SoylentNews is people
SoylentNews
posted by
cmn32480
on Tuesday April 05 2016, @11:17PM
from the what-about-beginning-to-beginning dept.
from the what-about-beginning-to-beginning dept.
The title pretty much says it all. According to the report:
the service will encrypt all messages, phone calls, photos, and videos moving among [the devices].
Moxie Marlinspike is involved, so they have a chance of getting it right, and no one, even WhatsApp, will be able to know what you”re saying, texting, viewing, &c. (Unless, of course, your widget is running malware, or the opposition can get their mitts on it.)-: They claim this is available on nearly a billion devices—this is a really big deal.
takyon: Alternate links with no Wired paywall: TechCrunch, Washington Post, CNET, Reuters.
This discussion has been archived.
No new comments can be posted.
WhatsApp Encrypts End-to-End in Latest Version
|
Log In/Create an Account
| Top
| 52 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
No self-made man ever did such a good job that some woman didn't
want to make some alterations.
-- Kim Hubbard
(Score: 2) by takyon on Tuesday April 05 2016, @11:28PM
Updated article on my phone.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday April 05 2016, @11:32PM
Come again?
(Score: 3, Informative) by takyon on Tuesday April 05 2016, @11:51PM
Changed "WhatApp" to "WhatsApp", added "Digital Liberty" topic, added 4 alternate links.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by e_armadillo on Tuesday April 05 2016, @11:30PM
Staying consistent with previous articles about people posting without reading TFA, I went straight to the App Store on my phone to see what the release notes for the most recent version was. The result? One line:
* Bug fixes
perhaps they say un-encrypted communication as a bug? In any case, I welcome our privacy overlords :-)
"How are we gonna get out of here?" ... "We'll dig our way out!" ... "No, no, dig UP stupid!"
(Score: 4, Insightful) by bitstream on Tuesday April 05 2016, @11:31PM
WhatsApp Inc., have their corporate base in California, USA so they can get one of those famous letters. And the same goes for the two most popular operating systems and their hardware. So it's essentially been had before it even starts. But the first question to ask is how to ensure distribution of the client and to ensure that the client actually does what it says without, say encoding an extra key etc.
Mobile phone security:
* Hardware (signing, extra chip logic, radio modem entry point etc)
* Operating system (backdoors)
* Applications (doing extra thwarting of user actions)
(Score: 1) by Francis on Tuesday April 05 2016, @11:56PM
Depends how it's set up. They could set it up so that they don't have access to the device specific keys, such as via public key cryptography. In which case, it doesn't matter what letters they get, they wouldn't have the ability to break in there and can't be legally compelled to do so.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @01:13AM
"Deploy a software update to this device's IP address that sends us a copy of the password and backdoors further encryption"
(Score: 1) by Francis on Wednesday April 06 2016, @02:42AM
Google doesn't permit 3rd party updates. The only updates they can make are through play. I believe that Apple has similar rules.
So, unless you're sideloading the app, they can't do that. Also, they can only access data that's stored at that time, not necessarily anything that you've been talking about previously.
(Score: 2) by frojack on Wednesday April 06 2016, @05:10AM
There is another hole to consider.
Both Apple and Google have backup of settings you've made on your device. Maybe Windows phone too for all I know.
They back up various app data. https://support.google.com/nexus/answer/2819582?hl=en [google.com]
So if someone could get to your google account, they could attempt to get at that data, and probably get keys to a lot of castles.
I've had one app issue an update just to turn off backup of its settings as that google backup represented a security risk.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @10:41AM
"Deploy a software update that sends us a copy of the password and backdoors further encryption for this device"
(Score: 2) by bitstream on Wednesday April 06 2016, @02:53PM
How would you know it actually does what it says?
(Score: 5, Insightful) by Anonymous Coward on Wednesday April 06 2016, @12:16AM
(1) There will ALWAYS be flaws. This is an improvement in the number of flaws. Do not let the perfect be the enemy of the good.
(2) There is a network effect here - by default ALL traffic is now encrypted. We already know that the NSA keys on encrypted traffic as suspicious and automatically worthy of scrutiny and preservation beyond their default levels. When everybody uses encryption, the people who desperately need encryption no longer draw attention to themselves simply by using encryption. That's a big improvement in the baseline.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @12:22AM
Not to mention the increase in storage requirements.
(Score: 2) by bitstream on Wednesday April 06 2016, @03:01PM
You'r right. Unless people are being lulled into using compromised encryption on a massive scale so that it's possible to pick out the unbreakable or hard ones from the crowd that then is only hard from the perspective of ordinary people (plebs).
Proprietary software is now in a dilemma. They can protect profits, or protect trust. It's possible to make a profit from released source but it's not longer an obvious course of action.
(Score: 1, Informative) by Anonymous Coward on Wednesday April 06 2016, @07:16PM
This app has a serious issue, which is that it's proprietary. It doesn't respect the users' freedoms and can't be trusted. It's good that they supposedly have better encryption, but it needs to respect the freedoms of the user before it can really be recommended.
(Score: 2) by frojack on Wednesday April 06 2016, @03:55AM
WhatsApp Inc., have their corporate base in California, USA so they can get one of those famous letters.
Well if they did it right the letter gets them nothing.
It would take another rather public court order fight to get them to create a compromised version and cause it to be updated over the net to everywhere. That would be loud enough that you might hear about it.
But don't forget this is FACEBOOK, and they are a hell of a lot more untrustworthy than Apple. I wouldn't be surprised if, as you suggest, they had their own key in there as well as the users, just to satisfy CLEAA.
And I still don't understand the QR code business. Most of the people I deal with on the phone or via text I would have no opportunity to scan their QR code, so how does that work?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @10:31AM
> . I wouldn't be surprised if, as you suggest, they had their own key in there as well as the users, just to satisfy CLEAA.
The combined law enforcement associations of arizona? [cleaa]
CALEA has no requirement to decrypt if the carrier does not posses the keys so simply by engineering the system not to have backdoor keys makes it so they don't legally have to have backdoor keys:
47 USC 1002(b)(3): [cornell.edu]
(3) Encryption
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
House Report No. 103-827 - TELECOMMUNICATIONS CARRIER ASSISTANCE TO THE GOVERNMENT [fbi.gov]
Nothing in this paragraph would prohibit a carrier from deploying an encryption service for which it does not retain the ability to decrypt communications for law enforcement access.
> And I still don't understand the QR code business. Most of the people I deal with on the
> phone or via text I would have no opportunity to scan their QR code, so how does that work?
The QR code is for in person meetings, the manual reading aloud of the hex digits is for (weak) in-band verification. Just because you won't use the QR code doesn't make it useless to everyone. Your circumstances are not everyone's circumstances. Who would have guessed not everybody lives their lives exactly the way frojack lives his?
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @02:50PM
This is kind of off topic. I put Google Goggles on my phone which does a good job at identifying and decoding bar codes and QR codes from photos. It sends photos up to the clouds for processing and cross-referencing. I don't think I'd want to use something that sends everything I scan up to the clouds on a daily basis, especially as part of a secure system. It was more a gee-wiz thing. It's pretty keen for what it does.
Is there a good Android bar/QR code reader that does everything on the phone?
I don't really have a use case, just wondering if anyone has recommendations.
(Score: 2) by kadal on Wednesday April 06 2016, @03:18PM
https://play.google.com/store/apps/details?id=com.google.zxing.client.android [google.com]
It's on f-droid, AFAIK
(Score: 4, Interesting) by q.kontinuum on Tuesday April 05 2016, @11:35PM
... what could possibly go wrong? Not trying to be overly paranoid, but being overly trusting feels wrong too...
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @12:07AM
Yes, 2014 called and it wants $16 billion.
—https://newsroom.fb.com/news/2014/02/facebook-to-acquire-whatsapp/ [fb.com]
(Score: 2) by edIII on Wednesday April 06 2016, @02:23AM
You're being gracious.
They could say that it couldn't even be broken in infinite time, but all of that means precisely dick.
Proprietary? Check
Faceboook? Check
Complete lack of transparency? Check
Encryption will only be trusted, if and only if, ALL of the code, methods, *everything* is FOSS. That's the only encryption that I will ever trust, and even then, the chain o' security begins with the device itself.
End-to-end encryption is wonderful......... when it's transparent and can be vetted. Otherwise, we can pretty much assume the NSA has enough of the whatever they need to brutally compromise WhatsApp.
In a way it's hilarious to expect privacy from a Zuckerberg corporation. It's not like he gets rich off your privacy or anything......
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Insightful) by Fnord666 on Wednesday April 06 2016, @04:04AM
It has to go further than that. You have to be able to build the application from the available source code and toolchain. Just because you can see some source code doesn't mean the binary you just installed was built with it.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @06:21AM
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf [cmu.edu]
(Score: 3, Informative) by Pino P on Wednesday April 06 2016, @07:55PM
You mention the Ken Thompson "Trusting Trust" attack involving a backdoored compiler. That's far less of an issue now that we have multiple independent implementations of C++. With more than one compiler, you can bootstrap a free compiler off each of them. This is the "diverse double-compiling" mitigation [dwheeler.com] described by David A. Wheeler.
Phase 1: Start with three independent C++ compilers (call them VC++, IC++, and Clang++) and the C++ source code of a free C++ compiler (call it G++). Then compile G++ with each compiler. The resulting executables (G++/VC++, G++/IC++, and G++/Clang++) will differ due to different optimization approaches, but if none are compromised, all should have the same behavior, namely that of G++. The next phase will show that this is the case.
Phase 2: Now compile G++ with each of these G++/* executables. Because they have the same behavior, they should produce bit-identical executables: G++/G++. If the resulting executables differ (other than in embedded timestamps), then one or more of the compilers is compromised. But if they're the same, there are two possibilities. Either all compilers are clean, or they share the same backdoor. Which is more likely?
(Score: 2) by q.kontinuum on Wednesday April 06 2016, @05:47AM
It still means if they keep secretly access, they can't use the obtained information openly and need to keep a close eye on everyone involved, so nobody finds out. That might limit the ways the information could be used. (On the other hand, whoever still trusts this blindly ever since Snowdens leaks will probably not change his mind if something like that came out...)
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 3, Funny) by JNCF on Tuesday April 05 2016, @11:35PM
(Unless, of course, your widget is running malware, or the opposition can get their mitts on it.)-:
I know this makes me a jerk [soylentnews.org], but you just ended those parentheses with a sadface. I think you meant to use a parenthesis instead. It's a common miatake, they look very similar.
(Score: 4, Funny) by c0lo on Tuesday April 05 2016, @11:43PM
Good news: you can give a TED talk about it; bad news: only once [xkcd.com].
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @04:04AM
(Score: 2) by c0lo on Wednesday April 06 2016, @11:26AM
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @12:11AM
(Unless, of course, your widget is running malware, or the opposition can get their mitts on it.)☹—:
Better?
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @01:37AM
now it looks like a sad horseface
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @04:55AM
The "fixed" one is a full stop, close paren, sad face emoji, em dash, and colon. It seemed like a good idea at the time.
(Score: 3, Insightful) by opinionated_science on Tuesday April 05 2016, @11:43PM
1) I have Signal. Until I get Whatsapp source code, it's a cute announcement, but carries no weight. This is because the Govt has made it illegal to disclose if you put in backdoors...(Still the major WTF? )
2) None of my contacts seem to have the secure update....!
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 06 2016, @01:40AM
(1) Signal depends on the google play store's closed source api, so while it isn't as untrustworthy it is still untrustworthy pick your poison
(2) Patience Give it a few days for it to roll out
(Score: 2) by frojack on Wednesday April 06 2016, @05:26AM
Did the Patience bit, with Signal.
Invited several people, couple tried it, and then ended up deleting it because all their friends were on another service.
Deleted it.
Same with Proton Mail. It wouldn't inter-operate with normal GPG/PGP encrypted email. How hard would that have been to add? Deleted it.
Same thing with Telegram. Nobody home.
Deleted it.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @10:34AM
None of that applies to WhatsApp which has a billion users.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @11:36PM
That second point was about working with PGP or GPG.
(Score: 2) by kadal on Wednesday April 06 2016, @03:19PM
SIgnal only uses GCM to tell the device there is a message waiting for it on the server.
(Score: 2) by Pino P on Wednesday April 06 2016, @08:11PM
If the intent is to cover Fire OS devices, which don't ship with the GCM library, one could try using ADM, Amazon's counterpart to GCM [amazon.com]. But that appears to be proprietary as well, as it works only on Fire OS devices, not all devices that can run Amazon Appstore. So what push mechanism should free software for Android be using instead? F-Droid lists alternatives to several proprietary libraries [f-droid.org] but not to GCM.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @09:38PM
That's true, but it misses the point.
Signal makes a call into the GCM binary blob.
Once it starts executing GCM code, there are no guarantees.
It also means you have GCM's various services running on your phone, so even if Signal doesn't directly execute compromised code, your phone may still be compromised because GCM is sitting there in the background doing housekeeping.
(Score: 3, Insightful) by Runaway1956 on Wednesday April 06 2016, @01:51AM
2) is a killer. Few of my contacts see any point in encrypting anything. Those who see a point only encrypt now and then. None can be bothered with full time encryption. No encryption app "works" if the intended recipient can't or won't install the software needed to decrypt the message. Those who only encrypt the odd message that they consider "important" are self defeating - surveillance knows what he'd doing all the rest of the time, so the odd encrypted message draws their attention. Chances are, if they know everything else, they have a good chance of deducing what he put in his encrypted message.
Encryption should be an integral part of all operating systems, as well as application. Joe Sixpack shouldn't have to think about it, he shouldn't have to opt-in or opt-out. Joe doesn't want to think, or make decisions.
Abortion is the number one killed of children in the United States.
(Score: 2) by hemocyanin on Wednesday April 06 2016, @04:35AM
Signal is pretty cool in that you can replace your normal SMS app with it. You can use it to communicate, unenecrypted of course, with non-users, and encrypted between users.
One of the main issues with something like whatsapp, is that BOTH parties HAVE to install it, meaning that many people will be annoyed by having to run two different apps and remember who to use the encrypted app with. When people can use one app for both types of contacts, it lowers the barrier to entry for that individual (at the expense of making it easier to mistake who is who) and thereby makes it more likely for the app to spread over time.
(Score: 2) by kadal on Wednesday April 06 2016, @03:22PM
They probably already have it. There is no rollout. My app updated sometime last week. Message anyone with the latest version and it'll popup a message saying the chat is now encrypted.
(Score: 1, Insightful) by Anonymous Coward on Tuesday April 05 2016, @11:56PM
Wired has paywalled themselves. Benevolence or delusion?
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @05:45AM
It was reported in February [soylentnews.org]. FWIW I can read the site with Tor Browser, and I don't see obtrusive ads.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @03:11AM
...you have to do it yourself.
If you actually want encryption you have to write (or at the very least compile) an .APK / .APP and install it on your device yourself.
Bonus if you write your own algorithm.
Not because your own algorithm will be more secure, it probably won't, but every bit of digital security is security through obscurity, and the more algorithms there are, the better for us all.
I use hash based encryption in my ciphers, because it's strong against quantum computers. Eventually the crypto industry will use similar tech, but they're still squabbling over what cipher will be the standard for "authenticated encryption" while me and mine just use it right now.
(Score: 0) by Anonymous Coward on Wednesday April 06 2016, @04:35AM
Too bad you can't trust one of the handsets on the market today so all efforts are in vain.
(Score: 1, Interesting) by Anonymous Coward on Wednesday April 06 2016, @05:45AM
You can't trust any of the consumer grade CPU MFGs either. [wikipedia.org] AMD has a similar system with similar security concerns. That's why Russia and China are producing their own MIPS fabs. I have a few homebrew systems of my own, but that's just a fun hobby, not really practical (nor are my systems very reliable).
So, any case one's best bet is to isolate the chip doing the ciphering from its network -- remove its ability to phone home. Perform the encryption on a device that never goes "online", and transfer the cipher via a method that's verifiable (like as the new hotness of "authenticated encryption", such as hash based encryption) -- Preferably perform this over a connection type that doesn't expose the isolated cipher host to exploit. I use a custom parallel port interface I built myself between desktop machines, and a similar homebrew IR interface for transferring onto mobiles. Think of it as a hardware firewall. Then the data can transit the nets encrypted and tamper proof.
So long as the other party takes similar precautions you can be safe.
Most people don't have anything they need to communicate securely. Most people just need to protect against thieves. Most people don't think crypto is "fun" nor do such things just because they can either...
(Score: 5, Insightful) by stormwyrm on Wednesday April 06 2016, @06:43AM
Your encryption algorithm will probably be crap, and if your adversaries get a hold of it they will rip it to shreds. It is always better to use an open algorithm that the international academic cryptographic community has been able to analyse and they have found has no serious flaws. I'd go with AES (Rijndael), Serpent, Twofish, or Blowfish. Hash-based encryption... *sigh* Hash algorithms are not designed to be resistant to, say, differential cryptanalysis, which is not an applicable attack against hashes. It may be "strong against quantum computers" but it probably has even bigger weaknesses that don't NEED a quantum computer to exploit!
Then there is the question of protocols. Secure protocols are very difficult, and I don't know if there is an open standard protocol out there that hasn't been corrupted by the interference of the TLAs. TLS has many weaknesses due in part to government meddling in the days of Crypto War I. Simplistic protocols for key exchange with UDP-based VPNs not designed by professional cryptographers have proved insecure time and time again.
People need interoperability when using cryptography, and the only way to do that is with standards. You're never going to talk to anyone unless you can convince other people to use your app too.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by q.kontinuum on Wednesday April 06 2016, @08:47AM
What happens, if I reinstall WhatsApp for some reason? Is there any way to download my old messages and re-import (e.g. on the new device)? Does WhatsApp by any chance (officially!) store the encrypted messages? Can I export ma own key and import it on a new device (or just after the installation)?
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by kadal on Wednesday April 06 2016, @03:21PM
It'll give you a new key. There's an option that, if enabled, will warn you that your contacts' keys have changed if they have reinstalled.