According to an internal assessment, although the content of WhatsApp messages remains unreadable, governments could use their access to internet infrastructure to monitor when and where encrypted communications take place. This level of observation is sufficient to make strong inferences about which individuals are talking together.
WhatsApp’s security team has identified several examples of correlation attacks that can bypass the app’s privacy. In one case, a WhatsApp user sends a message to a group, generating a set of data of the same size that is transmitted to all devices in the group. Another correlation attack measures the delay between sending and receiving WhatsApp messages, giving the possibility of “ infer the distance and location of the recipient “.
The report highlights that these attacks require all members of a WhatsApp group or both parties to the conversation to be on the same national network or jurisdiction. While suggesting that users of “democracies with legal procedures” are less vulnerable, he cites the NSA as using this type of wiretapping technique on American soil.
For Matthew Green, Professor of Cryptography, ” These metadata correlations are just that: correlations that can have good or average accuracy. But these systems will kill innocent people without knowing why “.
In conflict zones like Gaza, the use of WhatsApp could fuel Israel’s targeted killing systems based on data analysis, a recent report explains. Meta employees fear that this vulnerability could be used to “brand” Palestinians.