Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google, Facebook, WhatsApp and Others To Beef Up Encryption (thestack.com)

Posted by timothy on from the mere-metadata dept.

An anonymous reader writes: Tech giants including Google, Facebook, Whatsapp and Snapchat are looking to increase the privacy of user data by expanding their encryption features. The recent reports mark growing industry support for Apple in its fight to not allow authorities backdoor access into users' devices. Facebook has suggested that it is increasing privacy of its Messenger service, while its instant messaging app Whatsapp also confirmed that it would be extending its encryption offering to secure voice calls. Others reportedly joining the industry shift include Snapchat, which is working on securing its messaging service, and search heavyweight Google, which is currently developing an encrypted email project. From The Guardian's substantially similar story from which the above-linked article draws: WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the service's messages. The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: "Our freedom and our liberty are at stake." His efforts to go further still are striking as the app is in open confrontation with governments. Brazil authorities arrested a Facebook executive on 1 March after WhatsApp told investigators it lacked the technical ability to provide the messages of drug traffickers. Facebook called the arrest "extreme and disproportionate." The sooner, the better on this front: as TechDirt points out, WhatsApp may be next on the list of communication tools to which the U.S. government would like to give the Apple Treatment.

86 comments

  1. As Bruce Schneier observed... by Anonymous Coward · · Score: 1

    Everybody wants to have privacy from everyone except them.

    Does this mean for a moment that Facebook won't harvest your personal data for their advertisers, and Google won't track your behavior around the internet? No, it does not. It just means they don't want to share. Few to none of these companies want you to have actual privacy or anonymity online.

    1. Re:As Bruce Schneier observed... by fustakrakich · · Score: 1

      It just means they don't want to share.

      Whatever they harvest and keep they will have to share if the government says so. And if they don't keep it, the government can order them to do that also, with a gag order. The only way out is for the company to dissolve so the government doesn't have a target to sanction or an executive to arrest.

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:As Bruce Schneier observed... by halivar · · Score: 1

      Exactly. I hope these companies are forced to divulge all of my personal information and secrets. That will show them . Hah!

    3. Re:As Bruce Schneier observed... by Penguinisto · · Score: 0

      Everybody wants to have privacy from everyone except them.

      Does this mean for a moment that Facebook won't harvest your personal data for their advertisers, and Google won't track your behavior around the internet? No, it does not. It just means they don't want to share. Few to none of these companies want you to have actual privacy or anonymity online.

      In a perverse way, this actually works:

      1) it still gives you (the consumer) ultimate control over who gets your data (by choosing the product(s) you use, that is)... and in a way, you can even partially control what data they get (fake statistics, fake addresses, fake whatever...)

      2) It still keeps fascistic governmental tendencies at bay.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    4. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Although it seems ever harder to use fake info. More and more, signing up for online sites requires verification with a text message or phone call. Maybe there are ways to fake that, but it is certainly a large barrier and most people will just use their real identities and not worry about it.

      It's not 100% by any means but that is the direction.

    5. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      The point is they should not have access to your messages. They should be fully end to end encrypted.

    6. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 1

      Buy a $10 throwaway phone or SIM card and use that.

    7. Re:As Bruce Schneier observed... by castionsosa · · Score: 1, Insightful

      End to end encrypted... how? In theory, even if the messages are stored encrypted in the client, FB, et. al. could be forced to push a patch to add an ADK, not encrypt, or other means.

      The ideal is to have the encryption layer separate from any messaging layer. This is why I like PGP/gpg. It encrypts/decrypts, and doesn't really give a care about what protocol is uses.

    8. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      No workie. Take Yik Yak for example. It pulls every identifiable thing it can find from a device to lock it to an "account", even when it demands a phone number. Without XPrivacy, it is easy to find a device owner, cross-check IPs automatically.

    9. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 1

      Uhh by having the client handle encryption and decryption so that no decrypted data is ever in the hands of a third party. You know, just like many other programs and services are capable of doing.

    10. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      So it doesn't allow you to use it with a browser? Or another device? Or a new phone?

      How exactly does that work? Does it try to call you every single time you login or something?

    11. Re:As Bruce Schneier observed... by mspohr · · Score: 1

      I believe that FB and Google use https so they do have end to end encryption.
      If you are trying to argue that nobody should be able to read FB or Google Hangout messages they you are kind of missing the point of FB and Hangouts.
      If you don't want people to read FB and Hangout messages, don't post there.

      --
      I don't read your sig. Why are you reading mine?
    12. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      We're talking about instant messengers here. The only people who should be able to read those messages are the people involved in the discussion.

    13. Re:As Bruce Schneier observed... by amRadioHed · · Score: 1

      There are services that offer that functionality. These are not them. Choose the service that meets your requirements.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    14. Re:As Bruce Schneier observed... by amRadioHed · · Score: 1

      A key part of the functionality of both Google and Facebook messengers is that the messages are archived on the server and available from any browser or client app that you log in with. This could not be done if the messages were encrypted end to end.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    15. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      That is not how instant messenging has ever worked and it should not be changed to work that way now. Once a message has been sent and received, that's it. It passes through a server, it does not resides on it. Your client might keep a history, but that is the only place it should be.

    16. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Who said that they were? I said that they SHOULD offer full encryption, not that they do.

      Maybe learn how to read before you post, junior.

    17. Re:As Bruce Schneier observed... by amRadioHed · · Score: 1

      Neither Facebook or Google call their services "instant messaging". I think they qualify but if you don't and you are looking for something that does then they are not the right services for you.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    18. Re:As Bruce Schneier observed... by amRadioHed · · Score: 1

      Who did say that they were? No one did, because they aren't. Did you have a point or are you just trying to look like an ass?

      My point is that you are wrong in saying that they should because that would break how they work. If you want a service with end to end encryption and that doesn't keep your messages in a centralised location you simply need to look elsewhere. The services they are offering are completely different from what you want.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    19. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Facebook Messenger is an instant messaging service and software application

      WhatsApp Messenger is a proprietary cross-platform instant messaging client

      Google Talk is an instant messaging service that provides both text and voice communication

      Google Hangouts is a communication platform developed by Google which includes instant messaging, video chat, SMS and VOIP features

      You were saying?

      I think they qualify but if you don't and you are looking for something that does then they are not the right services for you.

      So that means nobody can criticize? Nobody can make suggestions? Love it or leave it? Typical cop-out attitude of a shill.

    20. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Who did say that they were? No one did, because they aren't. Did you have a point or are you just trying to look like an ass?

      You implied that somebody had said that they did when you said:

      There are services that offer that functionality. These are not them.

      As if it were in dispute.

      My point is that you are wrong in saying that they should because that would break how they work.

      Bullshit.

      If you want a service with end to end encryption and that doesn't keep your messages in a centralised location you simply need to look elsewhere. The services they are offering are completely different from what you want.

      So nobody can criticize, right? Cop-out. Go shill somewhere else.

    21. Re:As Bruce Schneier observed... by amRadioHed · · Score: 1

      Please explain how conversations could be available from any browser you log in on if the messages are encrypted ended to end and the provider doesn't have access to the contents.

      Calling me a shill doesn't magically make your idiocy right.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    22. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Please explain how conversations could be available from any browser you log in on if the messages are encrypted ended to end and the provider doesn't have access to the contents.

      Moving goalpost?

      When I receive an IM, it appears on my desktop client, my phone client and my tablet client. It is everywhere that it needs to be and nowhere that it shouldn't be.

      Calling me a shill doesn't magically make your idiocy right.

      And being an illiterate and obtuse little shit doesn't make your random, inane non-sequiturs and more pertinent to the discussion at hand.

    23. Re:As Bruce Schneier observed... by amRadioHed · · Score: 1

      What moving goalpost? That's how Facebook and Google both work now, you idiot.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    24. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Again, learn to read, dipshit. *Instant messengers* do not work that way, which is what the discussion has been about. There is no reason that having messages stored on a server needs to be a requirement, but you're too stupid to see that. Now you're trying to redefine what an instant messenger is to fit your sorry little argument.

      Do the world a favour and kill yourself, I don't have any more time to waste on you.

    25. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      Everyone who feels that way, runs their own instance of services instead of using Facebook/Google services. Becoming a Facebook/Google user is how a person states, "I don't care if these people are watching me."

    26. Re:As Bruce Schneier observed... by Anonymous Coward · · Score: 0

      In other words, you're against Google and Facebook implementing encryption and security.

      I guess some of us just want higher standards than you do.

  2. Corporate Oligarchy by Anonymous Coward · · Score: 3, Insightful

    Let's not celebrate replacing a nominally democratic republic with a corporate oligarchy. Bad things will happen when large corporations are completely above the law.

    1. Re:Corporate Oligarchy by Phreakiture · · Score: 0

      You would have to be breaking the law in order to be above it.

      Now, I grant you that Apple, and the newly-found et al. are doing things that fly in the face of a court order, however, they appear to be going through all the proper channels to invalidate that court order.

      --
      www.wavefront-av.com
    2. Re:Corporate Oligarchy by See+Attached · · Score: 2

      I see a real gap in the mindset of the public where app vendors get the WHOLE MAGILLA.. everything on your phone and the Govt is overreaching when it wants it in select cases. Keeping in mind the WaterGate plumbers union, we could have a documented process to cover all system compromises... secret, but recorded. Would our founding fathers want the state to protect itself from such endogenous and exogenous threats on a limited basis?

      --
      Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
    3. Re:Corporate Oligarchy by Anonymous Coward · · Score: 0

      Really? They're advertising it as government-proof. That's not "going through all the proper channels"; that's bragging that they're above the law. Look beyond the scope of this particular question. Hey, we encrypted all of our records. Fuck you and discovery for this crime we committed.

    4. Re:Corporate Oligarchy by Anonymous Coward · · Score: 0

      Guns. The government has the real power.

  3. Hard to mine data that's encryped. by Anonymous Coward · · Score: 1

    Don't think for a minute any one of these companies will do anything that inhibits their ability to mine your data.

    1. Re:Hard to mine data that's encryped. by Penguinisto · · Score: 1

      Don't think for a minute any one of these companies will do anything that inhibits their ability to mine your data.

      Newsflash - the apps themselves do that without any need to compromise encryption on the device/computer/whatever.

      Besides, even if $evilAppDataMiner was scouring your drives for every last bit of information, you'd want that datastream (to your servers) encrypted too, if only to prevent the competition from snagging your hard-earned data.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    2. Re:Hard to mine data that's encryped. by Anonymous Coward · · Score: 0, Troll

      Nope, you want it encrypted to protect your walled garden. Make no mistake; this is 100% about protecting oligarchies, not about your rights.

    3. Re:Hard to mine data that's encryped. by Anonymous Coward · · Score: 0

      Simple - they will mine your data first, then encrypt it. That is why the government isn't really worried about it at all. It is just window dressing.

  4. This is good news... by Penguinisto · · Score: 2

    Dance like no one is watching, but encrypt like everyone is.

    It's good to see industry actually doing the right thing for once. I just hope the US Supreme Court does the right thing and tosses this whole mess...

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:This is good news... by dcollins117 · · Score: 1

      Fun thought: perhaps the US government is using reverse psychology in a clever scheme to secure American technologies. Think of it - if the government had mandated the use of strong encryption to protect citizen's data you would expect tech companies to complain about burdensome regulations and the onerous cost of implemention. By actually demonstrating the existential threat tech devices pose to privacy, they've got companies voluntarily scrambling to incorporate strong encryption into their products. Brilliant!

    2. Re:This is good news... by Anonymous Coward · · Score: 0

      The people in government aren't that clever or benevolent.

    3. Re:This is good news... by GrandCow · · Score: 1

      The government does not want communications to be encrypted, it goes against everything they've worked towards for decades.

      --
      "Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
  5. Because of blatant overreaching by Etherwalk · · Score: 5, Insightful

    This is happening not just in support of Apple, but because the US has announced they will be using their surveillance infrastructure for law enforcement, not just antiterrorism.

    https://www.washingtonpost.com...

    1. Re:Because of blatant overreaching by XxtraLarGe · · Score: 1

      This is happening not just in support of Apple, but because the US has announced they will be using their surveillance infrastructure for law enforcement, not just antiterrorism.

      This kind of thing won't happen when Obama^h^h^h^h^h Sanders is president!

      --
      Taking guns away from the 99% gives the 1% 100% of the power.
    2. Re:Because of blatant overreaching by Anonymous Coward · · Score: 0

      As compared to Hitler? Cause, you know, you can trust HIM right?

    3. Re:Because of blatant overreaching by Anonymous Coward · · Score: 0

      Law enforcement IS terrorism. Yes, I live in Yakima, WA.

    4. Re:Because of blatant overreaching by XxtraLarGe · · Score: 1

      As compared to Hitler? Cause, you know, you can trust HIM right?

      I'll assume you're talking about Trump. No, I don't trust him either, and I'm not voting for him if he becomes the GOP nominee (or any of the others). I'll end up voting for someone who isn't going to win instead of the lesser of two evils. I'm just pointing out the Pollyanna-ish beliefs people hold about politicians are foolish.

      --
      Taking guns away from the 99% gives the 1% 100% of the power.
    5. Re:Because of blatant overreaching by Anonymous Coward · · Score: 0

      /s/announced/admitted/

      FTFY

    6. Re:Because of blatant overreaching by Etherwalk · · Score: 1

      Law enforcement IS terrorism. Yes, I live in Yakima, WA.

      Er... sure, sometimes bad law enforcement is terrorism--using terror to accomplish political objectives.

      Good law enforcement wrestles with the questions of when it is best to punish people and when it is best to warn them for violating the law, wrestles with questions about when you need to prosecute someone to discourage bad behavior in the community, wrestles with questions like where the boundary should be between the needs of law enforcement to legitimately deter and detect crime and the individual sphere of privacy that defends individuals against government intrusion.

    7. Re:Because of blatant overreaching by Anonymous Coward · · Score: 0

      Law enforcement IS terrorism. Yes, I live in Yakima, WA.

      Er... sure, sometimes bad law enforcement is terrorism--using terror to accomplish political objectives.

      Good law enforcement wrestles with the questions of when it is best to punish people and when it is best to warn them for violating the law, wrestles with questions about when you need to prosecute someone to discourage bad behavior in the community, wrestles with questions like where the boundary should be between the needs of law enforcement to legitimately deter and detect crime and the individual sphere of privacy that defends individuals against government intrusion.

      That is truly informative.
      I would really appreciate my local LEO's if they were to struggle with these complicated issues.
      However I can state that *NOWHERE* in this country does such a struggle take place.
      If you truly believe it does then you a just another dumb running around deaf, dumb and blind.

    8. Re:Because of blatant overreaching by Anonymous Coward · · Score: 0

      Then enjoy life under president Trump. The broken, unranked, winner-takes-all voting system belongs to America, but the suffering under an openly-racist authoritarian who advocates violence against his political opposition will belong to you.

  6. Futile. by Fire_Wraith · · Score: 2, Insightful

    All the US Government is going to do with this is force all of these companies to go overseas, or largely go out of business, because eventually the only ones left in the USA will be doing business only in the US.

  7. Encrypt it, ALL OF IT by Anonymous Coward · · Score: 0

    The days of having to use TOR are nearing an end.

    The government has muffed this big time, they have systematically destroyed our trust in their spy services, and so, we, as citizens, have no choice but to insist on end-to-end encryption for EVERYTHING.

    We simply don't care about your 'but TERRORISM' story line. We see that as total garbage. We are more afraid of being hit by lightning than by being killed in a terrorist attack.

    So, to big government spying agencies, I say this. FUCK OFF. Your days of snooping on my data are done.

  8. From both sides now by See+Attached · · Score: 4, Interesting

    Should app vendors get to scan our address book, read our messages, tap our mic, and collect our position 24/7? that just a few of the things we have already lost. Why should it be OK for app vendors to suck our lives dry but claim the High Ground (TM) when the government comes calling? its Big Time double speak. If we care more about the government peeking over our shoulder, why do we so easily surrender to the software vendors?

    --
    Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
    1. Re:From both sides now by kheldan · · Score: 2

      If these things concern you that much, then take example from me: I don't currently have, and do not wish to own, a smartphone of any sort. Seems like every single day I read some news story or other about precisely what you're talking about: some security breach on smartphones due to such-and-such app or exploit. Why would I subject myself to owning a device that's got all the integrity of a colander? Or is dealing with an unsecurable technology worth it for mere convenience?

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    2. Re:From both sides now by Anonymous Coward · · Score: 1

      It doesn't matter if you have one. If your friends have one and enter your contact info into it, then you don't have to directly participate in order for the damage to still be done.

      And ever more that might include things like audio clips of conversations you have with friends in front of the device.

      You can't escape the issue by sticking your head in the sand.

    3. Re:From both sides now by Anonymous Coward · · Score: 1

      The vendors do not have the power that the government has. The government can jail you or even execute you. Vendors cannot.

      Miss-information in a vendor data base can ruin your credit rating, but miss-information in a government data base can have you hanged.

    4. Re:From both sides now by Anonymous Coward · · Score: 0

      The government can jail you or even execute you. Vendors cannot.

      sounds like someone hasn't read the EULA...

    5. Re:From both sides now by kheldan · · Score: 1

      I'm not 'sticking my head in the sand' you jackass. Why the hell would I get a goddamn smartphone then stand there tapping my feet impatiently demanding someone else make it 100% secure when I know damned well the only factor involved in that that is in my control is not owning one in the first place? Wireless companies only care if they're getting sued over it. App authors who write apps that steal data obviously don't give a crap. The government also doesn't care until some law is broken. The only control you I or anyone else has over the problem of smartphone insecurity is to not own one in the first place until such time as the issue is taken seriously and there is a 100% effective way to secure them 100% of the time -- and that isn't happening anytime soon so far as I can see, and in fact the problem is getting worse not better. Can I control what stupid things peope around me do? No, I can't, and I'm not going to worry about that because why should I bother raising my stress levels over something I can't control? In the meantime I choose not to own a smartphone so no one can directly steal data from me via it, can't track me with any built-in GPS, break into my bank account with it, or use it as part of their botnet. It's the best damage control I can implement so I think I'll just continue not owning a smartphone rather than just throw up my hands and be another one of the sheep who own them.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    6. Re:From both sides now by See+Attached · · Score: 1

      Government has Immense power? Sounds like App Vendor is holding the cards. Maybe we need to use encryption from the user level and keep the app vendors out of the value stream.

      --
      Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
    7. Re:From both sides now by nehumanuscrede · · Score: 1

      Hmm.

      There is a minor difference.

      One of them you can choose not to install and / or use. The other is forced upon you without your knowledge or consent.
      Usually, I'll consider an app right up to the point where it tells me what it will have access to if I install it. Once I see how
      over-reaching the apps permissions are, I'll change my mind and that's that.

      What is the same is that, in both cases, the lack of public acceptance will force a change. If the app builder wants to continue
      selling their product, they will need to reign in their demands for access to data they have no need of to operate the app. If they
      don't, they'll cease to be relevant and a competitor will happily take their place.

      Government is the same way. Thanks to Snowden, we now have evidence of how intrusive the Government really is in our daily
      lives. This new knowledge now allows us to apply the same principles to them as we do the app builder. Folks are ( slowly ) realizing
      that Big Government doesn't need access to every detail of our lives to work as intended.

      Eventually, we'll treat them the same way and force their behavior to change or risk becoming irrelevant as well.

    8. Re:From both sides now by Gravis+Zero · · Score: 1

      Should app vendors get to scan our address book, read our messages, tap our mic, and collect our position 24/7?

      no of course not.

      that just a few of the things we have already lost.

      those are just a few of things people have forfeit in the name of convenience. sure, i don't have the latest whizbang bullshit but i still have my privacy.

      --
      Anons need not reply. Questions end with a question mark.
    9. Re:From both sides now by AmiMoJo · · Score: 1

      You should study those reports in more detail. It's not like people are just reaching out and grabbing data from random people's phones. The security model on Android and iOS is actually pretty good, and so far no mass exploits have happened. Occasionally there are some trojans for either OS, but you can't prevent user stupidity and presumably you are not that stupid.

      Maybe the iCloud leaks put you off, which is a fair point. Google supports 2 factor auth, and I think Apple does too now. There seems to be this myth going round that 2FA requires sending text messages. It doesn't, you just have an app that generates a new code every 30 seconds.

      Or just avoid using the cloud features. Run Cyanogen without any Google apps if you are really paranoid. There are so many benefits to having a smartphone, even if you only use open source apps from F-Droid. Make sure you enable full device encryption with a long password.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:From both sides now by kheldan · · Score: 1

      See, you're just speculating, because it's a total crap-shoot so far as what's secure and what isn't; nobody really knows, and it's not like I could pick only open-source apps (because there is no such thing) download only the source code (because there is none), examine it thoroughly, then compile it and install that binary on my phone (because you're not allowed to do that anyway, ironically enough for 'security' reasons, or so I believe it to be the case). I don't even feel they're secure enough for me to not get hit by an exploit just using a web browser in a smartphone. Add to that how much the cost of a decent smartphone makes me squick, and the fact that I'd either have to get gouged for an overpriced, undersized dataplan, or take my chances on wifi hotspots, and it's just so much a non-starter that it isn't even worth the amount of time I just spent explaining the above to you. Get me a 'smartphone' that I can run entirely on open-source OS and software, that I can personally vet as secure and safe, and maybe we can have a conversation. Until then, I'll just stick with nice, safe, read-only, relatively inexpensive dumbphones, which I barely even use as a phone. If I didn't think it was a gigantic waste of money comparatively speaking, I wouldn't even have that, I'd go back to a landline.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    11. Re:From both sides now by AmiMoJo · · Score: 1

      It's not speculation. Recent history suggests that phones are actually rather secure. As I pointed out, there have been no incidents of mass hacking of handsets that were not down to user stupidity (installing dodgy apps from dodgy sources).

      The onus is on you to show that they are insecure. The way the OS is built on phones, with defence in depth, makes them likely more secure than the average desktop PC. How many PCs are encrypted by default?

      You should be more worried about your utility companies or hospital leaking your data.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    12. Re:From both sides now by See+Attached · · Score: 1

      Thats why i didn't install the Facebook app on my phone. It reaches too far. Am with you on that. As far as privacy goes, I don't mind being watchable, but don't want to pay for every bit/byte to be reviewed by someone... unless there is a purpose. Would i rather have Google or Facebook or the Govt monitor my every moment? no, there is nothing in it for me. This whole apple privacy thing shows that Steve Cook wants to be more important than the government. We as a society should make the choice as to whether this one cell phone is the poster child for the state being able to see anyones' phone by exception, but its being painted as a "Uncle same sees everthing without a warrant". To me anyways... Is there a middle ground where such A$$wipes phone can be reviewed by court order? In this case transparency may be the accommodating factor. "News brief: Farouk XYZs phone was revealed today to federal authorities". As long as it has enough transparency, and records are revealed 10 Years after... maybe.. so there is that expectation.

      --
      Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
    13. Re:From both sides now by Anonymous Coward · · Score: 0

      If your friends have one and enter your contact info into it

      Then they'll harvest my first name and phone number as opposed to harvesting far more if I were to use a smartphone myself.

      I can live with that. There are plenty of people in the world that have the same name and if any of those companies dares to try to market to me on my phone, I'll file a judgement against them and the FCC will nail them to the wall because I never opted in or accepted any of their EULAs and my phone number is in the national DNC registry.

  9. Governor Tarkin, I recognized your foul stench... by SvnLyrBrto · · Score: 1

    The more you tighten your grip, the more star systems will slip through your fingers.

    --
    Imagine all the people...
  10. pendulum swinging by supernova87a · · Score: 3, Insightful

    Here's what the real issue is: the amount of effort spy/law enforcement agencies want or have to spend to be able to detect and solve crimes. And the fact that now the pendulum is swinging to where they have to get back to spending real time and effort to solve and prevent crimes.

    For the last couple of decades, law enforcement / intelligence agencies have had the benefit of all this data and metadata simplifying their detection and solving of crimes. They were able to use all this technology to their advantage because they had access to everyone's communications, and everyone was putting more and more of their communications online or using centralized tools that the FBI could listen to.

    As a result of that, the FBI got used to that capability, and thought that being able to solve a crime with only 2 guys tapping a phone should be the norm. Instead of say, having to put 5 guys undercover, inside a crime organization, or have more law enforcement officers on the corners of streets. When was the last time you saw a policeman "walking his beat"? Not any more.

    And now the pendulum has swung the other way. Now that people have the tools to safeguard their communications, the FBI is finding that the levels of staffing or intelligence resources are not matching the capability of individuals to counter it.

    Yet the FBI is not helpless. They did solve crimes before wiretaps and modern technology. Do you remember that? They are just unhappy that their outdated tools now are making them expend more effort to gather similar information that would help them solve crimes. It just has to be more manual.

    No one said things would stay the same forever. And none of their arguments are highly principled -- they just want crime prevention and solving to be easier and cheaper. They have not said that they would never have foiled crime without technology. If that were true, why are there even field agents? Technology doesn't make it impossible, just like it wasn't impossible before the cell phone. It is totally within reason for people to adopt technology that makes some things easier to do their job, and other things harder for others to do their job - that's what technology is all about.

    1. Re:pendulum swinging by Anonymous Coward · · Score: 1

      Of course, if we'd stop prosecuting victimless crimes like drug use, or stop literally manufacturing criminals like every FBI terrorism 'sting' operation ever, they'd save a whole lot of money and resources for going after people who actually cause harm to others. The FBI is more concerned with people who cause harm to the state and to the rich than they are about anything else, and it's time they get their easy data mining turned off because of it.

  11. Users need 100% user-controlled encryption option by nctritech · · Score: 2

    In all these services, there should be an option that allows you to take 100% control of your data decryption. Gmail, for example, should have a choice where you can lock Gmail sort of like how an iPhone locks. The encryption key for the data is encrypted with your password like how LUKS does it. If you "password reset" you lose everything inside the account and start from scratch. Google can't decrypt the data without your password, so they can't hand it to the government either. I realize this isn't a perfect solution but it needs to happen for all major online services.

  12. Lol at Facebook by Anonymous Coward · · Score: 1

    Facebook securing your messenger chats is nothing about security at all. Facebook is the central server and has access to all messages whether they are encrypted or not. The only thing Facebook can achieve is to prevent third parties from eavesdropping. But they still have the content on their servers which can be handed over at will.

    The encryption Apple is defending is the encryption of the data on the phone. It's not on the cloud, but simply on the phone. Facebook seems to be claiming security and privacy features to try to let ignorant people believe that everything on Facebook is secure and private....

    1. Re:Lol at Facebook by fbobraga · · Score: 1

      the article is an AD? Seriously? /sarcarsm

  13. Re:Users need 100% user-controlled encryption opti by ByTor-2112 · · Score: 1

    What we need is some kind of portable version of Apple's secure enclave protected by a pin and a self destruct mechanism. A Yubikey NEO on steroids.

  14. An SlashAD! by fbobraga · · Score: 1

    again!

  15. it's personal by roman_mir · · Score: 1

    The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine.

    - it should be personal for everybody, not just people who have come from parts of the world where in the not so distant past (and in the present) the government has been and is the main villain. It should be understood that any government at all, regardless of what you think of it today is capable of being a villain because it has the power to be the villain. An individual can be a villain and do some damage, a villain government can and does massive amounts of damage to many, sometimes to millions and even to greater numbers of individuals. This understanding should not be limited to those, who have recent personal dealings with villain governments. People, of-course, are very short sighted and do not necessarily see the obvious reality of such things.

    --
    You can't handle the truth.
  16. Illegal to import encryption by Anonymous Coward · · Score: 0

    It's long been illegal to export encryption to parts of the world. I wonder how long until it's illegal to import it (in the form of a complete, law enforcement unfriendly communications package)?

  17. What's up with WhatsApp? by cayenne8 · · Score: 1
    Ok, while I can see using it for encrypted messages...I'm getting from reading about it, that this is more of a new thing....and I'm wondering "why?"

    I mean...with modern plans, txt messaging has been unlimited and free for quite awhile now...so, why bother with a 3rd party app. that I assume you have to have both parties using for it to work?

    Txt messaging is pretty much universal if you have a cell phone...right?

    I'd be interested in the newer encrypted services, voice would be quite interesting..but wondering what has been the impetus to use this WhatsApp to this point?

    I'd not really ever heard of it till the past 2-3 articles on Slashdot that mentioned it in the same breath as recent encryption topics.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re:What's up with WhatsApp? by Anonymous Coward · · Score: 0

      I agree. IMs are pretty ridiculous to use if you've got a phone.

      Personally, I use SMSSecure, which does offer end to end encrypted SMS messages. It's open source too. That's the most silly part about Google and Facebook offering messenging that doesn't even have full encryption. Then again, I guess they need to be able to spy to harvest that data.

    2. Re:What's up with WhatsApp? by lindseyp · · Score: 1

      Whatsapp has been very popular outside the US for a while. I know America was very slow to pick up on SMS/IM in general, but the many benefits of data-based IM include: encryption, sent/read notification, photo message, video message, audio-clip message, all 'free' on Wifi and relatively inexpensive on a data plan, compared to MMS, and in particular when sending messages internationally, which I guess is a lot more common in Europe and Asia than it is in the U.S.

      iMessage and BBmessage have the same advantages but of course they are proprietary and only useable between handsets on the same platform. Whatsapp has long been cross-platform.

      --
      j'ai découvert une démonstration vraiment admirable (de ce théorème général) que cette si
    3. Re:What's up with WhatsApp? by Anonymous Coward · · Score: 0

      encryption, sent/read notification

      Can be done on SMS.

      photo message, video message, audio-clip message

      Can be done on MMS.

      all 'free' on Wifi and relatively inexpensive on a data plan

      United States, T-Mobile, $30/month, unlimited SMS and unlimited data (first 5GB at "4G" speed). If you are reliant on wifi, then you will need to find a hotspot first. I can use SMS/MMS from practically anywhere.

  18. Re:Users need 100% user-controlled encryption opti by chihowa · · Score: 1

    Google can't decrypt the data without your password...

    Which is why Google, Facebook, or any of these other "free" services will never do something like that. The entire reason these services exist is to harvest that data. What needs to happen is for people to realize that these services cost something to provide and be ok with self-hosting or paying a marginal amount of real money for these services instead of paying with unfettered access to their data. (Paying for email service is dirt cheap, especially compared with what you're paying Google if you actually value your privacy.)

    --
    If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  19. Test by Anonymous Coward · · Score: 0

    This is a test. /. is generating "open proxy" error messages... ?!

  20. Cops are neither demons nor perfect by Etherwalk · · Score: 1

    Er... sure, sometimes bad law enforcement is terrorism--using terror to accomplish political objectives.

    Good law enforcement wrestles with the questions of when it is best to punish people and when it is best to warn them for violating the law, wrestles with questions about when you need to prosecute someone to discourage bad behavior in the community, wrestles with questions like where the boundary should be between the needs of law enforcement to legitimately deter and detect crime and the individual sphere of privacy that defends individuals against government intrusion.

    That is truly informative.
    I would really appreciate my local LEO's if they were to struggle with these complicated issues.
    However I can state that *NOWHERE* in this country does such a struggle take place.
    If you truly believe it does then you a just another dumb running around deaf, dumb and blind.

    It doesn't happen with every case, but it certainly happens.

    1. Punish v. Warn: this one happens all the time, on the beat. Cops decide to write a ticket for violating a city's open container law or to ignore it; they decide whether to give you a warning for going over the speed limit or to write you a ticket; they decide whether to give you a ticket or to arrest you and tow your car; they decide whether to make twenty-year-old throw out his beer or whether to arrest him for it.

    2. When you need to prosecute: this one happens all the time, with cops and more with prosecutors. Should they throw the book at you or should they make a deal that seems reasonable? How reasonable of a deal can they make? If a kid dies because a gun was unsecured, can they let a family grieve or do they think charging them for leaving the gun unsecured will get news and save other kids? Yes, they deal with this.

    3. Law enforcement needs vs. privacy rights: this one happens in a massive number of court cases every year, and those court decisions alter police behavior. This also happens in policy debates when you get to people establishing department policy. They don't always make the right decision (see, e.g., license plate scanners) because they have a very strong bias from their experience dealing with criminals, but they certainly think about it. There's a reason they don't release the home addresses of victims of domestic violence, for example.

    I'm not saying they're perfect--far from it. Most of the time they're just trying to do their job. Sometimes they irrationally defend dirty cops or infringe on the rights of citizens and some of them even beat or kill innocent people. And there are reasons why there is such a distrust of police officers--legitimate ones, like the fact that most investigations involve lying to suspects during interrogation, so all of the millions of people who are arrested in America and all of their families know about how the police lied to and took advantage of so-and-so's ignorance to destroy their lives, and the fact that arrest records effectively eliminate people from eligibility for a large number of jobs.

    But most of them, most of the time, are trying to be professionals, help their community, and do the job they've been trained to do. And these questions really do get asked.

  21. They are all Terr'ist Services! by Anonymous Coward · · Score: 0

    Google, Facebook, Whatsapp, Snapchat, and all the rest can look forward to the following, in escalating order:

    1). A request to supply the Feds with data for specific cases;
    2). A demand to supply the Feds with data for specific cases;
    3). A request to create a generalized decryption system. You know, because efficiency and there so darned many of these specific cases. The originating company will of course keep control (it's crazy to suggest otherwise!);
    4). That generalized decryption system? Created by threats and intimidation? Now the Feds want it. National Security you understand, need to know and all that. They might allow that data request volumes had something to do with it;
    5). Warrants? Those are so Twentieth Century and besides, there's No Damn Time to get one. Retroactive warrants only from this point forward;
    6). Terr'ists only? No, it hasn't been just Terr'ists for a couple of years now. Drug cases, Capital murder, Conspiracy, Racketeering, Organized Crime. These are serious matters, surely you don't object?
    7). The Local Police Departments put in a compelling case to have access. It's so convenient, and they are clearing cases off the docket in record time! Policing is expensive, do you want your taxes to go up? No, no one wants that, let's say no more;
    8). Alimony owed, parking tickets, all are being enforced at record rates! The municipalities have asked for access but we're not sure their justification is sound. Maybe next year;
    9). Bullying on the Net has become a big problem. Big data analysis is now being applied to search for hurtful words and chastise the users of such words. From now on 'Tool', 'Jerk', 'Dickwad', 'Idiot', 'Facist', 'Communist' and many others will result in an investigation. We recommend cleaning up your language now, during the onboarding period.

    It's laughable now, but the Feds want it all.

  22. Re:Users need 100% user-controlled encryption opti by Sloppy · · Score: 1

    You already have that option. It's called run-you-own-postfix-and-dovecot.

    The idea that Gmail should be secure is laughable; go back a decade and look at all the debate over Gmail (or go back another to see people having the same discussions about Hotmail). What you'll find is that all the Gmail defenders were saying "I don't care." I am not making this up: that was the essence of all those peoples' insanity defense.

    I understand why people are finally changing their minds, but don't blame Gmail. Webmail is for people who don't value privacy. That hasn't changed and isn't going to change. (If you value privacy, webmail is ruled out because the server would have to have your key, and that's a silly idea on the face of it.)

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  23. Doesn't mean a fucking thing ... by RockDoctor · · Score: 1
    ... if the developers and managers are citizens of a country that can (and will) force the silent installation of backdoors to the software.

    Since that potentially means any country, then that probably also means development distributed amongst multiple, mutually hostile nationalities. Which will go down like a lead balloon with La Trumpette and the people afraid of offshoring.

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"