Recently, the instant messaging app “WhatsApp” announced that it is using end to end encryption. While this is generally seen as a good thing, what most people seem to have forgotten is that we have absolutely no reason to trust WhatsApp.
Just because you’re told WhatsApp is using end to end encryption doesn’t really mean anything.. what algorithms are they using, how can we verify this. Most importantly, if the NSA (or someone else, perhaps with lots of money) asks WhatsApp to disable end to end encryption for a specific user – what’s to stop them? How would you know your instant messages are no longer encrypted?
What this means (at least to me) is that your supposed end to end ‘bullet proof’ encryption is probably worse than nothing – it’s lulling you into a false sense of security.
You can’t trust closed source encryption. Ever. Don’t start now.