Court did not afford the state any leeway while examining the decryption provision, considering the severity of potential harm.

While adjudicating on technical or digital measures, the Court must understand the architecture of the technical measure, including its capabilities, and limitations Equally vital is an appreciation of the socio-political and economic context in which these measures are deployed. The Strasbourg Courts verdict demonstrates a commendable grasp of the cryptographic tools at the heart of this case and the gravity of potentially weakening the encryption standard. This is a result of the Court properly engaging with technical expert evidence.

There is a legal challenge to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, pending before the Indian Supreme Court (SC). This law requires significant social media intermediaries to enable the tracing of the first originator of the information, and critics claim this can weaken the E2EE standard. The Podchasov decision would be a valuable precedent for the Indian SC, which has in the past significantly relied upon the jurisprudence of the Strasbourg Court and Luxembourg Court to develop its conception of informational privacy and the principles of data protection.

The Strasbourg Courts ruling may cast a long shadow over future negotiations for the regulation of child sexual abuse material, proposed by the EU Commission in May 2022. It requires the scanning of messages that could weaken E2EE. This decision may provide greater leverage to representatives from the EU Parliament who oppose scanning and lead to stronger pushback by civil societies and other advocacy groups.

Originally posted here:
Cracking the Code: How Podchasov v. Russia Upholds Encryption and Reshapes Surveillance - EJIL: Talk!

Hackers can read private AI assistant chats even though they’re encrypted – Ars Technica

Aurich Lawson | Getty Images

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active stepsmainly in the form of encrypting themto prevent potential snoops from reading other peoples interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle positionmeaning an adversary who can monitor the data packets passing between an AI assistant and the usercan infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Currently, anybody can read private chats sent from ChatGPT and other services, Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, wrote in an email. This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internetanyone who can observe the traffic. The attack is passive and can happen without OpenAI or their client's knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.

Mirsky was referring to OpenAI, but with the exception of Google Gemini, all other major chatbots are also affected. As an example, the attack can infer the encrypted ChatGPT response:

as:

and the Microsoft Copilot encrypted response:

is inferred as:

While the underlined words demonstrate that the precise wording isnt perfect, the meaning of the inferred sentence is highly accurate.

Weiss et al.

The following video demonstrates the attack in action against Microsoft Copilot:

Token-length sequence side-channel attack on Bing.

A side channel is a means of obtaining secret information from a system through indirect or unintended sources, such as physical manifestations or behavioral characteristics, such as the power consumed, the time required, or the sound, light, or electromagnetic radiation produced during a given operation. By carefully monitoring these sources, attackers can assemble enough information to recover encrypted keystrokes or encryption keys from CPUs, browser cookies from HTTPS traffic, or secrets from smartcards.The side channel used in this latest attack resides in tokens that AI assistants use when responding to a user query.

Tokens are akin to words that are encoded so they can be understood by LLMs. To enhance the user experience, most AI assistants send tokens on the fly, as soon as theyre generated, so that end users receive the responses continuously, word by word, as theyre generated rather than all at once much later, once the assistant has generated the entire answer. While the token delivery is encrypted, the real-time, token-by-token transmission exposes a previously unknown side channel, which the researchers call the token-length sequence.

Continued here:
Hackers can read private AI assistant chats even though they're encrypted - Ars Technica

Children are no exception: Nevada must ensure end-to-end encryption for all – Access Now – Access

Access to end-to-end encryption is essential for everyone, including children, to stay safe online. On March 11, 2024, Access Now joined an amicus brief led by the American Civil Liberties Union, Electronic Frontier Foundation, and Riana Pfefferkorn, a research scholar, urging the U.S. District Court to reject Nevadas request for a court order to prevent Meta from offering end-to-end encryption on Facebook Messenger for people under 18 who use the service. Denying children access to encryption, a powerful safeguard against indiscriminate scraping of personal communications data that can be used to cause harm, is an attack on the security of children online.

Nevadas attempt to deny children using Facebook Messenger access to end-to-end encryption, thereby depriving them of safe spaces online, is both misguided and dangerous. To eliminate encryption is to eliminate online safety for all, including children who rely on it for secure communication with loved ones, exchanging information, seeking safety, obtaining education and healthcare, and much more Namrata Maheshwari, Senior Policy Counsel and Encryption Policy Lead at Access Now

The amicus brief also outlines how encryption is an important safeguard against rampant surveillance by the private sector, governments, and other actors. Default end-to-end encryption has helped protect human rights for years on messaging services such as Signal, WhatsApp, and iMessage the internet needs more of it, not less.

Encryption facilitates a spectrum of human rights and fundamental freedoms, including the rights to privacy, free expression, access to information, and freedom of assembly. Children, too, are entitled to the exercise of these rights, freely and safely, when using services like Facebook Messenger. By depriving them of strong encryption, an essential tool for online safety, Nevada would push young people into a far more vulnerable position. Peter Micek, General Counsel at Access Now

Access Now, along with the lead drafters, and other amici, including Internet Society, Center for Democracy and Technology, Mozilla, Signal, and Fight for the Future, urge the court to reject the states motion and set a strong precedent recognizing the importance of encryption for privacy and security for all.

More here:
Children are no exception: Nevada must ensure end-to-end encryption for all - Access Now - Access

WhatsApp encryption status might appear at the top of chats – BGR

Anyone using WhatsApp should know that their chats and calls are end-to-end encrypted, just like on iMessage and Signal. Its a security feature WhatsApp had before Meta bought the app. Its also probably the reason WhatsApp was the only encrypted chat app Meta operated for so long. Facebook Messenger started rolling out end-to-end encryption only a few months ago.

Since encryption is a strong selling point of WhatsApp, you might think the feature doesnt need advertising. Chats and calls will remain end-to-end encrypted despite insert reason to worry. And some users did have reasons to worry not too long ago.

Remember when Meta (then Facebook) made that controversial privacy change to WhatsApp a few years ago? And now, Meta is getting ready to support third-party chats in WhatsApp in the EU.

Meta will continue to reinforce its commitment to end-to-end encryption whenever it has to discuss security- and privacy-related WhatsApp matters.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

With that in mind, I think WhatsApp reminding users that their chat apps are end-to-end encrypted from within the chat app is a good practice. One that should be available on iPhone and Android soon.

Discovered by WABetaInfo in the latest WhatsApp beta for Android, the feature puts the status of encryption front and center, as seen in the screenshot below.

A caption that identifies a chat as end-to-end encrypted appears briefly under the name of the contact youre chatting with. The caption will disappear after a few seconds so the last seen information can appear in the same place.

But the encryption indicator is still a great addition to the app. It should appear for every chat in the app, even if just briefly.

As I said, tech-savvy users take WhatsApp end-to-end encryption for granted. They might not need the indicator above. But it would be a great marketing tool for Meta to promote the security of WhatsApp.

Moreover, I think its all the more important in the European Union, where WhatsApp will have to work with other chat apps. Meta has explained its looking to enforce encryption via WhatsApps Signal protocol or something equally strong. At the same time, Meta acknowledged it cant offer the same security guarantees.

The encryption indicator could be a great tool to use if you plan on chatting with people using third-party apps. It could tell you if the conversation remains secure or not.

Come to think of it; the DMA might finally give us the Instagram-Facebook-Messenger-WhatsApp tool that Meta once promised. Not all three apps are end-to-end encrypted. Thats one instance where the encryption indicator might come in handy. That said, theres no reason to think Meta will want to make its own apps interoperable.

Also, theres no confirmation from Meta that the encryption indicator will roll out to the public version of the app. However, there is precedent. Facebook Messenger has started identifying which chats are end-to-end encrypted.

The indicator is not as visiable as the one in WhatsApp above. You have to tap a contacts profile picture in Facebook Messenger and see if a permanent end-to-end encrypted marker appears under your friends name. Not all chats in your Facebook Messenger are encrypted because the feature is still rolling out to users. Also, users must enable encryption by choosing a password.

See original here:
WhatsApp encryption status might appear at the top of chats - BGR

WhatsApp’s Latest Feature Will Tell You Whether Your Chats Are Securely Encrypted – Lifehacker

End-to-end encryption (or E2EE) is a cornerstone of modern chat apps and protocols. iMessage, RCS, and WhatsApp all promote themselves as secure methods for messaging friends, family, and colleagues without the need to worry about outsiders intercepting and reading your messages, and it's E2EE that allows them to do it.

It won't be that way for long on Meta's apps, however. The European Commission recently ruled that Meta's messaging apps, including Messenger, must allow for "chat interoperability," or the ability for users to connect third-party platforms to WhatsApp. The idea is that Meta has too much of a monopoly on messaging in the E.U., and doesn't allow for fair competition with other third-party options.

In theory, allowing other platforms to route through WhatsApp will be better for all users, but there's a catch. Meta is requesting that these third-parties either use the same Signal Protocol for E2EE as its own apps do, or demonstrate they're using a compatible protocol that offers the same security benefits. However, as Meta highlights, they cannot control what these third-parties actually do with your messages once they leave WhatsApp or Messenger, opening up possible security vulnerabilities when you're messaging someone using a third-party platform.

To its credit, Meta is vetting platforms that request to work with their apps before allowing them into the fold. And while Meta is more likely concerned with the lack of control over these platforms than the E2EE issue, there is a genuine security concern at play: Users may assume that messaging anyone with WhatsApp will still allow them to take advantage of the encryption benefits the app is known for, when in actuality, they may unknowingly be chatting via an insecure messaging protocol.

To help mitigate these potential security gaps, WhatsApp is rolling out a new feature to beta testers. As reported by WABetaInfo, whenever you're chatting with someone on the Signal Protocol, you'll see a new "end-to-end encrypted" message at the top of the chat, alongside a lock icon. When you see this, you know that you're getting the same E2EE protections that you would with a direct connection in WhatsApp.

You can try this feature out for yourself in the Android beta version 2.24.6.11, but WABetaInfo says you may also see it in versions 2.24.6.7, 2.24.6.8, and 2.24.6.10. You can enroll in the WhatsApp beta on Android here.

It's not clear whether Meta will bring this feature to Messenger as well. The company only recently made E2EE the default for chats on this app, so there isn't quite the same assumption of security as you'd find on WhatsApp. Still, now that default E2EE is rolling out on Messenger, it would be prudent for Meta to note whenever you're actually chatting with someone securely on that platform as well.

See more here:
WhatsApp's Latest Feature Will Tell You Whether Your Chats Are Securely Encrypted - Lifehacker

WhatsApp Clears Up Confusion Over Encryption With A Handy New Chat Label – Hot Hardware

A new feature in the latest beta for WhatsApp gives users more peace of mind that their messages and calls made within the app are end-to-end encrypted. The latest enhancement provides a visual confirmation that their chats are indeed securely encrypted using the Signal protocol.

Most people who use WhatsApp do so because they want to be assured that what they are chatting about is kept between them and the other user. While simple in form, the messaging services latest feature update (beta for Android 2.24.6.11) will add yet another security blanket for users to feel safe while using the app. It will allow users to always be aware of when their chats are secure with a new visual cue (see image below).

Meta-owned WhatsApp has not always been a go to for privacy minded users, however. In 2021, the messaging app came under severe scrutiny for its new terms of service, which resulted in a large amount of users leaving the app for what they believed to be more secure alternatives. Telegram and Signal were the biggest winners, with Telegram receiving an estimated 25 million users, and Signal seeing an increase that pushed it across the 50-million mark on the Google Play Store.

Since that time, WhatsApp has been able to win back a portion of its user base, with assurances that what is said on WhatsApp, stays on WhatsApp. The latest enhancement seems to be aimed at adding to that assurance.

Originally posted here:
WhatsApp Clears Up Confusion Over Encryption With A Handy New Chat Label - Hot Hardware

WhatsApp is testing a label to specify that your chats are encrypted – Android Police

Summary

Encryption is one of the crucial aspects of modern-day messaging apps, ensuring conversations always remain protected. While WhatsApp has offered end-to-end encryption on chats and video calls for a while now, and the chat app has also gradually worked on increasing the visibility of encryption indicators, like the one we've seen in WhatsApp beta releases dating back to 2021. The latest version of the app's beta contains one such indicator directly below the contact or group's name.

WABetaInfo's reporting reveals that the feature was first spotted in January with WhatsApp beta for Android version 2.24.3.17. However, this indicator is now seemingly making its wider appearance with the latest beta (version 2.24.6.11), according to the publication. The indicator simply reads "end-to-end encrypted" and is preceded by a tiny lock.

This banner won't be constant, though. WABetaInfo says it will only appear briefly and eventually make way for the last-seen indicator. Of course, users can always head over to the Encryption tab from the contact info page to manually verify the encryption. Does this change a whole lot for everyday users? That's debatable, but this will no doubt be useful for people who are new to WhatsApp and may be on the fence about its encryption standards.

It was roughly three years ago when people were leaving WhatsApp en masse and flocking to alternative messaging apps like Signal. However, the Meta-owned service has come a long way since then, ultimately giving up on its controversial privacy policy battle and moving on to become one of the more trusted messaging services around.

WhatsApp already offers plenty of text within the app to explain its encryption standards. In addition to chats and video/voice calls, status updates on the platform are also end-to-end encrypted, as specified in its mobile apps. The developer even has a detailed FAQ page providing all the information on its encryption standards.

This new encryption indicator could also appear in versions 2.24.6.7, 2.24.6.8, and 2.24.6.10 of WhatsApp beta for Android, per WABetaInfo, so it's been a part of the beta cycle for a while now. This also tells us that its appearance in the stable version shouldn't be far away.

See the rest here:
WhatsApp is testing a label to specify that your chats are encrypted - Android Police

WhatsApp Beta testing new end-to-end encryption indicator – Global Village space

In todays digital age, privacy and security are paramount concerns for users of messaging apps. WhatsApp, long renowned for its end-to-end encryption, is taking a proactive step in reinforcing this crucial feature. Recent reports suggest that the platform is beta-testing a new encryption indicator, providing users with immediate reassurance of their communications security.

WhatsApps commitment to end-to-end encryption predates its acquisition by Meta, formerly Facebook. This security feature ensures that only the sender and recipient can access the contents of their messages or calls, shielding them from prying eyes, including hackers and even the platform itself. With privacy concerns at the forefront of todays digital landscape, encryption has become a defining feature for messaging apps like WhatsApp, iMessage, and Signal.

Read More: WhatsApp to make locating old messages easier

Despite WhatsApps strong encryption stance, the platform faced backlash a few years ago when Meta attempted to implement controversial privacy changes. However, the company has since reiterated its commitment to user privacy and security. As Meta prepares to introduce support for third-party chats within WhatsApp, particularly in the European Union, concerns regarding the continuity of end-to-end encryption have surfaced. Meta has assured users that encryption will remain a priority, albeit with certain challenges in ensuring interoperability with other chat apps.

The beta testing of a new encryption indicator within WhatsApp highlights the platforms dedication to transparency. By prominently displaying the encryption status of chats, users are empowered with knowledge about the security of their conversations. This feature not only serves as a reassurance for existing users but also as a valuable marketing tool for attracting new ones. In an era where data privacy is increasingly scrutinized, such transparency fosters trust and confidence among users.

Within the European Union, where data privacy regulations are stringent, the encryption indicator holds particular significance. As WhatsApp prepares to collaborate with third-party chat apps, ensuring the continued security of communications becomes imperative. The indicator provides users with a tangible means of verifying the encryption status of their conversations, especially when engaging with contacts on different platforms. This transparency aligns with the principles of the EUs General Data Protection Regulation (GDPR) and demonstrates Metas commitment to compliance.

Read More: WhatsApp revolutionizing animated stickers

While the beta testing of the encryption indicator is underway, its eventual rollout to the public version of WhatsApp remains uncertain. However, Metas track record with Facebook Messenger, where a similar feature has been introduced, suggests a promising trajectory. As the digital landscape evolves, and regulatory frameworks like the Digital Markets Act (DMA) reshape the tech industry, Meta may further prioritize interoperability and security across its messaging platforms. The encryption indicator could play a pivotal role in this endeavor, facilitating informed decision-making for users navigating the interconnected ecosystem of WhatsApp, Facebook Messenger, and other Meta-owned apps.

Visit link:
WhatsApp Beta testing new end-to-end encryption indicator - Global Village space

WhatsApp Adds Label Indicating Which Chats Are Encrypted – UC Today

WhatsApp is launching an in-app indicator informing users which chats are encrypted.

WhatsApps update 2.24.6.11, available now to some Beta testers of the platform, includes the new capability, which comprises an indicator that displays end-to-end encrypted alongside a small lock icon.

The label is positioned immediately under the contact or group name a user is communicating with, where the last-seen indicator usually is. However, the encrypted label will only appear for a few seconds before fading away to be replaced by the last-seen signifier.

The publication WABetaInfo reported:

After installing the latest WhatsApp beta for Android 2.24.6.11 update, which is available on the Google Play Store, we discovered that WhatsApp is rolling out a feature to identify end-to-end encrypted conversations!

This feature is intended to provide users with transparency about which chats are end-to-end encrypted. It offers peace of mind and confidence that their chats are securely encrypted with the Signal protocol. This visual confirmation ensures privacy by preventing unauthorised access to messages and calls.

WABetaInfo initially reported this feature was in development in January, but its arrival to Beta testing so soon is a pleasant surprise.

While presently available to select Beta testers who have access to WhatsApps Beta updates via Androids Google Play Store, this feature is scheduled to gradually expand to more users over the following weeks.

The update arrives less than a week after Meta posted a blog detailing how WhatsApps interoperability with third-party services will function while preserving its end-to-end encrypted messaging services.

Although accelerated by the European Union introducing its Digital Markets Act (DMA) for tougher regulation of designated messaging services, or digital gatekeepers, WhatsApp has been working on a solution enabling third-party interoperability for two years.

Third-party providers are required to sign an agreement to interoperate with Messenger and WhatsApp before implementation. Although the company favours using WhatsApps Signal protocol for encryption, it will consider other protocols that meet the same security standards.

The EUs new rules came into force last Thursday, March 7, meaning that Meta had to be ready to enable interoperability with other services within three months of receiving a request, as dictated by the DMA. However, Dick Brouwer, Engineering Director at WhatsApp, advised that turning on interoperability might take longer than three months before its ready for public use.

The DMAs requirements mandate support for one-on-one chats and file sharing, including images, videos, or voice messages, in the first year of the new regulation. These requirements will gradually extend to include group chats and calls over time.

WhatsApps evolution into a comprehensive, enterprise-friendly communication and collaboration platform was a significant trend last year, and both the interoperability update and the encryption indicator further affirm this development.

Among the notable enterprise-friendly features launched last year, in December, WhatsApp introduced the ability for users to pin a message to the top of their chatsfor up to 30 days.

Also, in December, WhatsApp launched an enterprise-friendly voice chat upgrade, enabling users to host large groups of up to 128 audio-call participants. Different from a regular group call, this feature is intended to minimise disruptions. Unlike standard WhatsApp group calls that ring every member, this version adds an in-chat bubble on each participants screen, creating a more discreet invitation that users can select to join.

Last August, WhatsApp introduced a call scheduling feature within group chats, enabling WhatsApp group users to organise calls and automatically notify other participants, producing a more convenient and efficient form of communication.

This January, WhatsApp for Windows beta teased a capability to control input and output devices within the application. Reminiscent of similar capabilities in popular video conferencing platforms, such as Zoom and Google Meet, users can select their preferred speakers, microphone or camera for voice and video calls without having to leave the app.

Go here to see the original:
WhatsApp Adds Label Indicating Which Chats Are Encrypted - UC Today