[REVIEW] : WhatsApp: download this extension to secure messaging on PC
2021 has been a year full of new things for WhatsApp users. And among the new features that Meta launched last year is multi-device.
WhatsApp had offered a desktop web version of its messaging service for years. However, the new “cross-device” that was introduced in 2021 allows you to use WhatsApp on a computer, through your browser, even when your smartphone is disconnected or turned off. And recently, WhatsApp decided to make this cross-device feature more secure, by offering a passcode verification extension.
As a reminder, WhatsApp uses end-to-end encryption by default. This means that when you exchange messages with someone they are encrypted and unreadable when passing through Meta’s servers.
The new extension that is offered by WhatsApp allows you to strengthen security by ensuring that no one intercepts your messages once they arrive in your browser. How ? By verifying that the code of the WhatsApp web application has not been modified.
Using a WhatsApp application on the web exposes users to new risks
If WhatsApp launches this extension, it is because the company is aware of the new risks that exist when using its messaging service on a browser.
“Unlike a downloadable mobile app, a web app is typically offered directly to users, without a third party reviewing and auditing the code,” reads a Meta post. “There are many factors that could weaken a web browser’s security that don’t exist in the mobile app space, such as browser extensions. Additionally, since the mobile app space was created after the web was created, the security guarantees offered on mobiles can be stronger, especially since third-party app stores review and approve every update. application and software updates. »
The WhatsApp extension is called Code Verify. As its name suggests, this will check the code. In essence, the signature of the code of the web application used by the Internet user is compared to that of a reference code which is distributed by Cloudflare. And if the extension discovers that the signature is not the same, the user is notified. Of course, if WhatsApp updates its application, the web extension, as well as the signature used for verification, is also updated.
“No other end-to-end encrypted messaging service has this level of security for people’s communications on the Web,” says Meta, which, by offering this extension, subtly tackles its competitors in messaging. Nevertheless, Mark Zuckerberg’s group would like to make this code verification a new standard. Indeed, Code Verify is an open source project that other companies can use to strengthen the security of their web applications.
The extension is available for Chrome, Mozilla Firefox, as well as Microsoft Edge. When the latter verifies the code of the web application, three types of response are possible.
If the code is validated, Meta displays a green icon. If the icon is orange, it means “You need to refresh your page or another browser extension is interfering with Code Verify.” » The red icon indicates that there is a security problem.
WhatsApp Web gets a browser extension to boost security
WhatsApp on the web is a convenient way to access the messaging service on a desktop computer, without having to install an app. However, with the web, there is always a risk of bad actors trying to trick users.
WhatsApp has mostly tried to present itself as a safe platform by adding various privacy and security-focused features, the main one being end-to-end encryption. In the same spirit, the Meta messaging application, WhatsApp, has now released a new browser extension called “Code Verify” to add an extra layer of security to its web version and ensure that people are using the genuine web version of WhatsApp. Here’s everything you need to know about WhatsApp’s new Code Verify extension.
Code Verify is an open source extension developed in partnership with Cloudflare. It automatically checks WhatsApp Web’s code and makes sure it hasn’t been “tampered with or modified”, ensuring that you won’t fall prey to malicious versions of WhatsApp Web that can interfere with your privacy. As it is free software, it can be used by any other third-party platform for the same purpose.
It is also revealed that by doing this, Code Verify ensures user privacy and does not try to access data, metadata, user data or even WhatsApp messages.
How to use Code Verify?
The Code Verify browser extension is available for Chrome, Firefox (coming soon), and Microsoft Edge users. Once you download the extension from Google, Microsoft, or Mozilla web extension stores, it will automatically verify WhatsApp Web code when a user logs into the desktop messaging platform.
The extension has three modes: the green light mode which indicates that the code has been successfully verified and that everything is fine. Then you have the amber light mode to show that a problem has been detected and a refresh can be performed to fix it. And finally, red light mode if validation fails. Users can press the “Learn More” option from the extension’s UI if validation fails.
Meta launches Code Verify extension for WhatsApp Web
WhatsApp users have several options to log into the service and start communicating with individuals and through groups. In addition to using mobile devices running Android or iOS, WhatsApp users can also use WhatsApp Desktop, a Windows 10 and 11 app, and WhatsApp Web, a web-based version of the messaging service.
Meta promises that the extension does not save “any data, metadata or user data” and that it “does not share any information with WhatsApp”. Messages are not read or viewed and neither Meta nor WhatsApp will know if Code Verify is being used in the browser. The sole purpose of Code Verify is to verify the integrity of WhatsApp Web to ensure safe use of the site.
The extension verifies the integrity of the WhatsApp web service when users connect to it using a browser in which the extension is installed. It displays a green, orange, or red icon that indicates whether WhatsApp Web validated successfully, code integrity check failed, or validation failed.