Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients

An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.

Oh the irony

[OzPeter]

The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow.

With the previous story being 2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are

Re:Oh the irony

[ganjadude]

seriously... the very last story was this - http://linux.slashdot.org/stor...

I mean come on now

OK

[koan]

Whatsapp is owned by Facebook, Facebook can not be trusted, Whispersystems is Moxie Marlinspikes gig, so has Moxie sold out? Possible but not probable so I'm going with "additional code" added to the package once the Facebook Balut's get their slimy claws on it.

What's a Balut?
https://en.wikipedia.org/wiki/...

Re:OK

It's not like Moxie did't sold out to twitter before...

Re:OK

Use Tox instead, SHEEPLE!

It doesn't matter that no one's actually using it or it doesn't have any stable mobile apps. At least your one-sided conversations are fully encrypted out of the box, AND you can inspect the code yourself since it's free as in freedom. Which is a great way to kill time when there's no one to talk to.

You're welcome.

SubjectsInCommentsAreStupid

[lesincompetent]

Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...
(please note: i do not have whatsapp).

Re:SubjectsInCommentsAreStupid

Messages to other users are simply not encrypted

Re:SubjectsInCommentsAreStupid

[johanw]

At least not better encrypted than Whatsapp did before it started with this.

Did anyone analyse these implementations? Are they cryptographically sound?

Re:SubjectsInCommentsAreStupid

[Fnord666]

Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...

WhisperSystems seems to confine its development efforts to the Android platform for some reason.

XMPP

[BitZtream]

http://xmpp.org/rfcs/rfc3923.h...

Seriously, stop using proprietary carpware.

Its one thing when proprietary offers you some benefit, but when it comes to IM, using anything other than XMPP from someone who supports federation is just as retarded as using email from someone who doesn't do proper SMTP.

Re:XMPP

Then please try to persuade all my friends and family members that currently use WhatsApp on their Android/iOS phones.

Re:XMPP

Its one thing when proprietary offers you some benefit,

The "benefit" is actually being able to talk to your friends.

Re:XMPP

You're just not trying hard enough! Make them understand that you can't bend your principles or ideals to mere pragmatism, and neither should they!

Re:XMPP

You're assuming they actually have those principles and ideals.

Re:XMPP

Exactly: "ohh look at this new shiny, I have no idea how it really works but I can send my friends messages on it! What's encryption mean again?"

Re:XMPP

Here's the benefit: proprietary carpware gives the companies an a way to monetize. Much harder to monetise an on an open standard when anyone else can build a client. More money = more resource to build a better product.

Re:XMPP

[greenfruitsalad]

show me a free xmpp server that supports all the necessary XEPs for reliable message delivery on mobile devices. you'll find exactly 0.

if i remember correctly, only ejabberd caters for mobile users and that is only free for up to 5 users. (the gpl only version does not support all needed extensions)

even if you manage to find one, try to find a free jabber client that supports those xeps. you'll find exactly 0 (well, you'll find 1 on fdroid, but in play store, it's paid for).

so you see, at the moment, xmpp is a very poor substitute for whatsapp (with OTR), telegram and the likes.

Re: XMPP

[stickystyle]

Well...they actualy do use XMPP, just with some junk added on to make it work more reliably in their enviroment.

Re:XMPP

[tsa]

Is that such a strange thing, that people who don't have a clue about how computers work don't know this?

Re:XMPP

Its one thing when proprietary offers you some benefit, but when it comes to IM, using anything other than XMPP from someone who supports federation is just as retarded as using email from someone who doesn't do proper SMTP.

Sure, I'll make the effort to switch my friends to an open source protocol as soon as you can point me to a client where:
- the user interface doesn't suck,
- users can find other users without performing black magic,
- it's actually capable of sending multimedia files, smilies, and creating groups of users,
- it works at least on Android and iPhone,
- doesn't merely replace one server farm with another one
- and it provides an important extra function not found already in WhatsApp that a common user may care about (such as encryption), to have some argument to convince my friends to switch.

Oh, wait, there aren't any FLOSS clients with all those properties.

Re:XMPP

[TuringTest]

Can you name which client in fdroid is the reliable one you're talking about?

Re:XMPP

[greenfruitsalad]

"conversations" supports xep-198 and xep-280. those 2 are the minimum for a functional mobile client. however, when i tried this messenger (6+ months ago), i found the user interface pretty but less than intuitive.

"yaxim" gives you those xeps too, but only 1 xmpp account is supported and it looks like it's from the nineties.

Oh yeah?

I did this with facebook as a chrome plugin at a hackathon.

http://snowcrypt.ca

Re:Oh yeah?

Well looks like you've got the makings of a kickstarter campaign right there!

User Hostile Service

[r0kk3rz]

It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.

Whatsapp has recently been banning users of a Third-Party Whatsapp client for SailfishOS, rather than take direct legal action at the app developers.

Wrong news

"Earlier last year WhatsApp announced partnership with Open WhisperSystems". Wrong. WhatsApp announced nothing. Open Whisper Systems did. WhatsApp has said nothing so far.-Ignacio Agulló