Slashdot Mirror

← Back to Stories (view on slashdot.org)

WhatsApp To Offer End-to-End Encryption

Posted by timothy on from the trend-worth-extending dept.

L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?

5 of 93 comments (clear)

  1. Re:FBI Director James Comey may not care. by Aqualung812 · · Score: 4, Insightful

    What root console? If it is really END TO END, then WhatsApp can't see the data either.

    --
    Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  2. Re:FBI Director James Comey may not care. by arth1 · · Score: 2

    If it is really END TO END, then WhatsApp can't see the data either.

    True, but anyone sniffing the traffic can, if they have access to a decryption key. Not that we know of anyone who would possibly do that...

    In my view, this encryption is not to be trusted unless and until it can accept keys that are generated outside the WhatsApp product. Otherwise, how much would you want to bet that the three letter agencies aren't getting a master key under a hush order?

  3. Re:FBI Director James Comey may not care. by Pi1grim · · Score: 5, Interesting

    The problem with WhatsApp is that it is closed-source, so you can't really check. You'll have to take their word for it. Also, they facilitate key exchange, so the whole "end-to-end" stuff is actually moot, since user is taken out of the loop and server can, at any time re-negotiate the keys and verify that MITM as a person A, that person B is trying to get in contact with. So it's all, once again, a lot of buzzwords, and zero security.

  4. The problem is always the client by MobyDisk · · Score: 3, Insightful

    This really only works if the client is open source. Otherwise, you don't know that the client doesn't send the keys through a side channel or store them somewhere.

  5. Re:FBI Director James Comey may not care. by arth1 · · Score: 2

    This is the same company that lied about the capabilities of its photo app, as well as stored the photos insecurely.

    Why would they have to? All they need to do is present Whatsapp with a hush order to hand over keys.
    When Whatsapp generates and maintains the keys, there's no real security here.
    I even think it's not unlikely that they have implemented this in cooperation with the three letter agencies, in order to lure people into thinking it is safe. And the great unwashed masses will be fooled, as always.