WhatsApp's Encryption Claims Called Consumer Fraud by Durov

What Changed

Pavel Durov, the founder of Telegram, has made a bold claim against WhatsApp, labeling its end-to-end encryption (E2EE) promises as potentially deceptive. He argues that WhatsApp's marketing misleads users into believing their messages are secure when, in fact, many are not protected.

How This Affects Your Data

Durov's allegations highlight a critical flaw in WhatsApp's backup system. While messages sent between users are encrypted during transmission, backups stored on services like Apple iCloud and Google Drive are not automatically encrypted. This means that approximately 95% of private messages could be stored as plain text, accessible to anyone with access to those servers, including law enforcement and malicious actors.

Who's Responsible

Durov's accusations are not isolated. A class-action lawsuit has been filed against Meta, WhatsApp's parent company, claiming that the app contains a backdoor allowing unauthorized access to users' messages. Meta has dismissed these allegations as false but has not adequately addressed the concerns surrounding backup vulnerabilities.

How to Protect Your Privacy

For users concerned about their privacy on WhatsApp, here are some immediate steps to take:

• Enable E2EE backups: Go to WhatsApp Settings → Chats → Chat Backup → End-to-end Encrypted Backup.
• Use a strong, unique password: Avoid simple PINs or biometric shortcuts.
• Audit contact backup behavior: Ensure that your conversation partners have enabled similar protections.
• Consider alternatives: For sensitive communications, consider using Telegram's Secret Chats or other platforms like Signal, which do not support cloud backups.

Conclusion

Durov's claims raise significant questions about the effectiveness of WhatsApp's encryption and the overall security of user data. As privacy concerns grow, users must remain vigilant and proactive in protecting their communications.