An extension to verify the code running in your browser matches what was published.
Overview
An extension to verify that the code running in your browser matches what was published.
VERIFY AUTHENTICITY OF YOUR CLIENT
The new Code Verify is an open-source browser extension that lets you verify the authenticity of the WhatsApp, Facebook, Instagram, or Messenger client that you are being served when you use them on the web. Code Verify will immediately alert you if your web version is inauthentic or has been modified.
NEED FOR WEB TRANSPARENCY
Mobile phones have security verification protocols in place to ensure that the client you’re downloading is authentic and hasn’t been modified. Unfortunately, those assurances haven’t existed for web-based implementations of apps (those that run on web browsers). Code Verify was created as a solution.
When people use messaging apps via the web, they’re being served Javascript rather than a binary application. This means it's technically possible to serve people a different experience than what they were expecting.
We know that bad actors may want to alter an app and distribute that app to unsuspecting targets. For example, a bad actor could serve someone a version that was created to spy on them – without them ever knowing the difference.
DESIGNED FOR SECURITY-CONSCIOUS USERS
Code Verify was designed with our most security-conscious users in mind — those who might want additional peace of mind about their message security. Millions of people use WhatsApp, Facebook, Instagram, and Messenger on the web each month, and this type of independent verification and redundancy (also known as binary transparency) on the web is a huge step forward for online privacy.
HOW DOES IT WORK?
We've partnered with Cloudflare, a secure web content delivery service, to enable us to verify that everyone using WhatsApp, Facebook, Instagram, and Messenger on the web is accessing the same code, and we built a browser extension for you to independently verify that's the case.
The Code Verify browser extension brings the same protections that mobile apps have to the web. The extension scans the Javascript code of the web-based app and ensures it matches the source of truth that has been publicly posted on Cloudflare. If there are inconsistencies, the extension will immediately alert you.
When the WhatsApp, Facebook, Instagram, or Messenger clients are updated, the extension will also automatically update with a new source of truth so people are continuously assured that the version they’re running is the same version that other users are running.
BENEFITS OF OPEN SOURCING
We’re not just doing this for WhatsApp, Facebook, Instagram, and Messenger. Open sourcing the Code Verify extension means that other companies will be able to apply web binary transparency to their web-based apps as well.
As a browser extension that is independent of Meta products and their infrastructure, people can be assured that the extension itself hasn’t been secretly modified by third parties. Since the extension exists in the public eye, it will be more difficult to modify it for any sort of nefarious purpose without people noticing.
Now you can have the power of transparency directly in your hands.
Use the Code Verify extension to provide confidence that the web app you’re using is authentic.
Learn more about Code Verify at https://faq.whatsapp.com/web/security-and-privacy/about-code-verify
https://www.facebook.com/help/728172628487328
https://www.messenger.com/help/799550494558955
By downloading or using this extension, you agree to Meta’s terms of service available at https://www.facebook.com/terms.php. Learn how your data is processed for this extension by visiting the Meta Data Policy: https://www.facebook.com/about/privacy/.
Statistics
Installs
8,273
history
Category
Rating
2.2 (4 votes)
Last update / version
2024-11-04 / 4.0.0
Listing languages