dsc05664100706949orig
Security

WhatsApp reduces spam, despite end-to-end encryption

Can a spam filter work even without reading the content of your messages?

WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it’s been using end-to-end encryption.

That encryption means that no one -- not even WhatsApp -- can read the content of your messages, except for the recipient.

More privacy, however, can raise issues about spam detection. If WhatsApp can’t scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?

“In reality, we actually haven’t seen this as a big problem,” WhatsApp software engineer Matt Jones said on Wednesday. “We actually reduced spam by about 75 percent from around the time that we launched end-to-end encryption.”

Its spam detection mechanisms work by looking at unusual behavior from users in real-time, Jones said while speaking at the USENIX Enigma 2017 conference.

For instance, WhatsApp will analyze how long a suspected spammer has been registered on WhatsApp or how many messages he has sent in the last 30 seconds.

To detect what activity is possibly malicious, WhatsApp has been studying the behavior of spammers who've already been banned on the platform, Jones said. That’s helped WhatsApp learned their tricks of the trade. So it’ll be on the lookout for telltale patterns, such as evidence a bad actor was running a computer script to send out a flood of WhatsApp messages.

Michael Kan

The level of spam has fallen on WhatsApp since implementing end-to-end encryption. 

The app is also looking at the “reputation” of the internet and mobile providers powering the suspected spammer’s messages, Jones said. That includes examining the network and the phone numbers to determine if WhatsApp has routinely blocked other spammers from related sources in the past.

In the fight against spam, WhatsApp also has a key advantage over platforms such as email. To register, users need to provide the app a phone number. That can be a hassle for spammers. 

“If we make things expensive for [the spammers], their business model won’t work,” Jones said.

Improbable scenarios, such as a user with a U.S. phone number suddenly connecting to an internet network in India, will also set off alarms, Jones said. But the spam detection isn’t perfect, he said, and it will result in mistakes. For example, users who are traveling internationally might be flagged.

The messaging app also takes a strict stance on suspected offenders. Rather than try to filter out spam, it’ll block the account where the messages came from, Jones said.

For spammers, that means a quick boot from the service. But for legitimate users, it can mean being unfairly banned and filing an appeal. However, the messaging app has been introducing new measures to cut down the incorrect user bans, Jones said.

IDG Insider

PREVIOUS ARTICLE

« Gmail will push users further away from XP and Vista

NEXT ARTICLE

AMD sets Ryzen up for a strong start as chip battle with Intel looms »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?