How WhatsApp is fighting spam after its encryption rollout
WhatsApp proved itself to be the most YOLO-crypto company of 2016 when it turned on end-to-end encryption by default last April for its more than 1 billion users. (Facebook, WhatsApp’s parent company, took a more cautious approach when it added opt-in encryption to Messenger.) But WhatsApp’s all-in approach has come at a cost — the company’s executives were arrested and its service was temporarily shut down in Brazil when local courts demanded that WhatsApp turn over the contents of encrypted messages.
Rolling out end-to-end encryption raised not just political concerns, but practical ones. If WhatsApp couldn’t read the contents of its users’ messages anymore, how would it detect and fight spam on the platform? WhatsApp could have become a haven for scammers pushing pills and get-rich-quick schemes, which would have driven users off the platform and harmed its business even more than short-term court-ordered shutdowns.
Instead, WhatsApp developed approaches to detecting spam that don’t rely on content at all, says WhatsApp engineer Matt Jones. Instead of looking at message content, WhatsApp analyzes behavior for indications that a user might be spamming. The approach is working surprisingly well. Jones says that WhatsApp slashed spam by 75 percent after launching end-to-end encryption.
“If you have well-instrumented behavioral features, it’s totally possible to detect spam without any access to message content in an end-to-end encrypted world,” Jones said at the USENIX Enigma security conference yesterday.
Some of WhatsApp’s behavioral detection systems will sound familiar to…continue reading here.