The Guardian Backtracks On WhatsApp 'Backdoor' Report

Five months after The Guardian published an investigative report, in which it found a "backdoor" in the Facebook-owned service, the publication is finally making amendments. The January report immediately stirred controversy among security experts, who began questioning The Guardian's piece. Weeks later, Zeynep Tufekci, a researcher and op-ed writer for the New York Times, published an open letter with over 70 major security researchers working at major universities and companies like Google condemning the story, and asking the publication to retract it.. Paul Chadwick, The Guardian's reader's editor, said "The Guardian was wrong to report last January that the popular messaging service WhatsApp had a security flaw so serious that it was a huge threat to freedom of speech." From his article: In a detailed review I found that misinterpretations, mistakes and misunderstandings happened at several stages of the reporting and editing process. Cumulatively they produced an article that overstated its case. The Guardian ought to have responded more effectively to the strong criticism the article generated from well-credentialled experts in the arcane field of developing and adapting end-to-end encryption for a large-scale messaging service. The original article -- now amended and associated with the conclusions of this review -- led to follow-up coverage, some of which sustained the wrong impression given at the outset. The most serious inaccuracy was a claim that WhatsApp had a "backdoor", an intentional, secret way for third parties to read supposedly private messages. This claim was withdrawn within eight hours of initial publication online, but withdrawn incompletely. The story retained material predicated on the existence of a backdoor, including strongly expressed concerns about threats to freedom, betrayal of trust and benefits for governments which surveil. In effect, having dialled back the cause for alarm, the Guardian failed to dial back expressions of alarm.

Re:Media trust.

Look to those who offer retractions and publish information on their mistakes rather than blindly pressing ahead in the face of contradictory facts.

Re:Media trust.

Exactly. I don't condemn anyone for admitting a mistake. I'm suspicious of anyone who will never admit to a mistake.

Re: Media trust.

What about people who only admit mistakes when caught?

Because that's who you are defending. They aren't sorry about the lies (they keep printing them). They're sorry the lies were so blatant as to be obvious.

Are you downloading a real or modified app?

When WhatsApp or any other app is updated, and a seemingly small update needs several weeks to be processed by Apple or whoever, will you be downloading the app that was submitted, or one that has been modified? There's no way for you to know.

Consider those 4 weeks the time needed to modify the app before publishing it, to be able to listen in on certain targets, or why not everyone. It's not you who publish the app, you just make _an_app and submit the source code for it, and Apple, or really specifically targetted employees, then decide exactly what to publish, remember that.

As long as you haven't got control over your device, you have to consider it to be insecure, and you will _never_ have control over your iPhone or your Android phone.

Did Facebook release the source code?

[hackel]

Unless Facebook actually went so far as to release the source code to WhatsApp, we have NO IDEA what it contains. that's the whole point. The Guardian shouldn't have been making claims that they could not substantiate. But likewise, no one should be defending WhatsApp in this case. Anyone who relies on proprietary software for security or encryption is just asking for trouble.