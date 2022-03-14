Meta (formerly Facebook) has announced a new browser extension that aims to improve the security of WhatsApp in its web version. The aim is to make it difficult for a scammer who has hacked into a person’s account to compromise data or the privacy of encrypted messages.

According to the article published on the Meta developers website, the extension, called Code Verify, serves to automatically verify the authenticity of the WhatsApp Web code being served in the browser.

“Unlike a downloadable app, a web app is usually served directly to users without a third party reviewing and auditing the code. There are many factors that can weaken a web browser’s security that don’t exist in the app space mobile, such as browser extensions,” the company said.

According to WhatsApp, the mobile versions of the app are also more reliable because the app stores “review and approve every app and update”. As this does not happen on PC, a fake page or computer virus can intercept your attempt to log in to WhatsApp Web and steal your data.

The new extension serves precisely to check that the version of WhatsApp Web you are trying to access is legitimate, and not a fake page with the intention of stealing your data, and that there are no malicious programs eyeing your PC conversations. “We hope that Code Verify will give at-risk users peace of mind,” the company says in a statement.

How it works?

The process is not that complex. What the new extension does is just compare an algorithm that maps code running in your browser to a hash (which combines random characters and serves as a “shield”) maintained by a third-party company called Cloudflare. Although the execution is not new, the great point of Code Verify is that the process is automated.

“We provide Cloudflare with a cryptographic hash source of truth for the WhatsApp Web JavaScript code. When someone uses Code Verify, the extension automatically compares the code executed on WhatsApp Web with the version of the code verified by WhatsApp and published on Cloudflare. there is any inconsistency, Code Verify will notify the user”, explains the company.

After certification, the browser extension uses a color system to show if there are issues:

green means everything is working normally;

red means there is a problem;

orange suggests that the person might need to refresh the page, or that some active browser extension is interfering with login.

Image: Goal

How to use the extension?

Code Verify is available through the Meta Open Source website and also in the Chrome, Edge and Firefox extension stores. According to WhatsApp, the feature does not record data or share any personal information with the platform.

“It also doesn’t read or access messages you send or receive,” says WhatsApp, which points out that Meta won’t know whether or not a person has downloaded the extension.

“Once installed, Code Verify will automatically run when you access WhatsApp Web and will act as a real-time alert system for code being served on WhatsApp Web.”