Lawsuit Alleges That WhatsApp Has No End-to-End Encryption (pcmag.com) 115
Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.
As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."
"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."
As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."
"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."
Not the first time (Score:2)
Re: (Score:3)
Just use gpg to send an email, run your mail clients locally and call it a day. We already had this decades ago.
Of course, it's too complicated for the mere mortals so we need big corporation to come to the rescue.
Re: (Score:2)
Yes. Run it locally on some OS that does not spy on you and generally prioritizes security and the effort to get into your messages goes through the roof. Unless you are really wanted by somebody with pretty deep pockets, you will be secure.
Re: (Score:2)
Perhaps you once should use a chat program.
For example google "irc" or if you like to run stuff only locally, try "talk", cough cough ...
Hint: an email is not a chat message.
EMails are not chatting.
And: the problem of "end to end encryption" is not solved with eMail ... or are your mails on "what ever your device is" encrypted? Likely they are not ...
No idea why the internet is full with idiots that propose a solution to a problem, that is completely different.
q) Hey mate, how can I can pay with my mobile phone via QR codes?
a) Use cash, idiot!
Oh, thanks you moron ...
Re: (Score:2)
I am glad you mentioned it. I regularly chat with my team members using ssh to a server running a irc client which is the login shell and the client connects to the local irc server running on the same said server.
For a quicker and dirtier solution, you mentioned it again, just use talk to avoid setting up a irc server.
Believe me here, I am not bragging in any way, just sharing my own experience while realizing people will come up with all kinds of no-no and I am willing to accept any objections. In other
Re: (Score:2)
You are trying to convince people that a chat program is the same as email.
So?
Stupid, pretend to be stupid? Or not Stupid?
A IRC server as login shell - sounds not really a thing to be proud about.
Re: (Score:2)
I already told you I am not trying to be "proud" about anything. Talk as a login shell works fine too. /s
Re: (Score:2)
If you mean with "log in shell" the command stored in /etc/passwd ... then everything works just fine.
Re: (Score:2)
I realize you are still green in Unix systems administration and solutions /s
Meta? Abusing private data and the lying about it? (Score:5, Funny)
Gee, what would lead anyone think they were capable of doing such a thing?
The Great Zuck. (Score:5, Informative)
Gee, what would lead anyone think they were capable of doing such a thing?
I believe the great Harvard-educated philosopher Mark Zuckerberg said it best when he summized to say one fine day, maybe in May..
”Dumb fucks.” - Zuck
Re: (Score:3)
While Zuck-the-Fuck is wrong on many things, on this one he is spot-on.
Re: (Score:1)
Well, the summary says the claims are "sensational". Maybe it was written by Meta
I'm inclined to believe it (Score:5, Insightful)
Re:I'm inclined to believe it (Score:5, Interesting)
The backdoor was probably mandated by the feddy gov.
Re: (Score:2)
The backdoor was probably mandated by the feddy gov.
Interestingly Facebook very much went back to feddy gov in front of a judge and told them they can't do this. I hope they can, that way we can throw Zuckerburg in jail for perjury for lying to both the FBI and a federal court.
Re: (Score:3)
If they are breaking encrypted chats under an NSA gag order (quite probable) then they are required to lie, even in court or any (public) statements to the FBI. Homeland Security has special courts just for this kind of stuff but nothing that goes on in them is made public. So even if cooperation with the government is proven absolutely nobody is going to jail except the whistleblower.
Honestly, I thought everyone knew this stuff. It's why "canaries" used to be a thing.
Long story short: nothing you send on t
Re: (Score:2)
If they are breaking encrypted chats under an NSA gag order (quite probable) then they are required to lie, even in court or any (public) statements to the FBI.
No. The NSA can tell you not to let others know you did something for them, but they can't compel you to lie about your own capabilities to a court or federal agents. They are two different things with different scopes. There was never a question of what the NSA did or didn't ask anyone. The only question was whether Facebook had a certain capability for the FBI and they claimed they did not.
Re: (Score:2)
The waters are pretty muddy here. Tangential to whether Meta can be compelled to lie is the unanswered question of whether such compulsion is even required. For all we know Meta would be perfectly happy with that kind of arrangement since it would give them cover for that thing they already wanted to do but got told they weren't allowed (ie, Cambridge Analytica). Maybe they're not afraid to lie to a court because even if the truth came out they can just use national security as a cover story and failing tha
Lack of information.... (Score:3)
>>> You need to be a pretty big fish for most of this to actually matter.
Ya know, two years ago I would have agreed with you. But today in the USA, it seems like all it requires is voicing an opinion that is contrary to the Government's "Truth":
https://newrepublic.com/post/2... [newrepublic.com]
https://www.nbcnews.com/politi... [nbcnews.com]
https://www.foxnews.com/us/fbi... [foxnews.com]
https://www.reddit.com/r/polit... [reddit.com]
https://www.reddit.com/r/polit... [reddit.com]
Re: (Score:2)
If they are breaking encrypted chats under an NSA gag order (quite probable) then they are required to lie
Cite? My understanding is that multiple Supreme Court rulings have found that the Free Speech Clause prohibits compelled speech. The government can order you to be silent, but not order you to say things you don't want to say.
even in court or any (public) statements to the FBI.
That's a really, really strong claim. Do you have correspondingly-strong evidence?
Honestly, I thought everyone knew this stuff. It's why "canaries" used to be a thing.
AFAIK, warrant canaries are still a thing. Some prominent organizations who had them have stopped publishing them, or have modified them to reduce their scope, but the cause of this appears to be that
Re: (Score:2)
Re: (Score:2)
I would have been surprised if they did not have that capability. None of the "Big IT" companies are trustworthy in any way. They are also time and again doing really incompetent stuff.
closed (Score:5, Insightful)
>"The lawsuit does not provide any technical details to back up the rather sensational claims."
That is an inherent problem with closed code and closed platforms. They can claim anything they want and there isn't much way we can verify their claims. I admit, this story seems really sensational (a little hard to believe), but it is plausible.
Also, there can be word-trickery here. It is possible things can be claimed to be "end-to-end encrypted" and yet still have ways for the mothership to decrypt anything at will (by having intentional secret holes/weaknesses, by storing your or another key, or a method they can pull the key from your device through their own control over the app, or by having master keys present at the start). I think that would be a misuse of the term "end-to-end encryption", yet term use/definitions mutate all the time. Anyway this can backfire spectacularly if discovered and lead to a lot of legal issues- if they had denied law enforcement/courts access in the past with the excuse that they can't decrypt it and then it is discovered they could.
Re: (Score:3)
Otherwise it would be end-to-middle-to-end encryption, wouldn't it?
Re:closed (Score:5, Insightful)
>"Otherwise it would be end-to-middle-to-end encryption, wouldn't it?"
Nope, that would imply it is being decrypted and then re-encrypted in the middle. That doesn't have to happen. It would still have stayed encrypted from one end (sender) to the other end (receiver). The middle can just store the message and decrypt it later, if needed, if they have access to the keys (now or later) or a weakness/backdoor.
Re: (Score:2, Funny)
Here we are, arguing about end-to-end-to-man-in-the-middle word trickery, when the real issue is that they use ROT13 encryption.
Re: (Score:1)
Here we are, arguing about end-to-end-to-man-in-the-middle word trickery, when the real issue is that they use ROT13 encryption.
No, they do a little better than that. They use ROT13 TWICE to make the encryption just that little bit harder to break...
Re: (Score:3)
Re: closed (Score:2)
If it's just tls then you only have a public key, which is not "having the key". Having the private key is what qualifies and for TLS that remains on the server side.
Re:closed (Score:4, Interesting)
I can't imagine this is a "secret" activity. Rather it's a logical follow on from the fact that WhatsApp backs up your data to Google Drive. When you lose your phone or factory reset it you can recover it from Google Drive. What other possible way is there to do this other than having the private key *NOT* stored on your device?
Re: (Score:2)
Re: (Score:2)
A distinction without a difference. Your chats are available somewhere, and Google explicitly state they store your data encrypted but maintain decryption keys themselves. But I suspect you're right about new key generation, one thing that happens when you transfer your device is all your sessions linked to apps on other devices need to be renewed. That said I'm curious as to how this works for existing chats. It's not like my friends explicitly get told about a new key.
I'm more inclined to think that this
Re: (Score:2)
and then there's GMail with it's version of "encrypted email", which only indicates that the first SMTP connection in the chain was secured by TLS.
Wording does matter, but wording is the trickery.
Re: closed (Score:2)
Re: (Score:1)
Could youn please define "closed"? As far as I understand, WhatsApp is based on The Signal Protocol. That is, it uses elliptic curve Diffie-Hellman and the Double Rachet algorithm, both of which should be verifiable through the user itself. That is, it should be possible to. know, without any transparency from WhatsApp, if your device is indeed encrypting and using the keys.
Also, there are no known remote vulnerabilities to The Signal Protocol (that I'm aware of). The FBI has broken encryption on the protoc
Re: (Score:2)
>"Could youn please define "closed"? As far as I understand, WhatsApp is based on The Signal Protocol."
It can be based on anything they like. But if you are running a binary blob on your phone, you have no idea what the actual code is doing ALL the time. And you certainly don't know what their servers are doing. That is "closed".
>"Also, there are no known remote vulnerabilities to The Signal Protocol (that I'm aware of). The FBI has broken encryption on the protocol but this was done physically. Th
Re: (Score:2)
>"Also, you also don't have evidence of what you think is happening. Then, the difference between us is that I'll only believe it once I have evidence and you believe it without evidence."
Did you READ what I wrote? I never wrote or claimed I had any evidence. I never wrote that I thought they were able to break into messages or that I believed they were.
I wrote that it is POSSIBLE and we CAN'T KNOW FOR SURE because the platform and code is not open (it is closed).
Re: (Score:2)
Also, there can be word-trickery here. It is possible things can be claimed to be "end-to-end encrypted" and yet still have ways for the mothership to decrypt anything at will (by having intentional secret holes/weaknesses, by storing your or another key, or a method they can pull the key from your device through their own control over the app, or by having master keys present at the start). I think that would be a misuse of the term "end-to-end encryption", yet term use/definitions mutate all the time. Anyway this can backfire spectacularly if discovered and lead to a lot of legal issues- if they had denied law enforcement/courts access in the past with the excuse that they can't decrypt it and then it is discovered they could.
I suspect that is what is going on; the traffic is end-to-end encrypted, but the session keys are also made available to Whatsapp, probably by being encrypted with Whatsapp's public key. So there is practically no security despite being "end-to-end" encrypted. It is Clipper for a new generation.
And another thing... (Score:5, Funny)
Meta, calls the claims "false and absurd."
Meta also says they routinely see false claims and speculation like this in lots of users' WhatsApp messages - and none are true. ;-)
Who ever believed in end-to-end encryption? (Score:2)
Re: (Score:2)
Read up on Signals Whisper protocol. There isn't a single private key that can decrypt all the traffic.
... Meta can get it and read all the messages. How else would they make money?
User connection graphs. They can see who talks to who, who has what contacts, frequency of messages, timing of messages, etc.. That's extremely valuable to a social network and its advertisers. They don't need to read the message content to derive value.
Re: (Score:2)
Right. You'd need the private keys from both parties. That's it.
No. That implies that each party would need both private keys, and that's not true.
Public Key Cryptography is used along with forward secrecy for the message keys - basically, each message has a new symmetric key. Your private key never leaves your device. If someone logs all the encrypted chat data and brute forces decryption on one message, they can't use the derived key to decrypt any other messages.
Feel free to read about it in detail:
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]
Meta will prevail - too many loopholes (Score:5, Insightful)
Re: (Score:3)
Exploiting such loopholes would still leave them open to claims of fraud. They've stated in no uncertain terms [whatsapp.com] that "with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them.".
It would be such a brazen lie that it makes me skeptical of the allegations of this lawsuit, even given my very low trust in Meta.
Re: (Score:1)
Once you open the message to read it, isn't it then sent directly to WhatsApp via a separate channel?
Or is the WhatsApp app still compiled with full debug schema, like the Slack for Windows client.
Re: (Score:3)
Once you open the message to read it, isn't it then sent directly to WhatsApp via a separate channel?
You can test this yourself. Put your phone on your wifi, and dump all network traffic on your router. Monitor traffic when whatsapp messages are sent and received.
Server-side, the additional cost/overhead to doing that would be quite substantial. *MAYBE* they added a backdoor in the app that they can signal on specific users to have the app then relay messages somewhere, but there's no way that's widespread and still undetected.
Re: (Score:2)
... only the recipient and you have the special key needed to unlock and read them. But we know where your key is kept and can easily get it should we feel like it.
Re: (Score:2)
They claim end-to-end using signal protocol and we know that's true because the traffic can be analyzed.
Re: (Score:2)
Yes they can ... however WA runs on the Signal backbone.
Would be kind of braindead, to pay the fees and then torpedo out the privacy.
Alas ... who knows?
Re: (Score:1)
Secure key distribution mechanism (Score:2)
When E2EE was first rolled out, a message appeared in each chat saying that communications were now secure. I always wondered how they managed to distribute the keys without Facebook ever gaining access to them. I long suspected that they might secretly keep a copy of the keys, perhaps obtained during the key distribution process itself. Now those suspicions are gone
Re: (Score:2)
You generate the keys on the device.
Obviously, you can make the app malicious, and just sent the key(s) to the mothership anyway.
However the principle is to generate the key pair on the device and sent the public one home and to communication partners.
It gets a bit more tricky, when you have multiple devices that need to have the same private key. But it is not complicated.
Re: (Score:2)
you can read how XMPP usage of the signal protocol deals with this: https://xmpp.org/extensions/xe... [xmpp.org]
also it keeps a local cache of attachments (Score:3)
Any supposedly secure attachment you send to your colleague will be openly stored on their phone in a place where they don't know what exists and will not likely be able to delete it
Built in backdoor exists separately (Score:1)
Whatsapp by default backs up unencrypted to Google/ Apple. So Google / Apple can share with the likes of law enforcement.
Beyond this, it would surprise me if certain spy agencies didn't have a mass surveillance backdoor. The only question is how widespread it is and how that data is being used. For the special cases, you could hack the whole phone / compute instead of just whatsapp.
Extraordinary Claims Require Extraordinary Proof (Score:2)
Whatsapp by default backs up unencrypted to Google/ Apple.
Extraordinary claims require extraordinary proof.
You got any of that proof?
Re: (Score:2)
That would be news to me too, but if Whatsapp did do this then Meta would need access to your Google/Apple drive, and that idea is right inside conspiracy nutspace.
Re: (Score:2)
That's not conspiracy nutcase stuff. It's literally a function of the app. It uses the Google account tied to your phone to perform a backup. This is a function of Google Drive on Android and Apple has an equivalent: providing 3rd party apps with access to cloud storage.
Just the other day I got a warning saying "WhatsApp Backups paused, please check free space on Google Drive". Turns out my photo software synced something it shouldn't have and my free couple of GB were up.
It's literally the recovery mechani
Re: (Score:3)
Extraordinary claims require extraordinary proof.
You got any of that proof?
That proof would come from any person who has ever in their history lost or factory reset their devices, and yet after installing WhatsApp on a brand new fresh device recovered all their old chats.
Even if it is encrypted backup the keys must be available to someone other than the original device in order to recover the backup.
The encryption by default happens to Google / Apple clouds. Google is clear about the fact that while the data is encrypted on site they do still hold your decryption keys.
Re: (Score:2)
Even if it is encrypted backup the keys must be available to someone other than the original device in order to recover the backup.
This seems accurate. It seems probably that the key is stored in the WhatsApp account somewhere and retrieved when the new device is authenticated. Backups aren't even required, as adding the desktop WhatsApp application will repopulate chats and pictures without any Google access.
Re: Extraordinary Claims Require Extraordinary Pro (Score:3)
Re: (Score:2)
Having been through this process many times it does NOT ask for this. Not for backup creation, not for recovery.
Re: Extraordinary Claims Require Extraordinary Pr (Score:2)
Splitting hairs (Score:2)
I've not bothered to read the actual lawsuit, but most likely Whatsapp really is fully end-to-end encrypted. So if the lawsuit is asserting what the summary says, it will fail.
However, if Meta really can read messages, then they have copies of all the private client-side keys stored on their own systems, thus they can decrypt any message they want (and potentially be hacked and expose all the keys as well).
In other words the communications are protected against any man-in-the-middle, except Meta that is.
Re: (Score:2)
Uploading private keys would not just be a mistake, it would be a purposeful act which would likely be criminal! It's like putting a camera in restrooms.
Re: (Score:3)
Except there's nothing criminal about it. There are literally countless services which operate this way where decryption keys are still held by the service in question. Think about it for a moment. If your private key was never uploaded anywhere then every time someone lost their phone or did a factory reset they would lose all their messages.
A backup either needs to be made somewhere off device in clear text (Google is clear they have the decryption keys to your Drive), or they store it encrypted and need
Re: (Score:2)
I thought the way around this was to store your private key, but encrypt it with your password... But you're right, that does sound like the only feasible way to do it... God, then they can decrypt anything. Worse than that, they can even encrypt anything you do and impersonate it :(.
Re: (Score:2)
As someone who goes through phones way too frequently because I'm a clumsy idiot, I can say with certainty you're not required to enter a password at any point to recover WhatsApp backups. At best they can encrypt it with your phone number, but given how that is trivially known it's not a good choice. They don't have access to your Google password so it's not like that can be used.
Re: (Score:2)
It is only criminal if they assured in a legally binding manner that they would not do it. There is no legal definition of "end-to-end" encryption, even if most experts will agree that it also means only the endpoints have the keys and the keys are carefully secured against anybody else.
End to End with a back door? (Score:2)
Re: (Score:2)
Even simpler: End-to-end with copies of the key stored on their servers. MS does this with BitLocker (unless you are careful). Obviously, no actual expert would call that "secure" end-to-end (or "secure" disk encryption), but most people are not experts in this area and lying by misdirection has no legal consequences. It is time to change that.
Undo modding (Score:2)
Posting to remove moderations
My theory (Score:2)
How is that even news? (Score:2)
Both this (Meta able to read Whatsapp messages) and the article before (PR China spying on UK leadership) fit very well with their respective usual behavior. Anyone who is surprised by that has been living under a very large rock for a looong time. What was missing so far is proof of the alledged misdeeds.
Get what you paid for. (Score:2)
May still be end-to-end (Score:2)
Just not "secure" end-to-end. There are quite a few possibilities where traffic is end-to-end encrypted, but they can still read it. One is storing copies of the keys on their servers (like MS does with Bitlocker if the users are not careful, but that is a different discussion).
The real problem we have here is lack of clear definitions and legal liability. Obviously, any competent security expert will only call things end-to-end encrypted where nobody but the endpoints have access to the encryption keys, di
Re: (Score:3, Insightful)
Define "end".
Re: (Score:2, Interesting)
Re: Couldn't happen to a nicer mob (Score:4, Informative)
Re: (Score:2)
Facebook acquired WhatsApp 2 years before (2014) WhatsApp added End to End encryption (2016).
Please stop spreading conspiracy nonsense that is easily disproven.
Re: (Score:2)
The "original" Whats App was not encrypted at all.
Did not even use SSL or similar.
Re: (Score:1)
I write medical billing software,EMR, and EHR. even in that industry encryption is a joke.
1. end to end TLS 1.2 check its end to end encrypted.
2. encrypted at rest some type of bult in disc encryption check.
With in that world i have in 40 years seen nothing encrypted any were. I work for fortune 10 companies that do not even hash passwords. If they encrypt credit cards good luck. The we only save the last 4 bullshit. the we only save the token no one saves the token they save the whole danm card and the pin
Re: Couldn't happen to a nicer mob (Score:2)
Re:Couldn't happen to a nicer mob (Score:5, Interesting)
No, encryption between any two (initially unknown) parties is a solved cryptographical problem (and when well implemented it would survive any sniffing or even active attacks). AUTHENTICATING the other party is the problem and of course you need in this workflow to trust Whatsapp on that, and nobody ever claimed or thought otherwise I bet. It goes without saying that it's on them to insure you are talking to the one who has that phone number - not great security but at least not a random attacker, you also trust it to be that app at the other end not Whatsapp themselves ...
Not TLS, but still flawed (Score:4)
When marketing say "end-to-end encryption" they usually mean that the apps use TLS to communicate with the backend servers,
That's not the case here. Supposedly (but hard to check as its closed source) WhatsApp uses the Signal protocol for end-2-end encryption which is as good as it gets. BUT the app is still leaking the chat in a zillion different ways.
E.g.: Meta-AI gets CC'd every message because once someone in that group used the "AI summary" functionnality which automatically adds Meta's cloudd as a party to this group.
E.g.: Out of the box, the App backs all its data to the cloud so you can recover your account even if your phone is lost.
Re: (Score:2)
I take it you can't visit Slashdot because it happens to be an encrypted communication? Of course you can, you're here aren't you. There's a difference between encrypting a message in flight between two parties, and verifying who the parties on either end are. You can easily get two random people to start communicating in an encrypted way without a 3rd party listening in to that conversation. What is not prevented is having a new conversation with that 3rd party.
Encryption != authentication.
Jokes aside: End-to-end (Score:5, Interesting)
Jokes aside:
- WhatsApp supposedly uses the Signal protocol(*), which is as good as is gets with regards to E2EE
BUT!...
- End to end is only as good as the said end-points. In addition to being closed source, the WhatsApp has multiple problems: an AI functionality that needs to send all your chats back to Meta's cloud unencrypted (as it's not relying on locally running models) so the AI can summarize and whatever else shit they are advertising; WhatsApp by default backs its data up onto the cloud, so if you lose your phone you can still recover instead of needing to start a new account from scratch.
So I presume it's a lawsuit where both parties are technically right:
- Meta is technically right in affirming that they use the current best standard for E2EE (they mostly are)
- The plaintiff are right that the clients (Android app, web app, etc.) are completely leaking data in a zillion different ways (what's the point in having the best E2EE if said End is going to blast that precious private information in all possible directions?!)
---
(*): Minus a couple of bits. WhatsApp doesn't use Signal's implementation (sealed sender) to hide the meta data of who is chatting with whom AFAIK they only encrypt the message body; the protocol can work without ever needing phone numbers, Signal client is getting there eventually, WhatsApp isn't touching that either.
Re: Jokes aside: End-to-end (Score:3)
End to end is only as trustworthy as the directory of the public keys. Whatsapp doesn't let you in person verify or notify you when they changed, so Meta can trivially easily MitM.
Verifcation (Score:4, Interesting)
Whatsapp doesn't let you in person verify
Tap a user to get their profile.
Tap "Encryption"
You have the option to scan a QR code or compare key fingerprints.
or notify you when they changed,
"Your security code with {nickname} change. Tap to learn more."
Meta can trivially eawsily MitM
Why MitM when they already have plenty of side channels (cloud-based AI; cloud-based backups; and its closed-source so they could probably just inject a backdoor in the next upgrade and nobody can notice, etc.)
Re: (Score:2)
Re: (Score:3)
You might want to look into how asymmetric public key encryption actually works.
Encryption isn't the problem, it's authentication.
Say Bob wants to talk to Alice through WhatsApp. They've never corresponded before. To encrypt a message to Alice, Bob needs Alice's public key. How does he get it? There are two options. Either he looks up Alice's public key on WhatsApp's server, or he sends a request to Alice through WhatsApp's server for her public key. In either case, he gets Alice's public key from WhatsApp.
Or, rather, he gets a key that WhatsApp tells him is Alice's public ke
Re: (Score:2)
Re: (Score:2)
I'm going to assume you didn't read the post to which I replied.
I certainly did. Pinky's Brain made an excellent point about how Meta can trivially MITM end to end encryption unless there's a way to authenticate the other person's public key. He was entirely correct, and you were incorrect to dismiss his comment, which was the point of my reply -- to educate you (and anyone else interested) on why he was right.
Re: (Score:2)
Re: (Score:3)
If they don't have my private key and the recipients private key then how exactly do you expect them to MITM it? If what you are saying was true then the entire banking industry would collapse. You do know that having the wrong public key doesn't allow you to decrypt the message, right? This is literally why PKI works.
You need to read my previous post, and understand it.
The reason MITM isn't a problem for online banking (and TLS in general) is certificate authorities. As I said, it's an authentication problem. For web servers (and other TLS uses) what you need to verify (authenticate!) is that the public key the server handed you belongs to the site your browser thinks it's talking to. To make that work, the public key comes in a certificate that (a) contains the domain name of the server and (b) is signed by a trus
Re: (Score:2)
Re: (Score:2)
I see where you are coming from on this, and I misspoke failing to consider that in the WhatsGarbage scenario Meta functions as their own CA. It's no excuse but I read Schneier's "Secrets and Lies" circa 2000 and was apparently misremembering. I could have sworn there was a way to do key negotiation without a CA.
There are lots of alternatives to using a CA... but what you must have is some way to authenticate the other party's public key. If you're encrypting to a public key you can't authenticate you know you're creating a message that only the entity with the private key can read, but you don't know who that is.
As for what you remember, it's been a long time since I read that book, but given the timeframe he may have have been thinking about identity-based PK, which seemed like a great solution for a while. Id
Re: (Score:2)
End to end is only as trustworthy as the directory of the public keys. Whatsapp doesn't let you in person verify or notify you when they changed, so Meta can trivially easily MitM.
This is true, but DrYak's point is that doesn't matter if the two ends are just uploading all of the data back to Meta after the safely-encrypted copy is received. They don't need to MITM the connection. If WhatsApp allows out-of-band fingerprint verification, MITM wouldn't even work.
Re: Jokes aside: End-to-end (Score:3)
Signal is never letting go of phonenumbers, it's why they glow in the dark.
The encryption is secure, but they do no traffic obfuscation and with a little traffic analysis and the phonenumber requirement it's trivial for NSA to build a social network with real names.
If you can't do traffic analysis near Signal's servers and don't have widerange access to mobile phone IP/number/name data, it's very secure ... the NSA can and for them Signal is a treasure trove of metadata (see the paper "I still know what you