The Core
Why We Are Here => Hardware & Technology => Topic started by: bill on April 05, 2016, 10:41:03 PM
-
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People (http://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/)
This means that if any group of people uses the latest version of WhatsApp—whether that group spans two people or ten—the service will encrypt all messages, phone calls, photos, and videos moving among them. And that’s true on any phone that runs the app, from iPhones to Android phones to Windows phones to old school Nokia flip phones. With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network. In other words, WhatsApp has no way of complying with a court order demanding access to the content of any message, phone call, photo, or video traveling through its service. Like Apple, WhatsApp is, in practice, stonewalling the federal government, but it’s doing so on a larger front—one that spans roughly a billion devices.
Most privacy buffs would stay clear of WhatsApp because of its connection to Facebook. However, even Edward Snowden likes Moxie Marlinspike's Signal app for secure communication. Moxie Marlinspike's involvement with WhatsApss's encryption efforts should lend some credence to it.
-
I think this was always coming sooner or later, but the fact that it came now... the FBI and NSA have only themselves to blame.
I've always been a privacy proponent, but it was never on my radar or a "cause" until things got so out of hand (and Snowden revealed how out of hand they had gotten). Before that, I probably cared a little about this
-
They've been working on this since 2013 when they began offering encrypted communications if both sides had it turned on for text messages only IIRC. Now it's on for everything, by default, for all users. When your average userbase doesn't have to think about changing a setting, or to figure out how to exchange keys, then this is a pretty big development given their sheer size. I'm going to have to give it another look as I have a hard time getting people to install Signal as it is.
-
What would you use it for, Bill? I'm totally unfamiliar with WA.
-
I just installed it today to take a look. I have a ton of contacts already on there. It's hard to get these people to switch over to a more secure app like Signal or Threema just for chatting. In that case WhatsApp would be good enough.
I also use a no-contract SIM for my phone. It has a decent data plan, but phone calls and SMS are really expensive. Therefore I use apps to call when I can (or send SMS). You can make encrypted phone calls with WhatsApp that are charged to your data plan.
-
>>I just installed it today
>>I'm totally unfamiliar with WA.
Proof that we're an older demographic. I just listened to a friend rant that she was forced to install it by her extended family because they refuse to use the phone or regular texting anymore and they were made at her because she wasn't staying in touch.
Yes, you read that right. They abandoned standard phone and text, not to mention email, Skype, Hangouts and FB Messenger and all but my friend herself switched entirely to What's App for communication, and then got mad at her because she won't keep in touch.
-
Proof that we're an older demographic.
Although I resemble that remark, that's not my excuse for just installing WhatsApp.
I've known about WhatsApp for years. It's probably the most popular app in Asia (though not in Japan where LINE kicks its a##). In its early days I didn't get it because it was initially a paid app. There were better free alternatives in my mind, and their security was laughable. It was a real afterthought for them. Until August 2012 they didn't even encrypt messages sent. Everything was in the clear. In 2013 there was a big flap about flaws in the ways they did encrypt messages. They were using the same key to encrypt every message in a conversation, so if the key was compromised so was everything you talked about. That also made it easier for the snoops to capture any part of a conversation and then work on decrypting it. Then there were problems with their payment systems. They were also hit with a contact list infecting worm. Also, there were ways your contacts could stalk you using 3rd party apps. The list goes on. The final straw was the Facebook acquisition. I was not interested in putting my communications in Facebook's hands. In summary, they weren't looking like thy type of app I wanted on my device.
So, what's different now? Well, after the Facebook acquisition WhatsApp has been left pretty much to its own devices. This plan to implement the Open Whisper Systems Signal protocol was in place before they were acquired, and was not stopped. That was very encouraging. Then the heavy involvement of Moxie Marlinspike to implement what is now known as the Signal protocol is the biggest sign that they're finally taking security and privacy seriously. This is an open source platform that we're likely to see implemented in other messaging apps after this.
I'm still not gung-ho about promoting WhatsApp for regular use. They still collect meta data about who you contact and although your communications are secure they can still tell who your're talking with and when. Being a part of Facebook I don't doubt they'd turn that information over in a heartbeat. However, for some fringe contacts whom I rarely get in touch with that's good enough.
-
I knew of it and its popularity but thought of it an a glorified MMS. I text a fair amount, but it's just craigslist, family contacts, or Travoli. I guess if Trav wants to encrypt or meeting for dinner plans, I could load the app, hhh.
-
Proof that we're an older demographic.
Although I resemble that remark,
I know that Bill. But don't take it personally. I think I have a couple of years on you and though I have also heard all sorts of things about WhatsApp, I have not and do not plan to install it. I'm moving the other way in terms of that sort of thing!
-
However, a closer look at the terms and conditions reveals that WhatsApp is not encrypting everything. Buried in the fine print is this line: “WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.”
What WhatsApp is not encrypting
http://www.livemint.com/Consumer/Xs9trQc9cfPjE3Q6NhAJYJ/What-WhatsApp-is-not-encrypting.html
-
Proof that we're an older demographic.
Although I resemble that remark,
I know that Bill. But don't take it personally.
Should have included a ;) there...
I knew of it and its popularity but thought of it an a glorified MMS. I text a fair amount, but it's just craigslist, family contacts, or Travoli. I guess if Trav wants to encrypt or meeting for dinner plans, I could load the app, hhh.
I'm not recommending the use of WhatsApp in general. There are better apps that are more secure. It's just that WhatsApp is now a bit more secure that I even bothered looking at it. This is possibly the biggest encrypted messaging app on the planet now. That's why I needed to take a look.
Use Signal instead if you need an app that communicates like this and you don't care whether the rest of the planet is using the same app.
Facebook is collecting all of that WhatsApp meta data, and that's a concern.
-
> WhatsApp
I have a man at my bank in Singapore, we do everything over whatsapp, took a bit of getting used to!
Happy about the encryption.
-
Should have included a ;) there...
I saw it whether there or not and intended mine to have the same.
>>What WhatsApp is not encrypting
I try to stick to the old rules when it comes to sensitive issues, whether a negative opinion about a neighbor or something weightier that you prefer not to share with the world at large
1. The maximum number of people who can keep a secret is two, and that depends on one of the parties being dead.
2. Prefer face-to-face to phone
3. Prefer phone to writing
4. Prefer ephemeral to recorded
5. Prefer encrypted to clear
Encryption is the least of it, but the best thing there is if it has to be in writing and at a distance.
-
If you want enforced ephemeral messaging there's a mobile app called Wickr where you can set individual messages to self destruct after a certain amount of time. It can be a bit difficult to get used to but it can be good for communication that you know to be sensitive. Of course you can't stop someone from taking a picture of the screen with another device, but it can be somewhat reassuring to know that the data will be wiped from all recipients devices after a set time.
-
I don't get it.
Brought my eldest a pay as you go phone.
It has no credit and isn't connected to wifi but WhatsApp is working.
How can this be!? Anyone?
-
The phone must have a data plan of some sort. The only other thing I could think of is that it's using WhatsApp over SMS. The Signal app does that.
-
I thought that it might have had some free credit on it but it doesn't.
I've tried sending an SMS but it doesn't deliver, nor can I make phone calls on it.
Well weird this, talk about getting a free ride.
BTW it's on Tescos Mobile if anyone is interested
-
Can they send photos via WhatsApp? If so there must be a data plan of some sort.
-
[My daughter is the head of the math department at a private school and I sometimes communicate with her classes via emailed "posts" to her electronic chalkboard (Smartboard). Just sent this.]
title it "My dad says 'You just got pwned!'"
http://www.theregister.co.uk/2016/08/25/whatsapp_hands_your_phone_number_facebook/
-
Oh well. That as an interesting experiment. Time to delete this one. I think FB already had my number anyway...no need to let their advertisers try to call me.
First I'm going to make sure I opt-out of their little scheme:
https://www.whatsapp.com/faq/general/26000016
-
Odd Chuck, not sure how that works. It sounds like it is somehow just sending regular text messages, but via the WhatsApp network some how.
BTW, WhatsApp just announced yesterday that it is going to share phone numbers with the mothership Facebook.
-
> How can this be?
Chunk, does it have a SIM in and if so, with what network?
I ask as some in the UK allow basic services like that, FB Messenger etc through for free.
-
Yea, it has a sim which came with the phone, and is on Tesco Mobile which is on the o2 network
-
Here comes the FTC complaint
https://threatpost.com/privacy-groups-file-ftc-complaint-over-whatsapp-data-sharing-with-facebook/120218/
“WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties–promises that exceed the protections currently promised to Facebook users,” Rich wrote. “We want to make clear that, regardless of the acquisition, WhatsApp must continue to honor these promises to consumers.”
-
As per WhatsApp faq end to end encryption is apply on every chats.
"When end-to-end encrypted, your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands."
So it is more beneficial. :)