There's a problem with WhatsApp, but it isn't end-to-end encryption
Written by
In recent days at least one news outlet has sought to sow the seeds of distrust around end-to-end encryption.
Unfortunately this means a number of people are now under the impression that secure messaging apps are pointless because one’s phone could be hacked via other means, rendering all encryption obsolete. This is a bad, retrograde take, but that’s not to say that WhatsApp is without its issues.
You can argue about degrees, but WhatsApp is unquestionably a product of the surveillance capitalist ecosystem. Eventually it will evolve to monetise the digital exhaust of our interactions, or in terms Harvard professor Shoshana Zuboff puts it: using private human experience as raw materials in a behavioural data rendering process which is designed to herd and tune us towards profitable outcomes.
The suppliers of widely-adopted secure communications should not also be the controllers of this behavioural modification market. Any application claiming to offer privacy must be entirely disentangled from the interests of these parties. Apple has had a crack with iMessage, but sadly its products remain out of reach to most of the world. iPhones are bloody expensive, and not everyone can afford to pay a ridiculous premium on a shiny phone so their personal communications don’t wind up as a part of a data set flagged for monetisation.
Here’s the trap: digital consumer platforms like WhatsApp offer an incredibly attractive bargain to consumers. Unlike the platform-locked iMessage, they’re cross-platform, free, easy, and offer relatively robust security protections. And they’ve become central to the modern, digital experience.
Google’s mail infrastructure is another great example. At the moment it’s the best we can hope for when it comes to nudging the average user towards some form of agreeable security mixed with ease. There are many alternative email platforms which are more ethical, transparent, and in my personal opinion offer a more friendly experience, and I will routinely try and herd people towards them, but most folks simply don’t want to complicate their lives.
Some in the information security world blame this on human laziness, but that’s off the mark. There’s a fundamental difference between being lazy and wanting less hassle. The implementation of fiddly alternatives and self-made servers is a wholly unappealing thought for anyone not heavily invested in the field of information security, and letting the end user run free with their own code and implementation makes them far more vulnerable to hacking and things being set on fire.
Having personalised ads constantly shoved in your face is the 21st century bargain we’ve accepted as the trade-off for access to these services.
But let’s imagine a lovely, meditative scenario where we dismantle Google Mail and move everybody to another platform. To make this tempting for millions of people we’d have to uproot the workplace document storage environment, around two dozen regularly used interconnected applications that cover time-keeping, finance, and data, an entire branch of mobile phone operating systems, and who knows how many “stored preferences” that interconnect all of the things the average person enjoys on a daily basis. It’s a technology soup that’s borderline impossible to unmix.
With all of that in mind, it’s extremely unfair to call anyone out for being unwilling to step back from these monopolies, because key elements of their life are tied directly to them. It’s an alarming reality, and one that needs to be broken down in small chunks and whacked at with a machete until the path is finally clear to proceed.
WhatsApp’s main appeal to the masses is not its secure, end-to-end encryption, but its general simplicity. For those that aren’t largely tech-savvy, it’s arguably the most accessible mobile communication interface, both at an application and psychological level.
The fact that tens of millions of people are now, without even needing to understand it, using necessary high level encryption protocols in their real-time messaging is just a happy accident. 99% of WhatsApp’s users more than likely have no idea how E2E encryption works and they don’t even particularly care about it.
That’s fine. It exists, in the background, as a very fortunate byproduct of the attraction of the other, shiny, appealing traits of the platform, which as we all know tend to focus on things like talking to people quickly, setting up connections with family members, accessing and disseminating media from various sources in seconds. The things humans like doing on a regular basis while exerting as little energy as possible.
But is that good enough? For a while, but not in the long term. WhatsApp is not the endgame. It’s certainly moved the dial in terms of readily-available security for everyday conversation, but people deserve better. More accurately, we need less of specific things. Less “would you like to back up your messages weekly to the cloud,” less “connect with Facebook,” less “opt-in to exactly what we say or we won’t give you X”.
Establishing a sustainable model for secure communications providers is a daunting prospect for those who must eventually become “the new WhatsApp”. I believe the very competent teams behind similar apps such as Signal, Wire, and Threema are going to be at the heart of the eventual shift into the new era of communication, but it’s impossible to say at this moment in time how that shift will pan out.
In the meantime, though, let’s keep our eye on the ball. There are reasons to be wary of WhatsApp, but attacking end-to-end encryption as a “gimmick” is a rotten red herring that belongs in the bin.
Jake Davis is a former global hacker terrorist menace who now works in a creative young person job that I don’t quite understand I dunno ask him his twitter account is here.