WhatsApp, like many messaging apps, makes use of end-to-end encryption, which ensures that an intermediary cannot listen in on what’s being mentioned. Bershidsky’s argument, summed up roughly, is that whereas WhatsApp stays weak to different assaults, end-to-end encryption is nothing wanting a “marketing machine” designed to “lull consumers cautious about cyber-surveillance right into a false sense of safety.”
Bershidsky’s argument hinges totally on the truth that functions that use end-to-end encryption are inclined to different threats, like zero-day flaws and sophisticated Israeli spyware. However, the factor is, no particular credible person has ever argued that end-to-end encryption is a safety treatment-all. Instead, it addresses two severe safety issues.
Firstly, end-to-end encryption prevents an adversary sitting amid a connection from intercepting and analyzing the contents of knowledge packets. For those who’re sending privileged info throughout a public Internet, like credit card numbers or buyer, you’ll going to wish to guarantee they protected from prying eyes. And crucially, it makes it nearly unimaginable to intercept and analyze protected visitors at scale.
The second drawback end-to-end encryption solves is that it makes it considerably tougher for an adversary to launch session hijacking assaults. If knowledge is being despatched within the clear, an attacker sitting on the same community might seize cookies and session cookies, permitting them to take over a person’s account on a web site or app, all with out the necessity to log-in.
This isn’t hypothetical. Earlier than Fb launched SSL-by-default in 2012, making personal the connection between customers and its servers have been protected, wresting management of somebody’s account was embarrassingly simple. There was even a Firefox plugin known as FireSheep, released in 2010, that made it a one-click process.