WhatsApp has had end to end encryption for the better part of a decade now, and still, governments and sometimes, nefarious actors, have been able to find backdoors to get access to user chats. One of the most common methods is getting the cloud backup of a chat, which, to this date, remains unencrypted. Well, not anymore. WhatsApp has announced that it will finally roll out a feature that will allow users to encrypt their cloud data, putting a lid on one of the most popular methods of accessing WhatsApp user data.
In the coming weeks, users will see an option to generate a 64-digit encryption key to lock their chat backups in the cloud. They can choose to either store this key offline, or manage it in a password manager. However, not everyone wants to use 64 bit encryption keys, and the company realizes that. That’s why it will also include the option to can create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed.
WhatsApp said that the encryption key would not be retrievable without the password, to which it would have no access.
“We know that some will prefer the 64-digit encryption key whereas others want something they can easily remember, so we will be including both options. Once a user sets their backup password, it is not known to us. They can reset it on their original device if they forget it,” WhatsApp said.
The password mode would probably be the most popular one, especially since the company has said that it would show a warning that if users lose their 64 bits keys, they would be locked out of the backup for good.
However, it is likely that this feature, which aims to empower users by bolstering their privacy, can be challenged by regulatory governmental bodies around the world. For years, cloud storage has been used to keep track of suspected individuals, and by closing this backdoor, WhatsApp could be risking potential scrutiny.
India, the biggest market for WhatsApp, introduced new IT rules earlier this year, as part of which, companies would have to provide information about the first originator of a piece of content when asked. This encryption could come in the way of that, and thus, lead for unfavorable government attention for the Facebook owned company.