Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients

An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.

Oh the irony

[OzPeter]

The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow.

With the previous story being 2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are

Re:Oh the irony

[ganjadude]

seriously... the very last story was this - http://linux.slashdot.org/stor...

I mean come on now

WhatsAPP GAY NIGGERS! GNAA!

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?

If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it.

You can watch GAY NIGGERS FROM OUTER SPACE on Youtube.

Second, you need to succeed in posting a GNAA "first post" on slashdot.org , a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.easynews.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.

If you have mod points and would like to support GNAA, please moderate this post up.

This post brought to you by Penisbird , a proud member of the GNAA

G_____________________________________naann_______ ________G
N_____________________________nnnaa__nanaaa_______ ________A
A____________________aanana__nannaa_nna_an________ ________Y
A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
G__________ana_naa__an___nnn______________________ ________E
N__________ananan___nn___aan_IGGER________________ ________R
A__________nnna____naa____________________________ ________S
A________nnaa_____anan____________________________ ________*
G________anaannana________________________________ ________A
N________ananaannn_AY_____________________________ ________S
A________ana____nn_________IRC-EFNET-#GNAA________ ________S
A_______nn_____na_________________________________ ________O
*_______aaaan_____________________________________ ________C
Gary Niger gary_niger@gnaa.us GNAA Corporate Headquarters 143 Rolloffle Avenue Tarzana, California 91356
Enid Al-Punjabi enid_al_punjabi@gnaa.us GNAA World Headquarters No.33 Kyutei Bld. 2F, Shinjuku 2-11-7, Shinjuku-ku, Tokyo, Japan ????????2??11-6
Copyright (c) 2003-2015 Gay Nigger Association of America

Ich Bindawalross (London) - GNAA (NYSE: GNAA) President Nigger released a statement today regarding the immediate Internet rele

OK

[koan]

Whatsapp is owned by Facebook, Facebook can not be trusted, Whispersystems is Moxie Marlinspikes gig, so has Moxie sold out? Possible but not probable so I'm going with "additional code" added to the package once the Facebook Balut's get their slimy claws on it.

What's a Balut?
https://en.wikipedia.org/wiki/...

Re:OK

It's not like Moxie did't sold out to twitter before...

Re:OK

Use Tox instead, SHEEPLE!

It doesn't matter that no one's actually using it or it doesn't have any stable mobile apps. At least your one-sided conversations are fully encrypted out of the box, AND you can inspect the code yourself since it's free as in freedom. Which is a great way to kill time when there's no one to talk to.

You're welcome.

SubjectsInCommentsAreStupid

[lesincompetent]

Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...
(please note: i do not have whatsapp).

Re:SubjectsInCommentsAreStupid

Messages to other users are simply not encrypted

Re:SubjectsInCommentsAreStupid

[johanw]

At least not better encrypted than Whatsapp did before it started with this.

Did anyone analyse these implementations? Are they cryptographically sound?

Re:SubjectsInCommentsAreStupid

[Fnord666]

Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...

WhisperSystems seems to confine its development efforts to the Android platform for some reason.

yuo Fai7 It

those uber-asshole end, we need you short of a miracle [idge.n.et]

XMPP

[BitZtream]

http://xmpp.org/rfcs/rfc3923.h...

Seriously, stop using proprietary carpware.

Its one thing when proprietary offers you some benefit, but when it comes to IM, using anything other than XMPP from someone who supports federation is just as retarded as using email from someone who doesn't do proper SMTP.

Re:XMPP

Then please try to persuade all my friends and family members that currently use WhatsApp on their Android/iOS phones.

Re:XMPP

Its one thing when proprietary offers you some benefit,

The "benefit" is actually being able to talk to your friends.

Re:XMPP

You're just not trying hard enough! Make them understand that you can't bend your principles or ideals to mere pragmatism, and neither should they!

Re:XMPP

You're assuming they actually have those principles and ideals.

Re:XMPP

Exactly: "ohh look at this new shiny, I have no idea how it really works but I can send my friends messages on it! What's encryption mean again?"

Re:XMPP

Here's the benefit: proprietary carpware gives the companies an a way to monetize. Much harder to monetise an on an open standard when anyone else can build a client. More money = more resource to build a better product.

Re:XMPP

[greenfruitsalad]

show me a free xmpp server that supports all the necessary XEPs for reliable message delivery on mobile devices. you'll find exactly 0.

if i remember correctly, only ejabberd caters for mobile users and that is only free for up to 5 users. (the gpl only version does not support all needed extensions)

even if you manage to find one, try to find a free jabber client that supports those xeps. you'll find exactly 0 (well, you'll find 1 on fdroid, but in play store, it's paid for).

so you see, at the moment, xmpp is a very poor substitute for whatsapp (with OTR), telegram and the likes.

Re: XMPP

[stickystyle]

Well...they actualy do use XMPP, just with some junk added on to make it work more reliably in their enviroment.

Re:XMPP

[tsa]

Is that such a strange thing, that people who don't have a clue about how computers work don't know this?

Re:XMPP

Its one thing when proprietary offers you some benefit, but when it comes to IM, using anything other than XMPP from someone who supports federation is just as retarded as using email from someone who doesn't do proper SMTP.

Sure, I'll make the effort to switch my friends to an open source protocol as soon as you can point me to a client where:
- the user interface doesn't suck,
- users can find other users without performing black magic,
- it's actually capable of sending multimedia files, smilies, and creating groups of users,
- it works at least on Android and iPhone,
- doesn't merely replace one server farm with another one
- and it provides an important extra function not found already in WhatsApp that a common user may care about (such as encryption), to have some argument to convince my friends to switch.

Oh, wait, there aren't any FLOSS clients with all those properties.

Re:XMPP

[TuringTest]

Can you name which client in fdroid is the reliable one you're talking about?

Re:XMPP

[greenfruitsalad]

"conversations" supports xep-198 and xep-280. those 2 are the minimum for a functional mobile client. however, when i tried this messenger (6+ months ago), i found the user interface pretty but less than intuitive.

"yaxim" gives you those xeps too, but only 1 xmpp account is supported and it looks like it's from the nineties.

Oh yeah?

I did this with facebook as a chrome plugin at a hackathon.

http://snowcrypt.ca

Re:Oh yeah?

Well looks like you've got the makings of a kickstarter campaign right there!

ta30

available to Talk to one of the and/or distribute However I don't towel under the schemes. Fra8kly luck I''l find crisco or lube. Need to join the the project as a

User Hostile Service

[r0kk3rz]

It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.

Whatsapp has recently been banning users of a Third-Party Whatsapp client for SailfishOS, rather than take direct legal action at the app developers.

Wrong news

"Earlier last year WhatsApp announced partnership with Open WhisperSystems". Wrong. WhatsApp announced nothing. Open Whisper Systems did. WhatsApp has said nothing so far.-Ignacio Agulló