Stories
Slash Boxes
Comments

SoylentNews is people

WhatsApp Encrypts End-to-End in Latest Version

posted by cmn32480 on Tuesday April 05 2016, @11:17PM   Printer-friendly
from the what-about-beginning-to-beginning dept.

Max Hyre writes:

The title pretty much says it all. According to the report:

the service will encrypt all messages, phone calls, photos, and videos moving among [the devices].

Moxie Marlinspike is involved, so they have a chance of getting it right, and no one, even WhatsApp, will be able to know what you”re saying, texting, viewing, &c. (Unless, of course, your widget is running malware, or the opposition can get their mitts on it.)-: They claim this is available on nearly a billion devices—this is a really big deal.

takyon: Alternate links with no Wired paywall: TechCrunch, Washington Post, CNET, Reuters.

Original Submission

 
This discussion has been archived. No new comments can be posted.
WhatsApp Encrypts End-to-End in Latest Version | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by frojack on Wednesday April 06 2016, @03:55AM

    by frojack (1554) Subscriber Badge on Wednesday April 06 2016, @03:55AM (#327916) Journal

    WhatsApp Inc., have their corporate base in California, USA so they can get one of those famous letters.

    Well if they did it right the letter gets them nothing.

    It would take another rather public court order fight to get them to create a compromised version and cause it to be updated over the net to everywhere. That would be loud enough that you might hear about it.

    But don't forget this is FACEBOOK, and they are a hell of a lot more untrustworthy than Apple. I wouldn't be surprised if, as you suggest, they had their own key in there as well as the users, just to satisfy CLEAA.

    And I still don't understand the QR code business. Most of the people I deal with on the phone or via text I would have no opportunity to scan their QR code, so how does that work?

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday April 06 2016, @10:31AM

    by Anonymous Coward on Wednesday April 06 2016, @10:31AM (#327995)

    > . I wouldn't be surprised if, as you suggest, they had their own key in there as well as the users, just to satisfy CLEAA.

    The combined law enforcement associations of arizona? [cleaa]

    CALEA has no requirement to decrypt if the carrier does not posses the keys so simply by engineering the system not to have backdoor keys makes it so they don't legally have to have backdoor keys:

    47 USC 1002(b)(3): [cornell.edu]
    (3) Encryption

    A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

    House Report No. 103-827 - TELECOMMUNICATIONS CARRIER ASSISTANCE TO THE GOVERNMENT [fbi.gov]

    Nothing in this paragraph would prohibit a carrier from deploying an encryption service for which it does not retain the ability to decrypt communications for law enforcement access.

    > And I still don't understand the QR code business. Most of the people I deal with on the
    > phone or via text I would have no opportunity to scan their QR code, so how does that work?

    The QR code is for in person meetings, the manual reading aloud of the hex digits is for (weak) in-band verification. Just because you won't use the QR code doesn't make it useless to everyone. Your circumstances are not everyone's circumstances. Who would have guessed not everybody lives their lives exactly the way frojack lives his?

    • (Score: 0) by Anonymous Coward on Wednesday April 06 2016, @02:50PM

      by Anonymous Coward on Wednesday April 06 2016, @02:50PM (#328078)

      This is kind of off topic. I put Google Goggles on my phone which does a good job at identifying and decoding bar codes and QR codes from photos. It sends photos up to the clouds for processing and cross-referencing. I don't think I'd want to use something that sends everything I scan up to the clouds on a daily basis, especially as part of a secure system. It was more a gee-wiz thing. It's pretty keen for what it does.

      Is there a good Android bar/QR code reader that does everything on the phone?

      I don't really have a use case, just wondering if anyone has recommendations.