WhatsApp Rolls Out New Feature to Shield IP Address During Calls

WhatsApp, under the ownership of Meta, is formally introducing a novel privacy feature named "Protect IP Address in Calls". This feature conceals users' IP addresses from other parties by routing the calls via its servers.

Nov 8, 2023 - 21:35
  Source
 0  27
WhatsApp Rolls Out New Feature to Shield IP Address During Calls

WhatsApp has announced a new privacy feature that enhances user security during calls by end-to-end encrypting them, ensuring that not even WhatsApp can listen in. This "Protect IP Address in Calls" option, similar to Apple’s iCloud Private Relay for Safari, routes calls through WhatsApp servers to obscure users’ IP addresses, making it challenging for anyone involved in the call to pinpoint the caller's location. While this bolstered security might slightly reduce call quality, it offers peace of mind for those seeking heightened privacy.

The feature, which has been in the works since at least August 2023, according to WABetaInfo, requires calls to be relayed through WhatsApp's servers, shielding users’ IP addresses and therefore their approximate geographic location from other parties.

“This new feature provides an additional layer of privacy and security particularly geared towards our most privacy-conscious users," WhatsApp stated, emphasizing its commitment to user security.

Privacy Feature

This development is an extension of the "Silence Unknown Callers" feature, which not only shields users from unwanted calls but also reduces the risk associated with zero-click attacks and spyware. WhatsApp's approach to silenced calls involves a novel protocol that processes less data from potentially malicious sources by using what the company refers to as a privacy token.

“When a call is placed, the caller includes the recipient’s privacy token in the protocol message," WhatsApp explained. "The server then verifies the token's authenticity, among other checks, to decide if the recipient permits the caller to contact them. Importantly, the server doesn't learn any specifics about the caller and recipient's relationship from the token. Our design makes calling a less viable method for attackers, prioritizing user privacy."