Stories
Slash Boxes
Comments

SoylentNews is people

WhatsApp Encrypts End-to-End in Latest Version

posted by cmn32480 on Tuesday April 05 2016, @11:17PM   Printer-friendly
from the what-about-beginning-to-beginning dept.

Max Hyre writes:

The title pretty much says it all. According to the report:

the service will encrypt all messages, phone calls, photos, and videos moving among [the devices].

Moxie Marlinspike is involved, so they have a chance of getting it right, and no one, even WhatsApp, will be able to know what you”re saying, texting, viewing, &c. (Unless, of course, your widget is running malware, or the opposition can get their mitts on it.)-: They claim this is available on nearly a billion devices—this is a really big deal.

takyon: Alternate links with no Wired paywall: TechCrunch, Washington Post, CNET, Reuters.

Original Submission

 
This discussion has been archived. No new comments can be posted.
WhatsApp Encrypts End-to-End in Latest Version | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by kadal on Wednesday April 06 2016, @03:19PM

    by kadal (4731) on Wednesday April 06 2016, @03:19PM (#328092)

    SIgnal only uses GCM to tell the device there is a message waiting for it on the server.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Pino P on Wednesday April 06 2016, @08:11PM

    by Pino P (4721) on Wednesday April 06 2016, @08:11PM (#328222) Journal

    If the intent is to cover Fire OS devices, which don't ship with the GCM library, one could try using ADM, Amazon's counterpart to GCM [amazon.com]. But that appears to be proprietary as well, as it works only on Fire OS devices, not all devices that can run Amazon Appstore. So what push mechanism should free software for Android be using instead? F-Droid lists alternatives to several proprietary libraries [f-droid.org] but not to GCM.

  • (Score: 0) by Anonymous Coward on Wednesday April 06 2016, @09:38PM

    by Anonymous Coward on Wednesday April 06 2016, @09:38PM (#328251)

    That's true, but it misses the point.
    Signal makes a call into the GCM binary blob.
    Once it starts executing GCM code, there are no guarantees.

    It also means you have GCM's various services running on your phone, so even if Signal doesn't directly execute compromised code, your phone may still be compromised because GCM is sitting there in the background doing housekeeping.