DARPA Wants To Make a Better, More Secure Version of WhatsApp (trustedreviews.com)

← Back to Stories (view on slashdot.org)

DARPA Wants To Make a Better, More Secure Version of WhatsApp (trustedreviews.com)

Posted by BeauHD on Monday April 15, 2019 @09:00AM from the free-for-all dept.

The Defense and Advanced Research Projects Agency (DARPA) appears to be in the process of developing its own ultra secure communication platform. The program is called "Resilient Anonymous Communication for Everyone," or RACE, and it will be similar to WhatsApp in that it will be for everyone to use. Trusted Reviews reports: The objectives of the program are to create a distributed messaging system that can do three things: Exist completely within a network; Provide confidentiality, integrity and availability of messaging; and Preserve privacy to any participant in the system.

DARPA seem to be putting security front and center, and the description of the project claims that "compromised system data and associated networked communications should not be helpful for comprising any additional parts of the system," meaning that DARPA are keen that one breach shouldn't also give them a leg up on access to other parts of the system. So, will we soon be using a U.S government branded DARPA? Probably not, but the chances are that RACE will go some way to creating a messaging app that's resilient to attacks, with the protocol and security they find no doubt dripping through to consumer tech and features in the coming years.

45 of 93 comments (clear)

Min score:

Reason:

Sort:

No thanks by Anonymous Coward · 2019-04-15 09:04 · Score: 2, Funny

Are you seriously suggesting I should trust a communications app made by the government?
1. Re:No thanks by BringsApples · 2019-04-15 09:11 · Score: 4, Insightful
  
  So many people are probably thinking this same thing right now...
  ...as they post the story to facebook, twitter and whatsapp.
  
  --
  Politics; n. : A religion whereby man is god.
2. Re:No thanks by Anonymous Coward · 2019-04-15 09:35 · Score: 1
  
  If you use facebook or google services, you basically already do! The frog boils slowly, and they're turning up the heat a little. Most people *don't* notice.
3. Re: No thanks by illiac_1962 · 2019-04-15 10:03 · Score: 5, Insightful
  
  You mean like the internet? The one we are using right now to bitch about things anonymously and do our banking?
4. Re: No thanks by ceoyoyo · 2019-04-15 11:13 · Score: 1
  
  I love the juxtaposition of those two applications.
5. Re: No thanks by Cmdln+Daco · 2019-04-15 13:13 · Score: 1
  
  You badly misspelled "Hillary" there.
6. Re:No thanks by Actually,+I+do+RTFA · 2019-04-15 13:57 · Score: 1
  
  Are you seriously suggesting I should trust a communications app made by the government?
  I mean we're on the Internet (by DARPA), using HTTPS (built on crypto standards from the NIST), using ASCII (what Unicode?) which took off when it was mandated by LBJ.
  
  --
  Your ad here. Ask me how!
7. Re: No thanks by Anonymous Coward · 2019-04-15 15:43 · Score: 1
  
  > You badly misspelled "Hillary" there.
  Sorry...
  "Save it for Hillary, Donald."
8. Re:No thanks by Oceanplexian · 2019-04-15 17:59 · Score: 3, Insightful
  
  On one hand, no, but on another, isn't that the point of the government? They exist to serve the people. Assuming the code is open source, audited, and done in a way that's completely open and transparent? yeah I think I would trust it.
9. Re:No thanks by Highdude702 · 2019-04-16 00:21 · Score: 1
  
  Incidentally, anybody with a router, can still monitor ALL traffic going THROUGH it... Crazy right?
  Seriously what was your point? Was it meant as 'Works As Expected' or do you think that if you own a router and someone sends traffic through it that you can't see what they are communicating with? And if its not encrypted you can read every byte...
10. Re:No thanks by Highdude702 · 2019-04-16 00:24 · Score: 1
  
  Only because of partisan people like you. That is how they get away with it, the 'go team go!' mentality allows them to shit all over us and do what they want and still get re-elected.
11. Re:No thanks by Anonymous Coward · 2019-04-16 01:01 · Score: 1
  
  I cannot see how it can't be any more insecure than one made by a private company. In fact, at least I'd be doing with FISMA and FedRAMP controls on the app, so there is some innate security.
12. Re:No thanks by Highdude702 · 2019-04-16 11:40 · Score: 1
  
  Sorry, used to the underhanded "My team good, your team bad" types around here. And it was early as fuck so I probably wasn't thinking strait.
13. Re:No thanks by Highdude702 · 2019-04-16 11:41 · Score: 1
  
  And there is a whole shitload of the internet that don't use those standards yet. So, my point still stands. Also not everything is encrypted while using those standards. See 'Metadata'.
14. Re: No thanks by Cmdln+Daco · 2019-04-16 14:54 · Score: 1
  
  Indeed. The chickens in Washington are close to the chopping block.
15. Re:No thanks by Highdude702 · 2019-04-17 00:19 · Score: 1
  
  Maybe you cant because you don't know how. But I can. And google goes a long way for someone in your position.
16. Re:No thanks by Highdude702 · 2019-04-17 05:52 · Score: 1
  
  So you didnt even read what i said. This is probably why people dont respond to AC's. Not only too lazy to register, too dumb to read.
one head says this, another head says that by sanf780 · 2019-04-15 09:10 · Score: 5, Funny

FBI tells us that encryption is for terrorists, DARPA tells us that encryption is for everyone. Are we all terrorists now?
1. Re:one head says this, another head says that by Pseudonym · 2019-04-16 00:33 · Score: 2
  
  This is how you can be certain that there's no grand government conspiracy. It's left hand doesn't know who it's right hand is doing.
  Conspiracy theories appeal to humans because we are pattern-seeking machines that find connections in randomness. But few stop to ask why there is randomness.
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
2. Re:one head says this, another head says that by luis_a_espinal · 2019-04-16 04:19 · Score: 1
  
  Conspiracy theories appeal to humans because we are pattern-seeking machines that find connections in randomness. But few stop to ask why there is randomness.
  Totally (I must steal this quote.)
  With that said, the other explanation is that DARPA by itself does not work so embedded in the machinations of government. It has one mandate: foster and fund R&D, explore interesting problems and develop cool shit (specially cool shit no one else can because of production costs) independently of political climates (to the extend possible.)
  DARPA is one thing I deeply respect.
Signal? by Anonymous Coward · 2019-04-15 09:12 · Score: 2, Insightful

You mean Signal?
First stupid question: by Anonymous Coward · 2019-04-15 09:16 · Score: 2, Funny

Will users be referred to as "racists"?
DARPA wants encryption for SPYS by fish_in_the_c · 2019-04-15 09:16 · Score: 1, Informative

is this not just obvious. what use case would a spy organization have for software that:
Untraceable unreadable distributed long distance communication ubiquitously.
Isn't that basically the holy grail of military encryption.

--
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
1. Re:DARPA wants encryption for SPYS by skovnymfe · 2019-04-15 17:55 · Score: 2
  
  Well it needs to be decryptable too. By the US military only.
2. Re:DARPA wants encryption for SPYS by bill_mcgonigle · 2019-04-16 03:55 · Score: 1
  
  What's good for the goose is good for the gander.
  Getting everybody to use it helps the spies' traffic not stand out.
  But Signal and Wire already exist, so they should fork of those (Signal probably).
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Could this be a wonderful change? by charliemerritt03 · 2019-04-15 09:34 · Score: 1

Wouldn't it be wonderful if the US Government, after much detailed study, concluded that private communications would actually be GOOD for the country?
OR is there a chance that valid court order will be a valid decryption key for this new Whatsapp - like Clipper, anyone remember Clipper?
1. Re:Could this be a wonderful change? by Gavagai80 · 2019-04-15 10:11 · Score: 4, Insightful
  
  DARPA developed the Onion routing the Tor project uses, too -- way back in the 1990s. The US military is always keen to enable private communications between dissidents and demonstrators in disliked nations, and also for Americans organizing activities in said nations. That such tools also happen to be able to protect Americans from the US government is not sufficient reason to kill the projects, apparently. We can only hope the ability of foreign hackers to acquire decryption keys will prevent their use.
  
  --
  This space intentionally left blank
2. Re:Could this be a wonderful change? by RockDoctor · 2019-04-18 04:38 · Score: 1
  
  In the allegedly techy readership of Slashdot, it seems nobody but you and I (from Europe) does remember Clipper.
  I think the TLAs have won, at least in America.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
A name for that project by zm · 2019-04-15 09:35 · Score: 3, Insightful

Signal.

--
Sig ?
1. Re:A name for that project by UnknownSoldier · 2019-04-15 13:15 · Score: 2
  
  ItsAtrap.
2. Re:A name for that project by Aqualung812 · 2019-04-15 14:08 · Score: 1
  
  Signal doesn't have the ability to exist entirely within a network. It depends on Signal's servers.
  
  --
  Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
3. Re: A name for that project by bursch-X · 2019-04-15 16:56 · Score: 2
  
  Or just Akbar
  
  But not as in "Allah hu" ;-)
  
  --
  There are two rules for success:
  1. Never tell everything you know.
Editing FTW by Etcetera · 2019-04-15 09:47 · Score: 1

DARPA seem to be putting security front and center, and the description of the project claims that "compromised system data and associated networked communications should not be helpful for comprising any additional parts of the system," meaning that DARPA are keen that one breach shouldn't also give them a leg up on access to other parts of the system. So, will we soon be using a U.S government branded DARPA?
What?

--
Hire a Linux system administrator, systems engineer,
Trust by markdavis · 2019-04-15 09:56 · Score: 1, Troll

I am not sure I could ever trust a government-endorsed and/or supplied communication system as being actually "private" for the public. To me, private means that NOBODY can ever intercept, decrypt, or obtain the information contained in the messages except for those intended by the end users.
Perhaps if the entire design was open, all the code was open source and openly reviewed, and all the management of it were distributed and open. Otherwise, there is far, far, far too much incentive for the government's "three letter" agencies to plant in back doors, weaknesses, logging, tap points, malware, whatever. And if they can't get what they want, I believe it will be stopped, prevented, or corrupted; so I wouldn't hold my breath.
1. Re: Trust by illiac_1962 · 2019-04-15 10:05 · Score: 1
  
  They are talking about an open protocol. Implementation is up to you/us.
2. Re: Trust by markdavis · 2019-04-15 10:11 · Score: 1
  
  >"They are talking about an open protocol. Implementation is up to you/us."
  In the past, DARPA has produced good stuff, so as long as the science behind it is sound, an open implementation of it could be a good thing. I just have a feeling they are going to get slapped down hard for even thinking such thoughts, much less spending money/resources on developing such a protocol. Or some law will go through in the name of "safety" and "crime" that makes using such protocols illegal. Federal spy/security/law enforcement agencies really do seem to believe they ultimately have a right to access anything they want and an unbreakable "lock" will create a doom's-day scenario.
3. Re:Trust by WillAffleckUW · 2019-04-15 10:35 · Score: 1
  
  Thank you for not using GPS.
  
  --
  -- Tigger warning: This post may contain tiggers! --
4. Re:Trust by markdavis · 2019-04-15 10:55 · Score: 1
  
  >"Thank you for not using GPS."
  GPS is not two-way communications...
5. Re:Trust by markdavis · 2019-04-15 11:00 · Score: 1
  
  >"You mean like DES or perhaps AES?"
  I should have added "developed now" or "recently". Those two were developed a long time ago, before things got really heated.
6. Re:Trust by WillAffleckUW · 2019-04-15 11:21 · Score: 1
  
  You said communication system.
  
  --
  -- Tigger warning: This post may contain tiggers! --
Re: Darpa? More like, Dorka. by illiac_1962 · 2019-04-15 10:07 · Score: 2

Is signal distributed, existing solely within the network? Cause I see the word "server" used a lot. You guys can't even read the fucking summary any more.
Re:No, specifically Signal. Not e.g. WhatsApp. by ctilsie242 · 2019-04-16 01:03 · Score: 1

The Facebook Messenger app on iOS and Android has the option to use the Signal protocol as well.
Signal? by ilsaloving · 2019-04-16 04:15 · Score: 1

Why isn't DARPA looking at Signal? I thought they were the benchmark by which all other secure communications are compared. Most other services actually use their protocol behind the scenes, including WhatsApp.
AFAIK the problems with WhatsApp are mismanagement of the backend, not the protocol, and I'm not aware of Signal having these problems.
Re:Why not Matrix? by q4Fry · 2019-04-22 06:19 · Score: 1

France went with a Matrix/Riot.im public fork/derivative as their government encrypted messenger app. Why reinvent the wheel, when this is something that works at scale?
Un-AC bump with links.
Communication App by Clariti2018 · 2019-04-29 18:17 · Score: 1

Check out this communication app called Clariti https://clariti.app/