[vbezhenar]

The most backdoor-looking feature for me in supposedly encrypted systems are cloud backups. They are “optional” yet most users will agree (especially when given software constantly nags about it until you give up) and their backups will leak both sides of conversations, despite all end-to-end encryption attempts.

[londons_explore]

WhatsApps cloud backup on Android sits on Google drive by default.

It is encrypted with a per user key known to WhatsApp.

That means for a third party to access the chats, they need Google to hand over the data, and Facebook to hand over the key.

The logical next step to add would be for Google to additionally encrypt the data with the users logon password or something derived from it. Google won't do this anytime soon for business reasons.

[keyme]

I've posted this here before.

> It is encrypted with a per user key known to WhatsApp.

This is no longer true! For a few years now. The backup is stored on Google Drive in plain text.

https://faq.whatsapp.com/android/chats/about-google-drive-ba...

[FiloSottile]

That page doesn't say that, and "tied to the phone number" sounds like they will only give you the key if you can authenticate via SMS.

Do you have a better cite or did you check directly recently?

[keyme]

You can extract it yourself.

https://github.com/YuriCosta/WhatsApp-GD-Extractor-Multithre...

I do not vouch for this repo, but it gets the job done.

The only creds required are your Google account creds. No per-user whatsapp keys necessary.

[FiloSottile]

That's disappointing, thank you for the link.

[beagle3]

https://github.com/B16f00t/whapa (among other tools) appears to download it from Google without requiring any key from facebook or a rooted device.

I haven't tried this specific tool yet (or others recently) but it was definitely possible in the past without requiring any key from FB/WA.

[londons_explore]

> authenticate via SMS

It's now "authenticate via SMS and pin (if enabled), or authenticate via SMS and wait 7 days (if pin enabled)"

[Dumbdo]

I'm sorry, but where did you get that information from? The FAQ only states:

> Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive.

That makes sense, why would you re-encrypt the messages with the end-to-end-key which is individual for each chat, if you could simply use a symmetric encryption for backups?

So the statement

> It is encrypted with a per user key known to WhatsApp.

could still hold true, there's no information contrary to that in the FAQ (but no information indicating another kind of encryption either).

[sdflhasjd]

WhatsApp backups are a bit of an anti-feature, as I found out while trying to ditch the app after the recent policy update.

1) The backup can only be made to Google drive, you cannot create a manual backup to a location of your chosing

2) The backup is created in a secret folder that cannot be accessed by the user

3) The backup is deleted if you delete your account. (not much of a backup, eh?)

4) You can only create per-channel exports, but this won't export the entire chat, it will export up to ~12MB of recent media, and ignore the rest, silently. WhatsApp would only share the last 40 messages of a 4-year-old chat because the last few messages contained a few images.

[londons_explore]

I believe there is still an (undocumented, unofficial) way to backup to the SD card. The backup is still encrypted tho, and can only be restored to the same whatsapp account as created it.

[ycombinete]

Interesting. I just created a 900MB backup of a chat history, on my iOS WhatsApp, that appears to have all messages and all data.

[tinus_hn]

Being an iOS device it probably doesn’t ‘backup’ to Google Drive so this story may not apply

[ycombinete]

yeah, on ios whatsapp backs up the data to icloud

[Denvercoder9]

WhatsApp also creates (encrypted) backups in the WhatsApp/Databases folder on your internal storage. Aside from a single line displaying the time of the last local backup in the backup settings it's not really well-documented though.

[jsmith99]

I can't find any source for this 12MB limit? Backups I've restored (Android) seen to contain all media although I haven't checked in detail.

[Denvercoder9]

That point was talking about the "Export Chat" function (which creates a medialess text file), not the backup function.

[paranoidrobot]

> encrypt the data with the users logon password or something derived from it

This leads to inability to restore a backup if you forget your password and need to reset it.

That's going to lead to screams/tears from a lot of folks who don't realise those implications.

[garmaine]

> That means for a third party to access the chats, they need Google to hand over the data, and Facebook to hand over the key.

National intelligence agencies (plural) would already have both.

[londons_explore]

True, but it still makes the attack surface much smaller - employees of neither company could steal your data. Your data is now protected by the intersection of the companies privacy policies rather than the union of them.

[beagle3]

It used to be that way. But then, one day, Google announced that WhatsApp backups (a) no longer count towards your quota, and (b) are no longer encrypted.

There are two beneficiaries of this change:

1) Intelligence and law enforcement agencies, which now have direct access to WhatsApp history for everyone who uses cloud backup (99.9% of users, if not 100%), without the need to 0day any specific phones, risk detection, or even have those phones on except occasionally.

2) Google, who can now mine your private conversations, metadata, etc.

(At a tiny storage cost for Google, for which they are likely compensated by the NSA)

[moepstar]

This is something i don't understand (at least for me/my use case):

Are historic chats that important to have them backed up? To me, if there's anything of value, i'll save it via other means...

[greatgib]

For me, chat history has a huge value.

How many times things looks like meaningless when they are said but have a lot of values at a later date?

For example, sometimes you wonder, "when was it that time when XXX event happened". Or "I remember that one day someone told me that he had the same problem as me, but who was it and what was his solution?"

Otherwise, we are used to share thousands of links and snippets with my friends that we usually discuss. A lot of time, after a very long time (sometimes years), for some reason we remember that something or link about a topic was discussed long time ago, and then it is convenient to look into the history with keywords to find back the links and what was said at that time!

[moepstar]

>"when was it that time when XXX event happened"

Then you go and look that up in your issue tracker.

>"I remember that one day someone told me that he had the same problem as me, but who was it and what was his solution?"

Ideally, you've that saved to your Wiki/FAQ Database or at least have it in your ticketing system.

That is, if we're talking about a professional setting - or some random "might be useful later" notes.

But still, this isn't something i am going to dig up in a random chat log - because if you're able to find / search for it there, chances are you are pretty close to the solution anyways...

[greatgib]

You are thinking of a professional dev context. But it is not the same thing for everyday discussions with friends.

A lot of things can look not useful and common at the current time, but have a lot of values in the future. But you can't document every step of your life.

For example, imagine that some friend tell you that his brother is currently working in Singapore and that everything goes well for him and all. But so far you have no relation to Singapore and don't travel so much.

Then 1 year later, you will unexpectedly be sent to Singapore for work and you would highly appreciate a contact there. At that point you remember that the brother of someone is there, but who was it?

You just have to search for 'singapore' in Telegram and you can get easily the reply to your question and so recontact the relevant friend.

Same thing when you are suddenly thinking about buying a Xiaomi phone, and you are wondering who was the friend that told you that he bought one 6 months ago to get his review.

[Aerroon]

Sure, but wouldn't you want to have control over these backups yourself? Not only do you get increased privacy from it, you also won't be in for a nasty surprise when the service decides to remove old logs/stop doing business.

[ximeng]

Of course you want to have control. So why does whatsapp and others do their best to prevent this?

[greatgib]

So that explains why chat history has value in itself without just storing outside the important info on a given moment.

But sure, the best thing to deal with that is to be able to 'backup/export' your history and also being able open/import it in a usable form.

Whatsapp mostly fails on both topics. You can't easily backup, otherwise it would be stored in clear in google drive, in an area that is not even accessible to you.

And then it is a sqlite db with proprietary format for fields, so so far nothing can display it properly offline.

For telegram, they have a good export/backup feature.

I don't know of anytool that would allow to browse your history nicely when loaded offline from backups, but as the format is open, that should be doable.

[Erlich_Bachman]

An average user doesn't commonly want to have control over anything themselves :P.

[joe-collins]

I disagree. They'd love to have control, but that control requires tech sophistication that none of the current tooling adequately elides.

[beagle3]

They surely love to have the possibility (and illusion) of control, they don't actually care much for the control itself.

There are numerous marketing studies that show people are most content when choices are made for them (e.g. in getting a new washing machine), as long as they know (or at least believe) they could have made another choice if they wanted to.

[Closi]

Yes - sometimes you don't realise the value until after the point.

I made a card for my girlfriend on our 5th anniversary by going back and finding our first messages to each other on WhatsApp, and putting a screenshot of them on the front of the card with some corny message. She balled up and was crying for quite some time. Anyway we are broken up now, but that's not the point!

These things really do have sentimental value, and it's not always obvious at the time.

[Arainach]

Yes. Backups without easy access are mostly worthless. If I make backups, I have to think about how they're stored, where they're stored, how they're preserved, how I access them, and how I query them.

Do I have a backup per contact? Per app? Are they stored in my Google Drive? In flat files on my local PC? What happens if my PC's hard drive crashes? How do I automatically keep the backups up to date? How do I keep them in sync? How do I access and query them remotely if I'm not at my PC?

Now multiply that across every different service you use, and that's a lot of mental effort that I don't want to go through if I don't have to. Most users don't want to either.

[jl6]

Yes, I find referring back to old chats is extremely valuable - they’re as important to me as old emails are.