Slashdot Mirror

← Back to Stories (view on slashdot.org)

WhatsApp Enables End-To-End Encryption For All Forms of Communications By Default

Posted by msmash on from the setting-precedent-for-everyone-else dept.

Popular instant messaging app WhatsApp, on Tuesday, announced that it is turning on end-to-end encryption for all its users by default. The company says that every call a user makes, every text message they send, all photos and videos they share will now be more secure. Furthermore, the encryption status of any chat is visible under the chat's preferences screen. The announcement comes a little over a year after the Facebook-owned company partnered with Open Whisper Systems, a nonprofit software group that develops collaborative open source projects with a mission to "make private communication simple." The end-to-end encryption feature is available on the latest version of the app. In a blog post, Open Whisper Systems further explains the feature: Once a client recognizes a contact as being fully e2e capable, it will not permit transmitting plaintext to that contact, even if that contact were to downgrade to a version of the software that is not fully e2e capable. This prevents the server or a network attacker from being able to perform a downgrade attack. In a blog post, WhatsApp writes: While WhatsApp is among the few communication platforms to build full end-to-end encryption that is on by default for everything you do, we expect that it will ultimately represent the future of personal communication. WhatsApp has also made available the technical details about how the two companies implemented this feature (PDF). For those of you who haven't heard of WhatsApp, it's an instant messaging and voice calling app. The free service, which is available across all popular platforms, is used by more than a billion people worldwide every month. A report on Wired says that a team of only 15 engineers enabled this security feature for over a billion users. Privacy researcher and activist Christopher Soghoian rightfully adds, "Google has no excuse."

76 comments

  1. Nice by Anonymous Coward · · Score: 3, Insightful

    Nice, as it prevents dragnet surveillance. Still I don't want to use what's app just like signal as it doesn't work without GCM, with google/apple knowing my ip address all the time.

    The companies build their encryption so that only the data they are interested in and will monetize reaches them. But they still monetize your data. And for every encrypted messaging app that pops up, the moment you use a whatsapp bot or siri or google maps or whatever, they know your location.

    1. Re:Nice by fph+il+quozientatore · · Score: 2

      Wait, I am confused: I am currently using Whatsapp on a phone that does not have Google Play Services installed. Wouldn't that be a prerequisite to use GCM? (Possibly noob question, sorry, I haven't even written a hello world on Android.)

      --
      My first program:

      Hell Segmentation fault

    2. Re: Nice by Anonymous Coward · · Score: 0

      Without GCM, whatsapp still works but uses much more power because it keeps a connection open to their server all the time. That probably takes 20% off your battery life.

    3. Re: Nice by fph+il+quozientatore · · Score: 1

      Thanks, good to know!

      --
      My first program:

      Hell Segmentation fault

  2. Does the User Control the Keys? by Anonymous Coward · · Score: 1

    Honest questions: Does the user control the public/private keys that WhatsApp uses for this end-to-end encryption? How do they manage public key exchange, revocation, etc.?

    1. Re:Does the User Control the Keys? by Meneth · · Score: 4, Informative

      The user's device generates the private key, but only under the control of WhatsApp's closed-source app.

      The key exchange is done through WhatsApp's server, much like message exchange. There is no revokation, though I imagine a user who loses his private key could generate and register a new one. There are no certificates except for the connection to the server.

      An attacker would have to take control of WhatsApp's server, but once that is done, they could run classic MiTM attacks on all WhatsApp users.

    2. Re:Does the User Control the Keys? by nospam007 · · Score: 5, Insightful

      "An attacker would have to take control of WhatsApp's server, but once that is done, they could run classic MiTM attacks on all WhatsApp users."

      But in this case it would be THE MAN in the middle.

    3. Re:Does the User Control the Keys? by Agripa · · Score: 2

      I have not used it but apparently the client has facilities to verify the key through an auxiliary communications channel manually (voice, text, whatever) so it would just take getting caught once to show that the WhatsApp server was compromised. I believe PGP phone had the same capability.

    4. Re:Does the User Control the Keys? by beuges · · Score: 1

      It should be trivially easy to do the key exchange without WhatsApp being able to intercept the keys, even though they are relaying them between the two parties.*

      Assume Alice and Bob both use WhatsApp. Each generates a certificate with a private and public key. They publish their public keys via some directory service. Alice wants to chat to Bob securely. They currently don't have a relationship set up between them. So Alice looks up Bob's public key, and generates a random encryption key to be used for chatting with Bob. She encrypts this key with Bob's public key and sends this encrypted key to Bob over WhatsApp. Only Bob can decrypt this because only Bob has the private key - WhatsApp doesn't. Bob can either then use the same key to send messages to Alice, or he can repeat the process, so that even if one key is exposed somehow, only one half of the conversation can be decrypted.

      Yes, WhatsApp's app must ultimately be trusted to be storing the private keys securely and not leaking them back to WhatsApp somehow, but if they're going to the trouble of implementing end-to-end encryption, then entire point is that they want to be able to simply auto-respond to any law enforcement requests with 'We simply cannot decrypt the messages even if we want to." Given that WhatsApp already has been encrypting messages between client and server for some time now before this, it doesn't make sense for them to implement such an elaborate encryption scheme and then leave a backdoor in it, which will inevitably be discovered, either by a security researcher or when they give in to a law enforcement request.

      * I haven't actually read up on how WhatsApp is doing their key exchange, so they may be doing exactly this.

  3. It's a Facebook company... by Anonymous Coward · · Score: 0

    so where is all of your private encrypted data being shipped off to?

    1. Re:It's a Facebook company... by ShaunC · · Score: 1

      Ireland, obviously. True Capitalists don't bother with Panama.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  4. I bet the stream from the Occulus spying... by Torp · · Score: 2

    ... in your living room will also be encrypted so only Facebook can data mine and sell it.

    --
    I apologize for the lack of a signature.
    1. Re:I bet the stream from the Occulus spying... by Lumpy · · Score: 1

      I have Mark Zuckerberg hiding behind my entertainment center with a notepad and a parabolic microphone.

      --
      Do not look at laser with remaining good eye.
    2. Re:I bet the stream from the Occulus spying... by Anonymous Coward · · Score: 1

      That is a Chinese clone of Mark Zuckerberg. The real Mark Zuckerberg retired years ago and is living off his wealth stashed in a Patagonian bank held by a Panamanian firm.

    3. Re:I bet the stream from the Occulus spying... by Lumpy · · Score: 1

      Nope it's the real deal... I think it's his new hobby.

      The fucker keeps stealing my pizza deliveries, and he puts the bluray disks in the wrong cases.

      --
      Do not look at laser with remaining good eye.
  5. I don't trust this and simply wonder WHY? by xiando · · Score: 5, Insightful

    Perhaps they really are implementing secure end-to-end but from their previous actions this announcement makes me suspect that something else which is actually secure is becoming so popular that an "approved" "secure" (but not really) needs to be pushed out to the ignorant masses.

    Show me the source code and I will consider trusting that this is secure. I am not going to just take their word for it because they have proved that it means nothing time and time again.

    --
    9/11: Never forget it was a false-flag operation
    1. Re:I don't trust this and simply wonder WHY? by bluefoxlucid · · Score: 1

      My first thought is less "they might be lying to us" and more "do they need some sort of penis-shaped sound wave"?

      --
      Support my political activism on Patreon.
    2. Re: I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 0

      Trusting a communications systems is hard, but for now just consider trusting your client. I would think that you'd want the ability to compile your client, otherwise - what's to stop the provided clean source & treacherous binary implementation from diverging, intentionally or not?

    3. Re:I don't trust this and simply wonder WHY? by rainwalker · · Score: 4, Informative

      As I'm not a cryptographer, I have to trust what experts tell me (source code doesn't really help with this). Given that the people at Open Whisper Systems, who are fanatical privacy and security researchers and advocates, and who built the protocol that's being used and helped WhatsApp implement it, are giving this their stamp of approval, I'm just going to have to trust them. At some point, you have to pick that trust point, and Open Whisper Systems seems like a good point.

    4. Re:I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 0

      Assume "Open Whisper Systems" delivered on their contract to provide bullet-proof crypto to WhatsApp/Facebook.

      You still can't trust WhatsApp/Facebook not to break the system for their own purposes.

    5. Re:I don't trust this and simply wonder WHY? by unrtst · · Score: 1

      At some point, you have to pick that trust point, and Open Whisper Systems seems like a good point.

      You're doing it wrong.
      Think about any scientific breakthrough, algorithm, mathematical proof, etc. It's perfectly fine for all the work to originate at one person or closed group, but people don't trust it until it's been peer reviewed.

      I'm not claiming whether or not that's been done, or to what level, but it's not smart to pick a group of people and decide to trust them with a topic you admittedly don't know enough about just because they seem like good enough folks.

      At the very least, no; you do not have to pick a trust point.

    6. Re:I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 1

      Their cryptography and end-to-end encryption are not the issue. Let's assume they are perfect, given OWS' credentials. Lack of open source means that you have no idea if the Whatsapp app itself is taking your private key and sending it out elsewhere.

      I don't know how you'd prove it, but even if you proved that it doesn't for the current binary, updates are an issue. Apps update all the time. Updates either need to be audited (update frequency makes this hard), or you have to live without updating, which at some point causes the app to not work.

    7. Re:I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 0

      Isn't a "whisper" a way of communicating a secret? And thus not keeping it?

      And isn't an "open whisper" a less secret way of communicating a secret?

      Don't know much about Open Whisper Systems, but maybe they want to rethink the name?

    8. Re:I don't trust this and simply wonder WHY? by Pseudonymus+Bosch · · Score: 4, Informative

      In the words of Edward Snowden, "Use programs like Redphone, like Silent Circle â" anything by Moxie Marlinspike and Open Whisper System."

      --
      __
      Men with no respect for life must never be allowed to control the ultimate instruments of death.
      GW Bu
    9. Re: I don't trust this and simply wonder WHY? by echnaton192 · · Score: 1

      Thanks. Can not believe people smear Open Whisper.

    10. Re:I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 0

      But if it were open-sourced, you wouldn't have to trust them, but could trust the countless people who could verify it, and the academic community, which seem even more trustworthy than any single entity. Open discourse and rational argumentation/proof as occurs, say, in the academic mathematical community...

    11. Re:I don't trust this and simply wonder WHY? by Threni · · Score: 1

      > I am not going to just take their word for it because they have proved that it means nothing time and time again.

      Who is "they"?

    12. Re:I don't trust this and simply wonder WHY? by Etcetera · · Score: 1

      I don't know how you'd prove it, but even if you proved that it doesn't for the current binary, updates are an issue. Apps update all the time. Updates either need to be audited (update frequency makes this hard), or you have to live without updating, which at some point causes the app to not work.

      Yes, this is why hipster agile bullshit is often at odds with heavy certification processes, like FIPS-140-2 and other analysis.

      --
      Hire a Linux system administrator, systems engineer,
    13. Re:I don't trust this and simply wonder WHY? by r0kk3rz · · Score: 1

      Sure as a layman you have to trust someone to verify the code for you. However wouldn't you want to place that trust in an open truly independent third-party code audit? I'm not saying that Open Whisper Systems is corrupt or untrustworthy, but they have likely been paid or contracted by Whatsapp to develop/certify this feature, and without a possible third-party code audit they have low risk of reputation damage if something dodgy was done.

    14. Re: I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 0

      Unless they work for a competitor with "credentialed" employees instead of competent programmers?

    15. Re:I don't trust this and simply wonder WHY? by Anonymous Coward · · Score: 0

      Snowden has said a lot of things (and not said a lot more). That was not the best concise summary IMO. The emphasis should start with open source code that you can, if not verify yourself, have the freedom to let as many other advisors of your choice vet as possible. I suspect I'll be long dead before GPG and SFTP have been bested by any closed source government honeycode.

  6. Weasel words by Dunbal · · Score: 0

    "more secure" than what? I'm glad people will feel better with end-to-end encryption. Of course the "end" of the encryption is the whats-app server, not the other party. That's a different "end-to-end". Otherwise how is Facebook/Whatsapp supposed to mine your data?

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Weasel words by rahultyagi · · Score: 3, Informative

      Nope, in this case it really does look like the other "end" is the other party and not WhatsApp's servers. So, unless they are lying about it, it really does seem like user-to-user encryption (and hence, as you point out, no data mining for facebook).

    2. Re:Weasel words by Dunbal · · Score: 0

      Free product. No advertising. Where are they getting their money? Sorry but I don't believe that whatsapp operates out of the kindness of Zuckerberg's heart. I'm willing to believe someone is lying. After all how liable can he be for a "product" you paid nothing for and clicked through a EULA for.

      --
      Seven puppies were harmed during the making of this post.
    3. Re:Weasel words by Anonymous Coward · · Score: 4, Informative

      The message content is opaque to them, but the meta-data of who talks to who, when, for how long and how often is not. Last I checked you still need a real phone number to sign up, so they can tie nearly all of their users to their real world identities. Considering that they are owned by facebook, all that meta-data gets fed in to facebook's behemoth databases of personal info.

      So it seems likely that even full-blown e2e is still revenue positive for them.

      That said, going full e2e, even with all the facebookian compromises is still an improvement in the baseline. This is a war of inches, so every inch matters, even when there is still a long road ahead.

    4. Re:Weasel words by Anonymous Coward · · Score: 0

      WTF are you talking about??!

      WhatsApp is free for the first year, and then $1 per year after that. they have a high percentage of customers who stay beyond the first year.

      At 100M active users, that's a revenue of $100M USD per year. Not a bad revenue, for 15 software developers.

      But I love how everybody knee-jerk assumes they know the business model of a company they just heard of!

      Sheesh. lazy internet posting.

    5. Re:Weasel words by Dunbal · · Score: 1

      Funny, I haven't been billed yet.

      --
      Seven puppies were harmed during the making of this post.
  7. Re:Encrypt all you want by Anonymous Coward · · Score: 3, Funny

    Fuck off for both of your "paragraphs".

  8. Now email encryption as simple by Anonymous Coward · · Score: 0

    I wish they would come up with a protocol for email that encrypted by default and so easy that someone like a computer-challenged senior citizen could use it. That could be huge.

    1. Re: Now email encryption as simple by Anonymous Coward · · Score: 0

      It's been there for decades in the form of either PGP or S/MIME and related mail client plugins.

      What's always been missing, of course, is a business model that made it profitable enough to warrant marketing it to the masses.

      (Cue in Communism or Enlightened Dictatorship fanboys...)

  9. Monetization? by ramirodt · · Score: 5, Interesting

    How do they make money if they cannot sift through your data?

    1. Re:Monetization? by Actually,+I+do+RTFA · · Score: 1

      Well, some things are encrypted (contents of the conversation) some are not (who you talk to, and for how often). I read this an admission that FB's data mining through natural language is not nearly as valuable as their meta-data about networks. And that's probably because their AI isn't sophisticated enough yet.

      Which is only a matter of time, because FB can throw literal billions at natural language AI and it would be a reasonable expense.

      --
      Your ad here. Ask me how!
    2. Re: Monetization? by bill_mcgonigle · · Score: 1

      This will merge into Facebook Messenger. People will get wise to needing secure end-to-end communications and would leave Facebook Messenger if it were not secure. This keeps people on Facebook. This improves the monetization through other parts of Facebook. Not every single piece of every single machine has to directly serve a single end goal.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  10. Just Marketing by Anonymous Coward · · Score: 0

    This is just marketing. While they may actually be doing end to end encryption, they're also mining your conversation for their primary customers, who are marketers.

    1. Re: Just Marketing by echnaton192 · · Score: 1

      You mean the metadata, as stated by various others.

  11. Re: Encrypt all you want by Anonymous Coward · · Score: 0

    I doubt the 15 people invented and proved new cryptography algorithms, rather they implemented existing ones into a product.

    That kind of job is a Software Engineer's job. The other would be a Computer Scientist's job. "Programmer" doesn't really mean much in this context.

  12. Fully encrypted by ThatsNotPudding · · Score: 3, Insightful

    (except for all your data and metadata backdoor copied to the hivemind of Facebook). Why do you think they bought WhatsApp? To ensure they could NOT sell the product (users) to the customers (advertisers and TLAs)? Please. I wouldn't trust Zuckerburg farther than I could throw his precious snowflake (who is doomed to grow up to be an abject nightmare).

  13. now make a desktop app version that works properly by Idimmu+Xul · · Score: 1

    because Line is so much more usable, I really don't care if it has encryption or not, whatsapp just doesn't get a lookin any more

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
  14. Third parties by Anonymous Coward · · Score: 0

    Encrypted communication should be default, but tracking by third parties should also be eliminated. A country can always outsource its surveillance to some place like Turkey.

    1. Re:Third parties by Anonymous Coward · · Score: 0

      I suppose this would eliminate the opportunity for someone in Turkey to spy on US Internet traffic.

  15. too bad its What;s App by Anonymous Coward · · Score: 0

    silent circle, Wicker, wonker, Krypto King, cryptainer, tru-krypt, bipiety bobiety boo..

  16. i'll bet the message backups are not secure by Anonymous Coward · · Score: 0

    there is always a weak link. cool feature backs up your convos. Likely a weak point.

  17. WhatsApp is free, buddy by Anonymous Coward · · Score: 2, Informative

    Straight from the horses mouth:

    https://blog.whatsapp.com/615/Making-WhatsApp-free-and-more-useful

    Tell me more about this business model you know so much about.

  18. You don't even need to wonder by Anonymous Coward · · Score: 0

    Facebook openly makes a business out of selling your personal information. It's not that you can't trust Facebook. It's that you CAN trust them to do exactly the very worst thing for you in terms of your privacy.

    The notion that they are protecting your information from the man in the middle is irrelevant when they are selling it out of the front door to their customers.

  19. Meanwhile, in jabber land by grasshoppa · · Score: 4, Insightful

    Meanwhile, in the land of the XMPP protocol, we've been end to end encrypted for over a decade.

    Seriously, why is it 2016 and this is NOT a standard feature of a chat protocol?

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
    1. Re: Meanwhile, in jabber land by qbast · · Score: 1

      Meanwhile in real world nobody gives a damn about jabber.

    2. Re: Meanwhile, in jabber land by Anonymous Coward · · Score: 2, Insightful

      And this is why you don't have e2e encryption -- because you want to shit on the only protocol that has had e2e for over a decade.

      So to keep your snark going, dickhead:

      Meanwhile in the real world nobody really cares about end to end encryption because they could have had it by demanding and using XMPP but instead they decided to whore themselves out to the flashy and shiny Facebook and friends and agree to have their privacy raped and pillaged for no other reason than they needed to know what all of their "friends" were up to every fucking minute of the day.

      "Facebook and friends" are not interested in really giving your e2e on all of your communications because then they couldn't whore you out to the marketers that really pay their bills.

    3. Re: Meanwhile, in jabber land by Anonymous Coward · · Score: 0

      Wow, you are really angry at people who have different interests than you.

    4. Re: Meanwhile, in jabber land by grasshoppa · · Score: 3, Interesting

      That's more an indictment of the real world than jabber, wouldn't you say?

      That said, I don't know how popular the openfire server is, but that uses the same protocol ( XMPP ) as jabber. I know I use it quite extensively.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    5. Re: Meanwhile, in jabber land by Anonymous Coward · · Score: 0

      And this is why you don't have e2e encryption -- because you want to shit on the only protocol that has had e2e for over a decade.

      *cough* PGP *cough* GPG *cough* SFTP *cough* SSH+IRC ... oh it felt good to clear my throat there.

      I suggest reading Ayn Rand's Atlas Shrugged and then seriously rechecking your premises. Some day the historians will investigate the genesis of all of this. I strongly suspect that one or more parties with interests related to XMPP had the willful intent to leave people like you with that specific misimpression.

  20. Re: Encrypt all you want by Anonymous Coward · · Score: 0

    The original AC is mostly right though. If you received a degree in Software Engineering from an accredited university then by all means, you're a Software Engineer. However if you're just a hipster code monkey copy-pasting from stack exchange then you have no business calling yourself an "engineer".

    Same thing as garbagemen calling themselves "sanitation engineers".

  21. a team of only 15 engineers by DarthVain · · Score: 1

    Who were quickly put to death after the encryption security was put in place so that no one can ever divulge their secrets!

    Now Pharaoh level security is available to everyone!

    1. Re:a team of only 15 engineers by suupaabaka · · Score: 1

      So the FBI must see itself as Moses!

  22. Re:Encrypt all you want by Anonymous Coward · · Score: 0

    Software Engineers define and control the flow of electrical currents through circuits and determine and set the magnetic properties of the supporting semiconducting substrate. Sounds like a physics-based discipline.

  23. So really, by Anonymous Coward · · Score: 0

    ... Privacy researcher and activist Christopher Soghoian rightfully adds, "Google has no excuse".

    But no-one complained when the original product had less privacy than email. Encryption key-ring standards have been around for several years, the original developers had no excuse for such a privacy-deprived product. It would be easy enough to tag an advert to the encrypted message as it passed through the server, allowing monetization to continue.

    Microsoft removed the anonymity from Skype, and who knows how much privacy, while their competitors are adding privacy to their product. Maybe this will allow everyone to abandon Skype. The server/client model means that every packet can be tracked, even when the contents aren't readable.

  24. intellectually dishonest. by Anonymous Coward · · Score: 4, Informative

    The user's device generates the private key, but only under the control of WhatsApp's closed-source app.

    The key exchange is done through WhatsApp's server, much like message exchange. There is no revokation, though I imagine a user who loses his private key could generate and register a new one. There are no certificates except for the connection to the server.

    An attacker would have to take control of WhatsApp's server, but once that is done, they could run classic MiTM attacks on all WhatsApp users.

    This is intellectually dishonest. Whatsapp allows you to verify the key signature either via barcode or via hash comparison.

  25. I don't need it by LordHighExecutioner · · Score: 1

    The few people with whom I exchange messages on whatsapp use so much shortcuts and abbreviations that conversations are very garbled, and I found myself unable to decode its meaning just after a few days. I don't see the need for adding further encryption here...

  26. EFF Secure Messaging Scorecard by uassholes · · Score: 3, Informative

    https://www.eff.org/secure-messaging-scorecard

  27. Good by Anonymous Coward · · Score: 0

    'Bout damn time somebody did it.

  28. Re: Encrypt all you want by Etcetera · · Score: 1

    The original AC is mostly right though. If you received a degree in Software Engineering from an accredited university then by all means, you're a Software Engineer. However if you're just a hipster code monkey copy-pasting from stack exchange then you have no business calling yourself an "engineer".

    Same thing as garbagemen calling themselves "sanitation engineers".

    For once, I'll agree here. A Systems Engineer is not a "programmer" either, and juxtaposing with hipster code monkies is used to distinguish there as well, except in the latter case it's chef recipes, #devops, and declarative config files because shell scripts and the unix command line scare them.

    --
    Hire a Linux system administrator, systems engineer,
  29. Open Whisper Systems / Moxie needs to fix this by Anonymous Coward · · Score: 0

    The developers Open Whisper Systems have their own private messaging app called Signal Private Messenger. Take a look at the permission details it requires to install it, what a fucking joke. Everyone even the "privacy" guys want every piece of your info.

  30. web whatsapp by bobobaka · · Score: 1

    How does this work with web.whatsapp.com ?

    From https://blog.whatsapp.com/10000618/end-to-end-encryption/:

    "The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. [...] Not even us."

    But my browser connects to web.whatsapp.com ? Are the messages decrypted in the browser ? Is there a key in the cookies ?

    The first thing you do to connect is scan a QR code. I just tried scanning one with a generic app (not whatsapp), it's a couple of base64 string 42 bytes and 16 bytes long. That could work as a key (symmetric). I cant't seem to chromium-inspect the content that's feeding my web.whatsapp.

    Anyone with data on this ?

    1. Re:web whatsapp by Hognoxious · · Score: 1

      There's something wrong with your keyboard. When you type a question mark it's inserting a space before it.

      Or maybe you're a retard.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  31. WhatsApp's end2end encryption - how it work by Anonymous Coward · · Score: 0

    It's interesting to see how the media going gaga over this news as if WhatsApp has just released a new cool feature. For a company with this size, it should have been done a long time ago. We asked a security researcher from Avast to write an article about this "hot" stuff here. In the article, he also explains how end-to-end encryption works in WhatsApp in case you're interested. https://www.teskalabs.com/blog/whatsapp-end-to-end-encryption