Slashdot Mirror
WhatsApp Enables End-To-End Encryption For All Forms of Communications By Default
Popular instant messaging app WhatsApp, on Tuesday, announced that it is turning on end-to-end encryption for all its users by default. The company says that every call a user makes, every text message they send, all photos and videos they share will now be more secure. Furthermore, the encryption status of any chat is visible under the chat's preferences screen. The announcement comes a little over a year after the Facebook-owned company partnered with Open Whisper Systems, a nonprofit software group that develops collaborative open source projects with a mission to "make private communication simple." The end-to-end encryption feature is available on the latest version of the app. In a blog post, Open Whisper Systems further explains the feature: Once a client recognizes a contact as being fully e2e capable, it will not permit transmitting plaintext to that contact, even if that contact were to downgrade to a version of the software that is not fully e2e capable. This prevents the server or a network attacker from being able to perform a downgrade attack. In a blog post, WhatsApp writes: While WhatsApp is among the few communication platforms to build full end-to-end encryption that is on by default for everything you do, we expect that it will ultimately represent the future of personal communication. WhatsApp has also made available the technical details about how the two companies implemented this feature (PDF). For those of you who haven't heard of WhatsApp, it's an instant messaging and voice calling app. The free service, which is available across all popular platforms, is used by more than a billion people worldwide every month. A report on Wired says that a team of only 15 engineers enabled this security feature for over a billion users. Privacy researcher and activist Christopher Soghoian rightfully adds, "Google has no excuse."
Nice, as it prevents dragnet surveillance. Still I don't want to use what's app just like signal as it doesn't work without GCM, with google/apple knowing my ip address all the time.
The companies build their encryption so that only the data they are interested in and will monetize reaches them. But they still monetize your data. And for every encrypted messaging app that pops up, the moment you use a whatsapp bot or siri or google maps or whatever, they know your location.
Perhaps they really are implementing secure end-to-end but from their previous actions this announcement makes me suspect that something else which is actually secure is becoming so popular that an "approved" "secure" (but not really) needs to be pushed out to the ignorant masses.
Show me the source code and I will consider trusting that this is secure. I am not going to just take their word for it because they have proved that it means nothing time and time again.
9/11: Never forget it was a false-flag operation
(except for all your data and metadata backdoor copied to the hivemind of Facebook). Why do you think they bought WhatsApp? To ensure they could NOT sell the product (users) to the customers (advertisers and TLAs)? Please. I wouldn't trust Zuckerburg farther than I could throw his precious snowflake (who is doomed to grow up to be an abject nightmare).
Meanwhile, in the land of the XMPP protocol, we've been end to end encrypted for over a decade.
Seriously, why is it 2016 and this is NOT a standard feature of a chat protocol?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
"An attacker would have to take control of WhatsApp's server, but once that is done, they could run classic MiTM attacks on all WhatsApp users."
But in this case it would be THE MAN in the middle.