7

After turning on end-to-end encryption for WhatsApp is it possible for the network operators to read the metadata of the messages being exchanged?

I see here (in Transport security) that metadata is also protected. Can someone shed more light on this?

Anders
  • 64,406
  • 24
  • 178
  • 215
user106624
  • 71
  • 2
  • 2
    Note that, even if they can't see metadata like who you sent it to, they can still see that you are using whatsapp (by the server IPs), and that you sent or received a message of x size at a certain time. – SomeoneSomewhereSupportsMonica Apr 06 '16 at 08:33
  • 1
    Note that end-to-end encryption doesn't change anything for the network operators - even before that, data was still encrypted while in transit. – André Borie Apr 06 '16 at 12:54
  • @SomeoneSomewhere a tor client, vpn client etc. will hide your traffic if you don't want your operator knowing who you're talking to. Message size is definitely something that Noise Pipes (the extra encryption layer used between whatsapp clients and servers) will pad. – Nathan Apr 06 '16 at 15:11

1 Answers1

7

There is no reason to think a network operator can access the data.

The document says it clearly:

Encrypts metadata to hide it from unauthorized network observers.

In other words, you are questioning that what's said in the document is false.

The only people that could shed more light on this would be WhatsApp or Open Whisper Systems (the company that created the encryption system), and as you can figure out, they are not going to give you details..

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
  • 1
    *"that company that created the encryption system"* - this should be OpenWhisperSystems – SEJPM Apr 06 '16 at 12:27
  • 3
    `The only people that could shed more light...` - - Or if someone tries and fetches metadata from mobile data transfer and then publishes the findings. – Mindwin Apr 06 '16 at 12:38
  • @SEJPM fixed :) – The Illusive Man Apr 06 '16 at 12:40
  • 1
    @yZt "they are not going to give you details" - er, what do you think the "Open" in "Open Whisper Systems" stands for? Hint: https://github.com/WhisperSystems – Nathan Apr 06 '16 at 14:19
  • 1
    @Nathan Open doesn't mean free, nor even "opensource". Open, in signaling, refers to a "standard" way of openly establish communications. In fact, do you see the WhatsApp Signaling in that repo? – The Illusive Man Apr 06 '16 at 17:03
  • 1
    @yzt read the white paper: open whisper is the library used. The link is to their open source library. "The Signal Protocol library used by WhatsApp is Open Source, available here: https://github.com/whispersystems/libsignal-protocol-java/ " – Nathan Apr 06 '16 at 17:14