SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
The Guardian was wrong to report in January that the popular messaging service WhatsApp had a security flaw so serious that it was a huge threat to freedom of speech.
But it was right to bring to wide public notice an aspect of WhatsApp that had the potential to make some messages vulnerable to being read by an unintended recipient.
The Guardian did not test with an appropriate range of experts a claim that had implications for the more than one billion people who use the Facebook-owned WhatsApp.
In a detailed review I found that misinterpretations, mistakes and misunderstandings happened at several stages of the reporting and editing process. Cumulatively they produced an article that overstated its case.
The Guardian ought to have responded more effectively to the strong criticism the article generated from well-credentialled experts in the arcane field of developing and adapting end-to-end encryption for a large-scale messaging service.
The original article – now amended and associated with the conclusions of this review – led to follow-up coverage, some of which sustained the wrong impression given at the outset. The most serious inaccuracy was a claim that WhatsApp had a "backdoor", an intentional, secret way for third parties to read supposedly private messages. This claim was withdrawn within eight hours of initial publication online, but withdrawn incompletely. The story retained material predicated on the existence of a backdoor, including strongly expressed concerns about threats to freedom, betrayal of trust and benefits for governments which surveil. In effect, having dialled back the cause for alarm, the Guardian failed to dial back expressions of alarm.
This made a relatively small, expert, vocal and persistent audience very angry. Guardian editors did not react to an open letter co-signed by 72 experts in a way commensurate with the combined stature of the critics and the huge number of people potentially affected by the story. The essence of the open letter and a hyperlink to it were added to the article, but wider consultation and a fundamental reconsideration of the story were needed.
-- submitted from IRC
Previously: WhatsApp Vulnerability Allows Snooping on Encrypted Messages -- Or Does it?
(Score: 3, Informative) by pTamok on Thursday June 29 2017, @10:50PM (1 child)
The open letter describes the issue in a clear and concise manner:
A lot of argument is made saying the WhatsApp behaviour is appropriate for its user community. That might be true. On the other hand, the open letter states
[ after events that notify WhatsApp that the intended recipient has changed phones or SIM cards].
So it appears that WhatsApp remains immune to casual snooping, but someone with control of the relevant parts of the phone network can convince the WhatsApp servers that a phone or SIM change have taken place, at a time of their choosing, and get copies of messages sent but not yet received. For the vast majority of people, this is not something they would need worry about. For some, however, it might be crucial.
It's really for end-users to decide if this difference is material to them. For most people the argument seems to be that WhatsApp appears to be good enough. YMMV.
(Score: 2) by zeigerpuppy on Friday June 30 2017, @03:56AM
i thought the main issue with Whatsapp is that when a user's key changes this automatically authorised and then.messages acan be resent with the new key. this means if a TLA wants the content of a conversation, all they have to do is push a key change pretenting to be a user changing device amd then the conversation gets sent to a bogus user.
the proper behaviour is to warn vociferously about a keychange and reject by default.
tas far as I'm concerned this is still effectively a back door and I wouldnt trust Facebook (aka Whatsapp) as far as I can throw them. I use Conversations with my own XMPP server, which may be a bit more paranoid than most...