Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People

Suzanimal

Suzanimal

Member
Joined
Jan 17, 2012
Messages
33,385
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People

FOR MOST OF the past six weeks, the biggest story out of Silicon Valley was Apple’s battle with the FBI over a federal order to unlock the iPhone of a mass shooter. The company’s refusal touched off a searing debate over privacy and security in the digital age. But this morning, at a small office in Mountain View, California, three guys made the scope of that enormous debate look kinda small.

Mountain View is home to WhatsApp, an online messaging service now owned by tech giant Facebook, that has grown into one of the world’s most important applications. More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network. And today, the enigmatic founders of WhatsApp, Brian Acton and Jan Koum, together with a high-minded coder and cryptographer who goes by the pseudonym Moxie Marlinspike, revealed that the company has added end-to-end encryption to every form of communication on its service.

This means that if any group of people uses the latest version of WhatsApp—whether that group spans two people or ten—the service will encrypt all messages, phone calls, photos, and videos moving among them. And that’s true on any phone that runs the app, from iPhones to Android phones to Windows phones to old school Nokia flip phones. With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network. In other words, WhatsApp has no way of complying with a court order demanding access to the content of any message, phone call, photo, or video traveling through its service. Like Apple, WhatsApp is, in practice, stonewalling the federal government, but it’s doing so on a larger front—one that spans roughly a billion devices.

“Building secure products actually makes for a safer world, (though) many people in law enforcement may not agree with that,” says Acton, who was employee number forty-four at Internet giant Yahoo before co-founding WhatsApp in 2009 alongside Koum, one of his old Yahoo colleagues. With encryption, Acton explains, anyone can conduct business or talk to a doctor without worrying about eavesdroppers. With encryption, he says, you can even be a whistleblower—and not worry.

...
Click to expand...

http://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/
 
What use is encryption when the device that's used to decrypt messages is accessible itself? Illusion of safety is what it is.
 
With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network.
Click to expand...

Skype had that, then Microsoft bought it and decided it wanted to monetize the information. I can't imagine Facebook won't give in to the same urge.
 
idiom said:
Skype had that, then Microsoft bought it and decided it wanted to monetize the information. I can't imagine Facebook won't give in to the same urge.
Click to expand...

Solution: OPEN SOURCE.

Next.
 
idiom said:
Skype had that, then Microsoft bought it and decided it wanted to monetize the information. I can't imagine Facebook won't give in to the same urge.
Click to expand...

Good business model: Make a great product, sell it to Microsoft. Watch them fuck it up, then make what you made again but better.

http://www.reuters.com/article/us-dataprotection-messaging-wire-idUSKCN0WC2GM
Skype co-founder launches ultra-private messaging, with video

A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video.

Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple.

The company said on Thursday it was adding video calling to a package of private communications services that go beyond existing messaging providers.

Rivals such as Facebook's Messenger and WhatsApp or Telegram offer encryption on only parts of a message's journey or for a specific set of services, it said.

Wire, which is based in Switzerland relays communications through its network of cloud computers but user communications are stored, in encrypted form, on their own devices. It delivers privacy protections that are always on, even when callers use multiple devices, such as a phone or desktop PC simultaneously.

This comprehensive approach poses fresh challenges to law enforcers, who often seek to exploit gaps in encryption in criminal or security investigations.
Click to expand...
wire-620x400.jpg
 
idiom said:
Open source encryption was deeply and untraceably rooted for a long time. Making it open source didn't magically solve security the way you suggest.
Click to expand...

You read into my words that which is neither stated nor implied. Open source is a good approach to such problems. Why? Because of something called "peer review". This doesn't mean bugs cannot occur. I don't know how much you know about encryption, but I have enough knowledge to be truly dangerous. The key to sound encryption is to make the crypto-stream indistinguishable from the random. This is exceedingly difficult to do. I could recite to you chapter and verse the various side-band attacks that have been successfully employed to crack various schemes. How about monitoring CPU energy usage such that a pattern emerges and from that pattern the crack is derived? These are the sorts of subtle attacks that people way smarter than myself employ to reveal cleartext messages.

One of the points of all this is to underscore how very difficult it is even for people who know what they are doing to implement proper crypto-systems. That said, there is the issue not only of trust (can we trust that Apple will never change its mind about providing keys or backdoor access to Themme?), but of actual soundness. With proprietary systems, the outsider can never know, save in the case he discovers some weakness. With open source, the application in question is as liable to attack as any other, but at least the source is freely available to all people, opening it up to far broader scrutiny, which can never be a bad thing. The more competent eyes you get on this sort of thing, the better. BSD is a great example of this.

There is nothing "magical" about open source. It is a simple matter of more is better in terms of examination.
 
osan said:
You read into my words that which is neither stated nor implied. Open source is a good approach to such problems. Why? Because of something called "peer review". This doesn't mean bugs cannot occur. I don't know how much you know about encryption, but I have enough knowledge to be truly dangerous. The key to sound encryption is to make the crypto-stream indistinguishable from the random. This is exceedingly difficult to do. I could recite to you chapter and verse the various side-band attacks that have been successfully employed to crack various schemes. How about monitoring CPU energy usage such that a pattern emerges and from that pattern the crack is derived? These are the sorts of subtle attacks that people way smarter than myself employ to reveal cleartext messages.

One of the points of all this is to underscore how very difficult it is even for people who know what they are doing to implement proper crypto-systems. That said, there is the issue not only of trust (can we trust that Apple will never change its mind about providing keys or backdoor access to Themme?), but of actual soundness. With proprietary systems, the outsider can never know, save in the case he discovers some weakness. With open source, the application in question is as liable to attack as any other, but at least the source is freely available to all people, opening it up to far broader scrutiny, which can never be a bad thing. The more competent eyes you get on this sort of thing, the better. BSD is a great example of this.

There is nothing "magical" about open source. It is a simple matter of more is better in terms of examination.
Click to expand...

If Peer Review doesn't actually happen then its actually renders a false sense of security.
 
idiom said:
If Peer Review doesn't actually happen then its actually renders a false sense of security.
Click to expand...

Agreed, but that point is orthogonal to the inherent value of peer review, in sé.
 
You must log in or register to reply here.

Similar threads

Swordsmyth
NSA is urging Apple and Android users to change two specific settings on their phones to prevent possible cyberattacks
Replies
0
Views
79
Swordsmyth
Swordsmyth
Swordsmyth
Hacker leaks 10 BILLION passwords from dozens of popular websites
Replies
1
Views
19K
PAF
PAF
PAF
Don’t Just Reform the US Government’s War on Drugs. End It.
Replies
2
Views
453
TheTexan
TheTexan
Brian4Liberty
2025 New Year’s Resolutions for DC, Pt. One
Replies
0
Views
5K
Brian4Liberty
Brian4Liberty
PAF
L’État, C’est Moi (“I Am the State”).Trumpian Version
Replies
0
Views
77
PAF
PAF
Back
Top