India’s new idea for tracing WhatsApp messages is deeply flawed


It’s no secret at the moment that India wants to trace the origin of messages on apps like WhatsApp and Signal. In its new social media policing rule, the government said that while it didn’t want to categorically break the encryption, it wanted to know who generated a particular post first.

A report released yesterday by the Economic Times suggested that some officials are proposing that WhatsApp assign and store an alphanumeric hash to every message so that it can be traced back to the sender if it causes illegal activity.

An official involved in the traceability discussion said the government was “willing to work with WhatsApp to find a solution that allows message traceability without breaking the encryption.”

However, this approach poses some problems. In an end-to-end encrypted system, every message is different for the system because it cannot read your messages. So if you send “Hi” twice, it doesn’t recognize it as the same message.

Prasanth Sugathan, legal director of Software Freedom Law Center (, a New Delhi-based organization that focuses on digital law, said the authors could tweak the post slightly or just copy it to cause the hash to change. :

The government assumes that every message transmitted is delivered as is. The hash is specific to the message. Edit a letter in a message and its hash will change. This means that if a malicious party wants to send a viral message, they would do so simply by changing the hash of a message each time or after multiple transfers. Thus, change the first sender each time such a message has been transmitted. There is a good chance that this will lead to a very complicated implementation.

In 2018, WhatsApp faced a lot of backlash from India after forwarded messages containing false information caused more than 30 lynchings in the country. However, the company has taken several steps to limit transfers, so it would be naive to assume that every message travels in a chain.