Finally Johnny Can Encrypt: But Does This Make Him Feel More Secure?

Abstract

End-to-end (E2E) encryption is an effective measure against privacy infringement. In 2016, it was introduced by WhatsApp for all users (of the latest app version) quasi overnight. However, it is unclear how non-expert users perceived this change, whether they trust WhatsApp as a provider of E2E encryption, and how their communication behavior changed. We conducted semi-structured interviews with twenty WhatsApp users to answer these questions. We found that about half of the participants perceived that even with E2E encryption, their messages could still be eavesdropped, for example by hackers and other criminals, governmental institutions, or WhatsApp's employees and cooperation partners. Many participants correctly identified sender and recipient as weakest points after the introduction of E2E encryption, but misconceptions were still present. For instance, users thought that messages were transmitted directly between two devices without being forwarded or stored on a server, or interpreted 'end-to-end' as a temporally end of communication. The majority of users stated to mistrust WhatsApp and its E2E encryption and presumed image-related reasons for the cost-free implementation. While most participants did not change their communication behavior, they reported to use protection strategies such as sending sensitive content via alternative channels even after the introduction of E2E encryption.