WhatsApp Will Get Indicators To Highlight Encrypted Chats

An anonymous reader writes: WhatsApp 3.0 will come with two privacy-related changes. The first is in the Security section and is in the form of a new setting called "Show security indicators." Turning on this setting will add a lock icon to your WhatsApp whenever you're having encrypted conversations. The second new setting is in the Account section, with the addition of a new option that says "Share my account info." This setting will send the user's WhatsApp data to Facebook servers "to improve [their] Facebook experiences."

Everyone's getting into the encrypted chat game.

[gcnaddict]

Facebook'll still be able to read it, so it's probably worthless.

security indicators? who needs them?

[Escogido]

this is not a web browser where you have web sites that do not support https, and you have to comply.

if all users care, then all conversations should be secure, with no opt-out, and no indication is needed. (assuming there is no/really little additional cost to do that.)

if some users care, then those who care should be able to make all their conversations secure, and those who don't, well, don't need an indicator either.

is there something I'm missing here? I do not have a WhatsApp account.

Re:security indicators? who needs them?

[softnewsit]

As explained in the article. This is a PR move. WhatsApp already sent traffic via encrypted channels, but newly-launched apps advertised themselves as "super-mega-encrypted" and WhatsApp is losing face because it's not. They're just showing an indicator to let you know they're "cool" also.

Re:security indicators? who needs them?

[invictusvoyd]

That's surprising because most people who actively use whatsapp don't know and don't care about whatever this "encryption" thing is .

Re:security indicators? who needs them?

[R3d+M3rcury]

I have to admit, I don't use it either, so I'm a bit lost as well.

I assume, rashly, the communications can either be secure or insecure, which is why you need an indicator. Fair enough. If I care, I will be very happy with the indicator. If I don't care, I will ignore the indicator. So why have a switch to turn the indicator on or off?

Re:security indicators? who needs them?

[allo]

iOS does not support encrypted messages, because they do not allow network traffic for apps in the background, except traffic routed via apples servers. So this cannot be encrypted. Whatsapp decided to send it unencryted, because otherwise they could just display "You have 3 unread messages, start the app to see who sent them".

Re:Everyone's getting into the encrypted chat game

[invictusvoyd]

Considering 99% of all posts on facebook and chats on whatsapp are generally worthless , that's worthless squared.

Re:What?

[JustAnotherOldGuy]

Make your own fucking news site then.

Fine, I will. And it'll have blackjack and hookers, and you won't be allowed in, Mr "Anonymous Coward", if that even is your real name.

Re:encrypted yet backdoored?

[Dog-Cow]

Messages are routed through their servers. They can already read them all. It's like questioning whether an HTTPS-using server is using key escrow. It's the end-point of the conversation; it doesn't need key escrow to read your messages.

Re:Thus spake Zuckerberg

[zippthorne]

Yes, you do. They made a shadow account with all the stuff they think they know about you. You just don't have any influence over it what they're putting there.

Re:encrypted yet backdoored?

[zippthorne]

That may be true of Whatsapp, but that need not be true of any particular messaging service. It's possible to design a protocol that they can be routed, even through a central server, without being able to inspect the message itself.

The real question remains...

[Slarioux]

Encrypted from which perspective? From the perspective of Facebook? The NSA? A random thief who steals your phone? Somebody shoulder surfing? Pointless. Might as well add an indicator to tell me when the conversation is "wireless".

Re:encrypted yet backdoored?

[johanw]

You should look up what end 2 end encryption is. Yes, WhatsApp can read the encrypted messages but they can't (unless they are blatantly lying) read them because the keys are only on the users' devices. The made some news when they implemented the TextSecure protocol, which is quite secure.

Re:Thus spake Zuckerberg

[johanw]

Wasn't there a provision made by the authorities when Facebook bought them that this coupling was never alowed? Is this some lawyers trick to circumvent that?

no security with non-free software

[pD-brane]

You cannot have privacy or security with proprietary software.

If you want that, use free software with end-to-end encryption, do not use WhatsApp.

Re:Everyone's getting into the encrypted chat game

[allo]

no, they are doing not. At least on android.

I use XPrivacy there and i see what apps are doing. Whatsapp is one of the nicer apps, it literally just accesses, what it needs to function. Its concept makes it a requirement to access the phone book and your phone number and IMEI, but stuff like calendar, call information and so on was never accessed by whatsapp.

Other apps do access stuff, like for example Quizduell, which reads all kinds of android IDs and contacts ad servers even in the premium version and graph.facebook.com even when you do not have a facebook app or touch any facebook integration there. There are a lot more black sheep, but whatsapp is up to now mostly harmless.

Re:Everyone's getting into the encrypted chat game

[invictusvoyd]

Thanks for that clean and sensible comment. I'd still like to sniff and verify though . A virtual +1 informative from my side.