WhatsApp has begun rolling out its latest optional security feature enabling users to protect their IP address metadata during WhatsApp call, according to a blogpost by Meta on November 8, 2023. The blogpost also provides information on another new setting ‘Silence Unknown Callers’ that quiets down unwanted calls and is also said to block attempts of cyber-attacks.
More about the IP address feature:
An IP address is a unique identifier, assigned by internet service providers, for a device connected to the internet. IP addresses may contain information about the device and in turn, the user’s geographical location or the internet provider.
As informed by Meta in its blog post, “Most calling products people use today have peer-to-peer connections between participants. This direct connection allows for faster data transfers and better call quality, but it also means that participants need to know each other’s IP addresses so that call data packets can be delivered to the correct device – meaning that the IP addresses are visible to both callers on a 1:1 call.” This can raise privacy concerns for many users.
According to Meta, the new feature when enabled, will relay a user’s calls through WhatsApp’s servers. This means the callers won’t be connected directly and their IP addresses will not be revealed to each other. However, WhatsApp also noted that call quality will be reduced once users activate this setting.
Why it matters: The feature allowing masking of IP addresses is important in terms of enhancing privacy safeguards for users on the platform. IP addresses serve as crucial metadata, which can give an internet service provider (ISP) some information about a user’s WhatsApp calls, such as the duration of the call and the IP address of the second caller involved. Such information is often used by law enforcement agencies as well when investigating a specific crime. Whether or not the new feature hides the IP addresses of the callers on a WhatsApp call from ISPs too is a question worth noting.
On silencing unknown callers:
According to the blogpost, calling products are often subject to different kinds of cover cyber-attacks, including “zero-click” attacks wherein the victim may not need to even accept the call for the attack to succeed. Traditional methods of silencing calls may still provide the attacker with room to “load data into the recipient’s memory”, to which the recipient may end up leaking device information back to the attacker, thus increasing the vulnerabilities the victim is exposed to.
WhatsApp says it has built a “specialized protocol” for delivering “stripped-down, silenced call notifications” to users. “The server enforces this protocol, protecting the recipient device from the complexity of normal call setup and from processing attacker-controlled data,” the blogpost noted.
To address the question of how will the server know if the call should be silenced without asking the recipient, the company informed that this can be done using “privacy tokens’. They explained, “Each client locally decides which other user it trusts and distributes tokens to them. When a call is placed, the caller includes the privacy token of the recipient in the protocol message. Next, the server checks the token’s validity along with a few other factors to determine if the intended recipient allows this sender to ring them. Crucially, for our user’s privacy, the server does not learn anything about the exact relationship between the caller and the recipient from the token.”
Also Read:
- Petition Requests SC To Direct WhatsApp To Comply With India’s Data Protection Law: Report
- Govt May Send WhatsApp Traceability Notice Over Deepfakes Of Politicians Circulating: Report
- Tripura HC Stays Lower Court’s Order Asking WhatsApp To Disclose First Originator Of A Message
- Video: Should Communication Apps Like WhatsApp, Telegram Be Licensed?
