Why does WhatsApp not encrypt Google Drive backups? (2021) \ stacker news ~privacy

Why does WhatsApp not encrypt Google Drive backups? (2021)security.stackexchange.com/questions/212062/why-does-whatsapp-not-encrypt-google-drive-backups

1960 sats \ 15 comments \ @ek 9 Jan privacy

Ah, damn, reconsidered my territory choice and wanted to switch to ~privacy but it's more expensive to post there

https://m.stacker.news/11424

/cc @davidw fyi lol

WhatsApp has end-to-end encryption, promising privacy to users.

However, it becomes useless if backups to Google Drive are unencrypted. Our supposedly private data goes to the control of Google.

No problem, I can disable the backup. But, what about all the people I talk to? Google still holds most of my conversations, unencrypted.

This seems to be a useless/tricking/lying design, done in purpose to ensure they keep control of the users. (and keep in mind that Whatsapp reminds me MANY times to enable the Backup)

I understand that as soon as I send a message to another person, they can take screenshots, show to other people, etc. I understand that risk. However, not encrypting backups just makes it way easier for the messages to be even more exposed.

Question is - I'm sure WhatsApp could encrypt backups to Google if they wanted (e.g. require a passphrase to users, or at least have that option and recommend users to use it). Why does WhatsApp not do that?

I did not verify if this is still the case (or ever was indeed the case) but back when I still used WhatsApp, I think I once saw the "information" (should have been a warning!) that the backups (that were enabled by default iirc) are not encrypted by default -- but I can set a password to enable encryption.

I can see how WhatsApp (or did Facebook already own WA at that point?) thought it's easier to roll out backups without encryption.

But don't call your app E2EE then. That's essentially a backdoor. Rolling out unencrypted backups and still pretending that your app is E2EE is a huge red flag.

view all related items

164 sats \ 0 replies \ @gd 9 Jan

WhatsApp has a back door for any western government who wants one. Assuming a non-zero level of security from Meta products is a mistake IMO.

100 sats \ 1 reply \ @anon 9 Jan

Maybe a dumb question, why do people even want to backup their chats to the cloud? imho I think people just emotionally default to and get obsessed about backing up everything and never losing anything. But do you really need your texts backed up to the cloud? Are you ever really going to your cloud backups and reading them? Encryption and privacy totally aside, this seems silly to me. If you have data or info you need to save you absolutely should be putting it somewhere else besides a messaging app. If I need a secure backup I'm usually putting it in Bitwarden(encrypted and open source).

That being said I try to avoid WhatsApp in favor of Signal regardless. However when you have mixed iphone and android friend or family groups, especially in different countries, you often have to default to WhatsApp. Its just the most common messaging app by far. And because lots of people I know think Signal is only for drug dealers and criminals (the same mindset they apply to bitcoin interestingly enough).

128 sats \ 0 replies \ @kilianbuhn 9 Jan

why do people even want to backup their chats to the cloud? imho I think people just emotionally default to and get obsessed about backing up everything and never losing anything

That's just like you man. Don't project yourself onto others. Other people are actually - believe it or not - other people.

And to other people their chats are actually very emotionally important.🤓