Slashdot Mirror
WhatsApp To Offer End-to-End Encryption
L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?
...if the receiver is permanently encrypted as well. With a bullet, preferably.
FISA courts, secret warrants and GITMO still exist. If the government wants information on encrypted data being sent from a computer to a server, they'll quietly demand it from the root console. Systems that would seriously secure the user would be over the wire and on disk encryption, with keys dynamically generated and unknown to the provider. This however would also empower the user to seek privacy from facebook itself.
kids dont care but then again they arent allowed on my lawn. Stop using *cloud, *app, *book, *mail. Back in my day we ran our own mail and patronized services like freenode that ensure the security of their users and avoid pavlovian backflips for governments.
Good people go to bed earlier.
"Unaccessible"? Maybe you mean inaccessible.
Editors...? Bueller...? Bueller...?
WhatsApp controls the client, they could always rebroadcast or just turn encryption off for selected users. This is the same company that lied about the capabilities of its photo app, as well as stored the photos insecurely.
I know next to nothing about whatsapp but from what wikipedia says, it's basically a bypass for texting and media-data sending fees for cell phone companies. Every one I've ever heard of has been banned by Apple at least and sometimes Android after pressure from carriers. What the heck let this one stick around? The same goes for VOIP services over data preventing people from going over their minutes. Those got banned the day they rolled out of the last 10 years. Now that it's encrypted it's superior to direct cellular sending of texts and pictures but since the NSA can't spy on it, get ready for some fake claims that it's costing the cell companies money in lost overages.
Do you have a current favorite for encrypted online chat?
Telegram. It's open source, uses end to end encryption, and, unlike whatsapp, supports multiple connected clients at a time - including desktop clients for all platforms.
Of course you'll be hard pressed to find anyone on telegram expect my wife and I. Kids don't care about security, or source code.
If it ain't broke, don't fix it.
Tor showed us that it doesn't really matter, just compromise one of those "END's".
This really only works if the client is open source. Otherwise, you don't know that the client doesn't send the keys through a side channel or store them somewhere.
I typically use Pidgin with the OTR encryption plugin for online chat.
It doesn't work on computers, only phones.
It's not interesting. At all.
I sure hope he hasn't been compromised, by green paper 'malware', or *an offer he can't refuse*.
“He’s not deformed, he’s just drunk!”
needs to be implemented at all levels of the internet, hopefully it gives the American Stasi like the NSA, CIA, and FBI major headaches...
> Do you have a current favorite for encrypted online chat?
Cone of silence, obviously.
Literally the first time I heard about WhatsApp was when they were sold for 19 billion. This made no sense to me. So I asked my teenage daughters about WhatsApp and they had never heard of it. So I chalked WhatsApp to being the ultimate in hype.
But to stand out and offer end to end encryption where WhatsApp can't read your stuff will be interesting. The question is: "Do we trust them."
Wikr is what I use. Right now it's only available as an iOS and Android app. You specify how long you want your messages to exist for and the countdown starts when the receiving party views the message. Slightly clunky, but very very secure:
From the website:
App:
ID and device info are cryptographically hashed with multiple rounds of salted cryptographic hashing using SHA256.
Data at rest and in transit is encrypted with AES256.
No password or Password hashes leave device.
Messages and media are forensically wiped after they expire.
Server:
In contact with encrypted messages/media only.
Never in contact with passwords of private encryption keys.
Deletes messages on delivery.
Interacts with only hashed ID and device info.
I am not interested in articles about life extension advancements.
It's run by Facebook, after all, which will bend to the will of the U.S government. "Secure."
I'm starting to think people might actually believe this, which is why we're all going to have to start rebutting foolish statements like that one, instead of just chuckling at the joke. Who knows, maybe you're even serious and sincerely believe what you said (more the pity). If you were joking, though, I humbly ask you to please stop, because I have now heard this belief in end-to-end crypto's implications, from several laymen now.
If it is really end-to-end, then WhatsApp might not be able to see the data.
Let's go over the two easiest ways that WhatsApp might be able to read the data. The first will probably bore you (yet is very real) and the second is something that I'm starting to think most people don't understand but need to learn about.
The first is that most users have been trained to adopt a culture where unsolicited software updates are seen as a relatively normal thing. "Oh, there are 12 updates available today," [click] "yes, please install the updates." If they're paying really close attention, maybe they'll even notice which applications are updating. If they are super paranoid, maybe they'll even read a brief summary of the purpose of the update. "Security fixes. Yeah, that sounds like something I might need!" Congrats, the party who is holding a gun to someone's head at WhatsApp (or who simply has infiltrated some server; maybe WhatsApp doesn't even know this is happening) now has you running their code which has access to the secret. So it can send the key someone.
(That is, of course, that someone didn't already have a talk with WhatsApp and persuade them that CALEA applies to them, which would mean that it comes out-of-the-box with a backdoor where people can ask for the key. Since this is a proprietary application, no one has audited it so no one knows whether or not it already has such a back door. That issue is basically why no one should ever use proprietary applictions for interpersonal communications.)
That's the boring paranoid risk: that we're not going to have secure communications until we start making even half- assed attempts at securing our computers and not running potentually hostile code.
Second, we don't know how the key exchange works. So therefore it might be that getting the decryption key doesn't take any of the scenarios above. Assuming it uses PK, we don't know how parties are introduced to each other and how MitM-vulnerable it is. It's an old subject, but one that rarely gets addressed satisfactorily. End-to-end encryption does not imply competent key-exchange, and indeed, it is normal and part of all our everyday experiences, for us to use such crypto with key exchange that we know is done stupidly (e.g. https) without any regard for the common sense norms of even twenty years ago.
The article doesn't talk about the how the key exchange works, and since that is usually done wrong, it's not unreasonable to assume they probably did it wrong too. The only clue that they might have done it right, is that they're quoting Moxie Marlinspike as having something to do with the development.
o.O
Telegram got bashed a lot for their smoke and mirrors approach to raising trust in its platform, especially as it's _not_ open source, uses unproven crypto methods, and their hack-me dare was limited to known-crypto-text attacks, not proving much at all.
The real question is NOT whether a targeted attack by the NSA can easily decode a given communication- we must ALWAYS assume that to be true. No, what we want to know is whether this claimed end-to-end encryption defeats the REAL intent of the NSA- full surveillance of the Internet, obtaining and storing ALL electronic communication.
NSA full surveillance projects, like Rupert Murdoch's and Bill Gates' inBloom database system on EVERY child in the USA (which wasn't cancelled, as reported here, but added to the roster of NSA tools), are about gathering all possible information for THREE primary purposes-
1) 'mind reading'- real time analysis of the collected mindset of the population or defined subsets. This allows perfected propaganda programs to coerce the population into desired directions using this feedback.
2) blackmail and other forms of intelligence on ALL Humans, so that when a person rises to a position of any sort of power or influence, the NSA can provide its masters with the tools to manipulate that person.
3) the identification of new, emerging grassroots organisations or individuals, so such may be taken down or co-opted in infancy before any significant numbers of ordinary people have even heard of them.
ALL State intelligence operations across the History of Mankind, dating back multiple THOUSANDS of years, have had these three main goals. Intelligence operations NEVER EVER have anything to do with 'fighting crime'.
Believe me- if FILTHY FACEBOOK is behind a thing, that thing ALWAYS exists to benefit the NSA. So, rather like the OFFICIAL encryption and file deletion programs offered by the big corporations, know that this so-called end-to-end encryption is FULLY compromised by design. What you need to use is an open source end-to-end encryption system using known good encryption algorithms, and a method of key exchange that defies simple bulk automated NSA gathering methods. Security via obscurity WORKS by requiring attackers to devote REAL Human resources to each target.
Unfortunately, NSA total surveillance programs are only fully defeated if their sample rate falls below statistical significance. If, say 5% of people communicate in ways that defeat NSA auto-gathering methods, the NSA loses little. REMEMBER- those that REALLY care have always had the option of secure communication (one-time-pad, anyone?). Sadly, the people making the devices and services that the ordinary Joe/Jo-Anne uses to communicate are fully in the pockets of the NSA.
Do you trust the people behind this? If so why?
"If any question why we died, Tell them because our fathers lied."
Tried and true.
not many apps can show not to have back doors. Silent Text is my app of choice but as with anything that offers any real privacy, you have to pay for it.
Telegram offers every feature of WhatsApp, plus end-to-end encryption with visual signatures, arbitrary file sharing, multi-device support (including PC), is open source and the API is published.
They claim to have 40M+ users, so they're a substantial amount of the way to displacing WhatsApp already.
A government is a body of people notably ungoverned - AC
... when the app is open source.
Comment removed based on user account deletion
Obama is friends with Zuckerberg so if Zuckerberg is offering encryption, it's just there to give an illusion of security as by know Obama and his goons have already found a way to crack or exploit the encryption.
Still subject to traffic analysis.
Most of the information they want in the first place is "who is talking to who when and for how long", which is still in the clear, even if there is end to end encryption. So most of the important data, what government agencies in the news have called "Just Metadata", is still capable of being intercepted (and is).
Once they have an associative pattern that they think indicates a crony in an illegal activity, *THEN* they target the content of the conversation. In this particular case, it should be possible to MITM the conversation as well, with a combined order for keys and gag order, the same as is done to compromise SSL conversations right now, by forcing the CA to sign new certs for the requesting agency, and using them to proxy the conversation.
In other words, this is not a magic "big win" for privacy.
Jiffy.
uses tls and openpgp
hates all contact except those we trust in our keyring
same thing happens with server :P
And here I thought my solution of attaching matching pretzels to each cup, and then tying the string to the pretzels, ensured our communication was private. The only difficult part was trying to add a third party after you had already eaten the bag of pretzels, as finding a third matching pretzel at that point was sometimes quite difficult.
Don Head
UNIX/Linux Administrator
What difference does it make if the app is entirely secure when the OS can be infiltrated and the information captured at the source.
This is interested and all. But whatsApp is proprietary, so you can't really trust them to do what they are saying. Now, that will be different if there is a website that did encryption so we could see its source code to ensure no backdoor. Like https://i.cx
News is still unconfirmed by Whatsapp as of november, 21, 2014.-Ignacio Agulló
What encrypted messaging app do I use? None. My friends don't use it. I had *one* friend I could talk into installing Telegram. But it's really not "secure" because it saves things on your device, and the desktop version saves things in the clear, so anyone with access to your computer can ready them.
Like another poster said, the other end is your weak link. An open source app might even be worse, because someone could modify their app to say a message was deleted when it wasn't. Or rather, their device could be hacked and a modified app installed.
If WhatsApp really does do E2E encryption, more power to them, but don't assume it's very secure.
"End-to-end encryption is easy - you just need to send a courier with a one time pad."
Key management is a PITA. Still, making pairs of DVDs filled with random noise isn't that hard. If you seal them with glitter nail polish and send a picture of the sealing back, then you and the recipient can be fairly sure it wasn't intercepted and copied.
USB sticks are larger, but you need to completely erase the USB or DVD after copying to disk. Then the program needs to enforce that used blocks on the disk are erased.
Phil Z and one other name in the crypto biz thinks this is unneeded.
It doesn't work well for encrypting pirated movies, but for most stuff it's really secure.
End MGM. Get prospective parents of boys to Google: Men do complain
End to end encyryption is just one side of it, Wickr app also implements a number of UI paradigms and particularly the per-message user-set time-expiry feature that no on else has right now. This for me is the most important feature because who will own my chat data 20 years from now (be it encrypted or not)? I'd rather it be deleted when I want it, so conversations can be more ephemeral like real life.