Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients

← Back to Stories (view on slashdot.org)

Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients

Posted by timothy on Friday January 2, 2015 @05:03AM from the keep-it-secret-keep-it-safe dept.

An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.

15 of 29 comments (clear)

Min score:

Reason:

Sort:

Oh the irony by OzPeter · 2015-01-02 05:08 · Score: 4, Funny

The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow.
With the previous story being 2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are

--
I am Slashdot. Are you Slashdot as well?
1. Re:Oh the irony by ganjadude · 2015-01-02 05:39 · Score: 2
  
  seriously... the very last story was this - http://linux.slashdot.org/stor...
  
  I mean come on now
  
  --
  have you seen my sig? there are many others like it but none that are the same
OK by koan · 2015-01-02 05:44 · Score: 3, Interesting

Whatsapp is owned by Facebook, Facebook can not be trusted, Whispersystems is Moxie Marlinspikes gig, so has Moxie sold out? Possible but not probable so I'm going with "additional code" added to the package once the Facebook Balut's get their slimy claws on it.
What's a Balut?
https://en.wikipedia.org/wiki/...

--
"If any question why we died, Tell them because our fathers lied."
SubjectsInCommentsAreStupid by lesincompetent · 2015-01-02 05:52 · Score: 1

Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...
(please note: i do not have whatsapp).
1. Re:SubjectsInCommentsAreStupid by Anonymous Coward · 2015-01-02 06:13 · Score: 2, Interesting
  
  Messages to other users are simply not encrypted
2. Re:SubjectsInCommentsAreStupid by johanw · 2015-01-02 09:45 · Score: 1
  
  At least not better encrypted than Whatsapp did before it started with this.
  Did anyone analyse these implementations? Are they cryptographically sound?
3. Re:SubjectsInCommentsAreStupid by Fnord666 · 2015-01-02 14:28 · Score: 1
  
  Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...
  WhisperSystems seems to confine its development efforts to the Android platform for some reason.
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
XMPP by BitZtream · 2015-01-02 06:12 · Score: 5, Insightful

http://xmpp.org/rfcs/rfc3923.h...
Seriously, stop using proprietary carpware.
Its one thing when proprietary offers you some benefit, but when it comes to IM, using anything other than XMPP from someone who supports federation is just as retarded as using email from someone who doesn't do proper SMTP.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
1. Re:XMPP by Anonymous Coward · 2015-01-02 06:16 · Score: 1
  
  Then please try to persuade all my friends and family members that currently use WhatsApp on their Android/iOS phones.
2. Re:XMPP by greenfruitsalad · 2015-01-02 11:09 · Score: 2
  
  show me a free xmpp server that supports all the necessary XEPs for reliable message delivery on mobile devices. you'll find exactly 0.
  if i remember correctly, only ejabberd caters for mobile users and that is only free for up to 5 users. (the gpl only version does not support all needed extensions)
  even if you manage to find one, try to find a free jabber client that supports those xeps. you'll find exactly 0 (well, you'll find 1 on fdroid, but in play store, it's paid for).
  so you see, at the moment, xmpp is a very poor substitute for whatsapp (with OTR), telegram and the likes.
3. Re: XMPP by stickystyle · 2015-01-02 15:01 · Score: 1
  
  Well...they actualy do use XMPP, just with some junk added on to make it work more reliably in their enviroment.
  
  --
  Pluralitas non est ponenda sine neccesitate
4. Re:XMPP by tsa · 2015-01-02 16:17 · Score: 1
  
  Is that such a strange thing, that people who don't have a clue about how computers work don't know this?
  
  --
  -- Cheers!
5. Re:XMPP by TuringTest · 2015-01-02 23:45 · Score: 1
  
  Can you name which client in fdroid is the reliable one you're talking about?
  
  --
  Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
6. Re:XMPP by greenfruitsalad · 2015-01-03 02:10 · Score: 1
  
  "conversations" supports xep-198 and xep-280. those 2 are the minimum for a functional mobile client. however, when i tried this messenger (6+ months ago), i found the user interface pretty but less than intuitive.
  "yaxim" gives you those xeps too, but only 1 xmpp account is supported and it looks like it's from the nineties.
User Hostile Service by r0kk3rz · 2015-01-02 22:24 · Score: 1

It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.
Whatsapp has recently been banning users of a Third-Party Whatsapp client for SailfishOS, rather than take direct legal action at the app developers.