¿Por qué los testigos online NO podemos certificar WhatsApp?

No online witness, can certify WhatsApp conversations with legal validity and we are going to detail why.

It is not necessary to explain what WhatsApp is, but how it works.

As you can see in the following image, WhatsApp conversations are encrypted end-to-end, that is, only the terminal (phone, tablet,…) of the source user and the terminal of the destination user are able to access the content of the conversation. This is a great security measure that benefits all WhatsApp users. If a hacker managed to intercept the network traffic generated by WhatsApp, they would simply see encrypted, unreadable information, which would be of no use to them. In this way, the privacy of the platform is largely guaranteed.

WhatsApp encryption infographic

How does the WEB service of https://web.whatsapp.com work?

WhatsApp makes available to its users a web page: https://web.whatsapp.com through which the user can perform, to a large extent, most of the actions that would come to use from the application. This makes it easier to use the famous messaging service through a browser on your PC.

It is a service at no cost, and requires the user to link their cell phone with their PC browser by scanning a QR code generated by the WhatsApp web service from their cell phone. If you have not yet used the WhatsApp web service you can try it by accessing: https://web.whatsapp.com (they have a very simple video tutorial to help you set it up in a few seconds).

Screenshot to connect the WhatsApp Web

Why an online witness can NOT certify WhatsApp through the WhatsApp Web service?

Technically it is possible. The client of the online witness would access a web browsing session and go to https://web.whatsapp.com. There they would link their terminal with the virtual browser and all the conversations, photos, videos, etc., would be recorded.

  • What is the problem then?

The WhatsApp web service connects directly to the user’s terminal to extract from the database the conversations, photos, videos, etc. And it needs to connect to the device because as we explained at the beginning, everything is end-to-end encrypted. Not even WhatsApp servers have access to unencrypted messages.

What would happen if the cell phone of the user who wants to perform the WhatsApp certification is hacked and the messages, photos, videos, etc., stored on their terminal are manipulated? Well, from the WhatsApp web service we would see the manipulated content, and consequently, the online witness would be certifying fraudulent content.

  • Is it likely that the WhatsApp user who wants to certify a conversation has tampered with their terminal?

Most likely not. But in a judicial system, everything has to be proven or recognized.

However unskilled the defense of the opposing party may be, if they know that there is a probability that the person who provided the messages could have manipulated them, even presenting a certificate from an online witness, they will challenge the evidence.

  • What is the solution?

In the case of WhatsApp messages, the safest thing to do is to request a computer expert that certifies the non-manipulation of the terminal or the WhatsApp application. The computer expert will need physical access to the terminal to perform the extraction of information and be able to generate the report.

SaveTheProof works with trusted experts who can help you certify the authenticity of any content on WhatsApp. You can contact us via chat or email: [email protected].

Would you like to request a DEMO?

Choose a day and time to discover how SaveTheProof will change the way you certify content.