Good News: WhatsApp Gets Serious About End To End Encryption
from the good-to-see dept
We recently noted that it was really good news to see companies like Google and Apple finally taking end user encryption seriously, and it appears that's spreading. The super-popular chat messaging app WhatsApp, which was acquired by Facebook not too long ago, just turned on full end-to-end encryption, powered by Open Whisper Systems, the makers of such great tools as TextSecure, which is the basis for the new encryption:The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.It sounds like this project started prior to the Facebook acquisition, so it's great to see it continue to move forward either way. Just recently, the EFF rated various messaging apps for their security (which resulted in some controversy...), and WhatsApp didn't score all that well, while TextSecure got a perfect score. Making messaging more and more secure is incredibly important, so it's great to see it happening here.
WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, messaging
Companies: whatsapp, whisper systems
Reader Comments
Subscribe: RSS
View by: Time | Thread
WhatsApp is horrible
2. It's not federated (walled garden). So you can't communicate with users from other XMPP networks.
3. It's security is flawed by design. They consciously made it into an insecure service by dropping the registration process (creating user name + password) like in any normal XMPP, and instead using identification tied to user's device to authenticate. All that to exploit people's laziness (saves 5 minutes of the registration process for the price of constant broken security).
Such developers are simply doing a huge disservice to their users.
[ link to this | view in thread ]
At least I don't see much of a difference between them listening in somewhere in the middle and you never know about it or if they send a demand to facebook and you never know about it.
[ link to this | view in thread ]
Re: WhatsApp is horrible
4. It's not open-source, therefore it cannot be independently peer-reviewed. And therefore we cannot verify that it isn't loaded with security holes and backdoors.
(Of course sometimes even open source code has security holes. But since it can be independently peer-reviewed, we have a fighting chance of finding them. With this...we have none.)
If it's not open-source, it's shit, and NOBODY should trust it.
[ link to this | view in thread ]
Re:
However since the ID is tied to a device you don't have anonymity so they can still try to get access to the source or destination device. A plus is that perfect forward secrecy is proposed so reading of the message shouldn't be possible except for when the man in the middle knows the long term key on the ends that is used to encrypt the temp key used for the current set of messages.
Should be interesting to see what happens from this push in the right direction.
[ link to this | view in thread ]
Now rolling out strong crypto on the most used mobile messaging service in the world is an astounding feat. But we must critically weigh the harm that's being caused when we encourage users to stick with interoperable, proprietary, unverifiable options.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Good to know that someone uses PFS but not sure how safe that is in the current form(using mobile devices). Looks like they have to send two security letters now. One to Facebook and one to whoever build the phone i.e. Apple. And if that doesnt work there is always the blackmarket for 0days or if all fails then I bet there will be a new law.
The whole security thing confuses me a bit atm. Should I be happy they don't want new laws but that might mean they have other ways (e.g. 0days) to access the data or should I be for new laws which would mean they cant access the data at the moment?
[ link to this | view in thread ]
Secure Messaging
[ link to this | view in thread ]
[ link to this | view in thread ]
TextSecure
[ link to this | view in thread ]
a)they work
b)there are some instructions on how to use them/set them up
c)they are simple to set up/use. no good if it takes a degree in I.T. to get it running
d)there is no chance of them being broken/hacked
[ link to this | view in thread ]
TD fail.
[ link to this | view in thread ]
[ link to this | view in thread ]
Now rolling out strong crypto on the most used mobile messaging service in the world is an astounding feat. But we must critically weigh the harm that's being caused when we encourage users to stick with interoperable, proprietary, unverifiable options.
WhatsApp Hacken
[ link to this | view in thread ]
Works
[ link to this | view in thread ]
issue
[ link to this | view in thread ]
help! real or not?
p.s. sorry it is in German
[ link to this | view in thread ]
Re: help! real or not?
[ link to this | view in thread ]
Need your help
Hi guys, I need also your help, please!!!!
Want to protect my daughter from her boyfriend, have read that with spy apps i can read all her whatsapp messages....is it true??? https://iortly.com/whatsapp-spy/
[ link to this | view in thread ]