
Open Whisper Systems partners with WhatsApp to provide end-to-end encryption - charlieok
https://whispersystems.org/blog/whatsapp/
======
eyeareque
I trust Moxie more than governments or companies, so this really makes me
happy. If you've read things on his website
([http://www.thoughtcrime.org](http://www.thoughtcrime.org)) you'll know how
important remaining secure from the government is to him. This is a huge step
in the right direction. I'd also like to congratulate WhatsApp on their
decision, I have a lot more respect for them now.

Congrats Moxie and team. You guys are doing a great thing for humanity.

~~~
rsync
All of that work is irrelevant unless we have an open baseband and an open SIM
card.

Without that, your carrier _owns you_ at a bit by bit level in the memory of
"your" computer.

~~~
pjc50
Have carrier attacks from the baseband been seen in the wild?

By comparison, application-based encryption of messages addresses a bunch of
real threats. The NSA is not the only threat; malicious wifi operators, for
example.

~~~
dmix
> malicious wifi operators

Malicious GSM operators as well.

"Fake cell towers" are rampant across America and operate without warrants.
Thats why the police are trying to hard [0] to protect their existence. There
is a new project today announced to track all the IMSI catchers around
America:
[https://www.indiegogo.com/p/1016404](https://www.indiegogo.com/p/1016404)

These tend to be used to track locations of people but they can also be used
to intercept SMS and mobile internet traffic.

[0] [http://www.baltimoresun.com/news/maryland/baltimore-
city/bs-...](http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-
ci-stingray-officer-contempt-20141117-story.html)

~~~
tedunangst
What do fake cell towers have to do with baseband firmware?

~~~
tptacek
They're vectors for layer-2 attacks. The (valid) implication is that you don't
have to assume Verizon is colluding with NSA to be concerned about attacks on
the baseband.

~~~
tedunangst
Good point. But at the same time, a secure, bug free baseband won't save you
from a fake cell tower that's intercepting and recording your text messages.

~~~
tptacek
No, but it would save you from layer-2 attacks that corrupt memory and can
thus read _encrypted_ text messages.

------
higherpurpose
Not only is this huge by itself (600 million users with E2E encrypted messages
by default), but I'm _hoping_ this will put a big pressure on Google,
Microsoft and others to adopt TextSecure's protocol (or something very
similar), too.

This is how you deliver strong security to the masses. Not by convincing all
your friends to adopt some weird and obscure chat app with the only benefit
that it's "more secure" (most won't care), but by getting large service
providers to adopt it and push it to hundreds of million of users without them
even noticing.

Oh, and I assume that if Whatsapp adopted it, Facebook Chat isn't too far
behind...right?

~~~
alexjarvis
Highly unlikely seeing as Facebook uses the content of your messages to market
ads to you, build up a profile of you, identify you and identify trends
(links, keywords).

The fact that Facebook owns WhatsApp makes this announcement a big surprise as
I think they profit far more with unencrypted messages (although WhatsApp was
just delivering, not storing them supposedly).

~~~
mike_hearn
I have never seen an ad on Facebook that was obviously targeted based on my
chats, in fact, targeting ads based on my chats would be a pointless, money-
losing approach for them as I never talk about commercially relevant things
with my friends.

The ads I see on Facebook currently are for SSL certificates (guess what I
bought recently), BGP routing optimisation products (not sure why), and
TransferWise (I used them once). In short, lots of remarketing and something
presumably targeted at one of the news sources I get in my feed e.g. slashdot.

These are all pretty nerdy yet also pretty reasonable ads. Ads targeted based
on my chats would mostly revolve around .... well, not sure. At best, nights
out or local cinemas. I doubt there's much profit in that.

~~~
alexjarvis
It's possible to build a more complete picture of someone's interests based on
what they share privately via Facebook chat.

It's also public knowledge that they've been parsing messages for links to
then 'like' the appropriate pages inside Facebook.

Rather than debate about how much profit there could be in it, which is
entirely down to what the user talks about, I think it is important to realise
the potential here even if it not fully realised at this point it time.

Also remember that they are keeping chat history indefinitely in HBase
clusters (because they are 'sentimental') so as your habits and interests
change over time this will become invaluable data to marketers who want to
understand consumer behaviour.

I think it's great that WhatsApp are implementing end-to-end encryption but
their now immediate connection with Facebook doesn't sit well with me. Perhaps
I'm an idiot, but it doesn't take long to realise that there are perhaps
competing interests at play here.

------
dmix
Since this doesn't seem to be ready to be fully announced yet, I checked last
week and Open WhisperSystems is still looking for iOS developers to help.
Moxie mentioned on twitter that security and crypto experience is not
required, but they are looking for f/t devs not just p/t help.

Also they have a browser extension that could use some help from front-end
devs:

[https://github.com/WhisperSystems/TextSecure-
Browser](https://github.com/WhisperSystems/TextSecure-Browser)

It is still pretty early but the project has Bithub as well. From my
understanding, this is their planned desktop version.

------
morsch
The Verge had an article about this, whatever "this" is:
[http://www.theverge.com/2014/11/18/7239221/whatsapp-rolls-
ou...](http://www.theverge.com/2014/11/18/7239221/whatsapp-rolls-out-end-to-
end-encryption-with-textsecure)

But that's also 404 now, here's a cached copy:
[http://webcache.googleusercontent.com/search?q=cache:NAz9uOi...](http://webcache.googleusercontent.com/search?q=cache:NAz9uOinm9QJ:www.theverge.com/2014/11/18/7239221/whatsapp-
rolls-out-end-to-end-encryption-with-textsecure)

And here's a copy of the article text:
[http://pastebin.com/Y5CUPqDJ](http://pastebin.com/Y5CUPqDJ)

They talked to Moxie about it, so it doesn't look like a hoax. More like it
wasn't supposed be announced yet.

It goes without saying that this would be a _big deal_. And it would explain a
lot of the slow movement w.r.t. an iOS client. Although The Verge wasn't sure
if and when the encryption would be available on iOS. And WhatsApp is closed
source software, something that's unlikely to change, which really isn't what
we want from a secure messenger. So I might keep Text Secure installed for the
time being.

But still. OTR (and the enhanced/modified version of it TextSecure is using)
is probably the easiest to use way to communicate in a reasonably secure
fashion, and it'd would be fantastic to see it used by hundreds of millions of
users all of a sudden -- even if it's sitting on top of insecure mobile
operating systems and untrusted-yet-privileged hardware.

~~~
barnaby
>> But still. OTR (and the enhanced/modified version of it TextSecure is
using) is probably the easiest to use way to communicate in a reasonably
secure fashion, and it'd would be fantastic to see it used by hundreds of
millions of users all of a sudden -- even if it's sitting on top of insecure
mobile operating systems and untrusted-yet-privileged hardware.

Have you had issues getting OTR to connect sometimes? Myself and about 5
friends have been using OTR with ChatSecure on the phone and pidgin on the
desktop. Sometimes the OTR connection just doesn't engage, and we suspect it's
because there are multiple instances of the chat client signed in and it like
"crosses the streams" or something. CryptoCat has similar issues. Is there a
perscribed way of using OTR that won't give us these problems?

TextSecure hasn't given us any problems yet ... though, we never see the
encrypted text messages in our SMS, even when we use textsecure over google
voice. Does TextSecure just bypass actual SMS channels?

~~~
handsomeransoms
That's a common problem when using OTR with the same account in a multi-device
environment. It is fixed by the introduction of instance tags in libotr 4.x
[0]. You should check the versions of libotr used by all your clients - if
they are all libotr 4.0+, you shouldn't have these problems.

[0] [https://otr.cypherpunks.ca/UPGRADING-
libotr-4.1.0.txt](https://otr.cypherpunks.ca/UPGRADING-libotr-4.1.0.txt)

A simple workaround is to use a different account for each device (e.g.
me@jabber.com, me+mobile@jabber.com).

TextSecure's developers recognize that a good multi-device experience is
essential to provide a comparable experience to other messaging apps. Their
approach is different from OTR's, and is described here [0].

[0] [https://moderncrypto.org/mail-
archive/messaging/2014/001022....](https://moderncrypto.org/mail-
archive/messaging/2014/001022.html)

------
furyg3
"[...] and our roadmap for our own products remains unchanged."

What is that roadmap? TextSecure for iOS is stalled...

Awesome for Moxie and team, his is huge news. But the world still needs a
cross platform, open source, end-to-end encrypted platform... It's just too
important to trust Facebook with.

~~~
TillE
Text messaging for Signal is not "stalled", just still in development.

[https://github.com/WhisperSystems/Signal-
iOS/commits/textSec...](https://github.com/WhisperSystems/Signal-
iOS/commits/textSecure)

~~~
justcommenting
it might be fair to say that it's taken longer to release than the devs
anticipated or hoped. but the good news is that anyone here can contribute to
the code and help to change that!

------
lgierth
Incidentally, the WhatsApp cofounder donated $1M to the FreeBSD foundation
today.

The other link posted, theverge.com, is 404 as well, btw.

------
orblivion
I don't suppose they will open source the WhatsApp client as part of this.
Assuming so, that sounds like a compromise for Open Whisper Systems.

------
justfane
But wait... Didn't Facebook Inc; Buy whats app for 19 billion? So does this
mean Whisper Systems is working with 'facebook' on this...? Maybe i'm wrong...

~~~
frabcus
Yep. And Facebook have done other privacy-aware things recently - such as
setting up a Tor hidden node:
[http://arstechnica.com/security/2014/10/facebook-offers-
hidd...](http://arstechnica.com/security/2014/10/facebook-offers-hidden-
service-to-tor-users/)

~~~
justfane
TOR can be compromised easily however... Edit) So they say...

------
MatthiasP
If this is true and has no strings (backdoors) attached this is huge. This
means end-to-end encryption for messages from more than half a billion people
and an incredible privacy win compared to SMS usage. Brought to you by
facebook.

~~~
AlyssaRowan
I do not think there are likely to be backdoors: Moxie just wouldn't allow it
without walking away and saying something loudly. He is _not_ on the NSA's
Christmas list. :)

~~~
nly
Trusting one person simply because they're cool, with the privacy of 600M
users, is pretty foolish. Even if everything you say is true, and Moxie signs
off on the implementation, nothing prevents men in black suits turning up the
day he leaves and suggesting they introduce a subtle bug.

~~~
balladeer
Agreed. This fanboy kinda trust and reliance can be very damaging.

------
13
Why do all of these services insist on you giving them your mobile number?
Even Telegram, which claims to be the all giving god of encryption and
privacy, insists on having it no matter what. It's a massive barrier to entry
which I'm not willing to cross, and I'm sure other people aren't either.

~~~
BuildTheRobots
Whatsapp requires a telephone number as it uses that for your ID. Same with
RedPhone. TextSecure (android) can certainly be used without registering -you
just miss out on the push-via-data service.

~~~
13
> Whatsapp requires a telephone number as it uses that for your ID.

I understand that. I'm questioning why they've set such an arbitrary
restriction in the first place.

~~~
mike_hearn
It's not arbitrary. It simplifies things for users a lot. No usernames or
passwords to remember. Many telcos link your phone number to your identity
which you cannot really lose, so therefore also no chance of losing your
WhatsApp account. Also, more importantly, solves the contact discovery/social
network problem by letting you reuse the phones address book.

~~~
13
You'll find that many people are very reluctant to give up that sort of
information about themselves though, whether it be for privacy or because they
don't like being incessantly spammed. I understand it existing as an option,
maybe even a default, but to make it to the only method of authentication
seems insane. Sure, many users will deem that the benefit of using the
application overwhelms any negative implications, but it would be nicer if
they weren't forced to make that tradeoff in the first place.

I'm not against the option existing, I'm against it being the only option.

~~~
mike_hearn
>You'll find that many people are very reluctant to give up that sort of
information about themselves though

Erm. I suspect you don't realise that WhatsApp has over half a billion users.
It's as large as the major webmail services and nearly as large as Facebook
itself. Society has reached consensus on this issue very fast - phone numbers
as your identity work well, and any app that wants to be accepted by the
market has to work this way exclusively.

~~~
13
> Erm. I suspect you don't realise that WhatsApp has over half a billion
> users.

I'm well aware.

Just because something has given up this information doesn't mean they approve
of being asked, just that they evaluated that the positives outweigh the
negatives. If I put out snail pellets to save my lettuces it doesn't mean I
enjoy the death of any animal, it just means that I value the outcome of
healthy lettuces more than living mollusks.

> any app that wants to be accepted by the market has to work this way
> exclusively

I see nothing that suggests this, outside of a successful app despite it.
Maybe they'd have more users if they didn't have such an asinine policy. We
don't (and probably can't) know for sure.

------
g8oz
Great news, WhatsApp needs all the help it can get on security matters.

[https://www.eff.org/secure-messaging-scorecard](https://www.eff.org/secure-
messaging-scorecard)

------
derwiki
I recently tried WhatsApp alternatives that provided end-to-end encryption on
Android (I use TextSecure, but only 1% of my contacts do). Wickr was the best,
but a little too paranoid for daily use. WhatsApp has a better UI and sends
messages faster. I would _love_ to trust that their end-to-end encryption is
legit, and WhisperSystems being involved helps, but.. seems I'm still
skeptical.

~~~
nicpottier
What about Telegram? I've been fairly pleased with it and its interface is a
shameless rip off of WhatsApp. (which isn't a bad thing mind you)

~~~
happyhappy
Telegram should be considered insecure. See this post for a nice summary:
[http://security.stackexchange.com/a/49802](http://security.stackexchange.com/a/49802)

~~~
nicpottier
That seems more like an ad-hominem than anything.

Their secret chats specifically seem like they would be entirely secure.

~~~
edraferi
Steve Gibson did a pretty detailed analysis of Telegram on Security Now #444,
recorded 25 Feb 2014. He concluded that Telegram's security was inadequate and
recommended Threema as an alternative.

[http://twit.tv/show/security-now/444](http://twit.tv/show/security-now/444)

[https://threema.ch/en](https://threema.ch/en)

~~~
nicpottier
Thanks for the link to the security-now show, good stuff and does a good job
of explaining the reservations in the crypto community around Telegram. I'm
now looking at other options.

I do like that Telegram launched with an API, but ya, it sounds like security
isn't something that can be trusted. Thanks for the informative link.

------
Spearchucker
I need convincing. Facebook can't monetize end-to-end encryption, and WhatsApp
doesn't ask before uploading my contacts. Encryption from the client to the
server is a start, but there's not enough here to make me use it.

~~~
SideburnsOfDoom
> I need convincing. Facebook can't monetize end-to-end encryption,

Completely right. Facebook paid $19Bn for whatsapp. How is _not being able to
keyword-search messages_ going to help them cover some of that cost? It sounds
great but doesn't add up.

~~~
dserodio
In this case, the metadata (who is talking to who, and when) may be more
valuable than the messages' contents.

------
gonetone
can't find any official statement from WhatsApp anywhere. Most of the sources
just cite Marlinspike.

~~~
andor
Yes, it sounds too good to be true. Like the Yes Men's "New York Times Special
Edition".

------
patcon
This is so unbelievably awesome.

------
unicornporn
So, does this mean that users of the Android TextSecure app (and perhaps even
Signal for iOS) will be able to communicate with WhatsApp users?

~~~
nobodyshere
Unlikely. Yet they will share the same level of secrecy and encryption for
their communications now.

~~~
avn2109
>> "...same level of secrecy..."

Well, no. As pointed out elsewhere in this thread, if Whisper Systems doesn't
own the whole app, then the Whatsapp code might include code (that they
"forget" to show Moxie) that phones home to the Zuckerberg mansion/windowless
black buildings in Virgina.

------
robmccoll
So how does the initial key exchange work here?

~~~
andyjohnson0
TextSecure uses the OTR protocol [1,2], which itself uses Diffie-Hellman key
exchange [3] to allow the communicating devices to agree on a shared key
without the key being transmitted over the channel [4].

OTR actually uses "ephemeral" Diffie-Hellman [5], where a new shared key is
generated for each session. This provides forward security by guaranteeing
that a key compromise in the future won't render past messages decryptable.

[1]
[http://en.wikipedia.org/wiki/TextSecure](http://en.wikipedia.org/wiki/TextSecure)

[2] [http://en.wikipedia.org/wiki/Off-the-
Record_Messaging](http://en.wikipedia.org/wiki/Off-the-Record_Messaging)

[3]
[http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exch...](http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)

[4]
[http://security.stackexchange.com/a/45971](http://security.stackexchange.com/a/45971)

[5] [https://whispersystems.org/blog/advanced-
ratcheting/](https://whispersystems.org/blog/advanced-ratcheting/)

~~~
rakoo
TextSecure doesn't use OTR, it uses a construction based on the Axolotl
ratchet as described here:

[https://github.com/trevp/axolotl/wiki](https://github.com/trevp/axolotl/wiki)

It's much much better than OTR in that:

\- Asynchronicity is on by default (you don't need both parties to be up and
running at the same time to start a convo)

\- You don't need to wait for your recipient to answer before you can write
something (ie you can send multiple messages one after another, directly)

\- Because you can do both of the above, you can easily do multiparty,
something OTR struggles with.

For more details:

[https://whispersystems.org/blog/asynchronous-
security/](https://whispersystems.org/blog/asynchronous-security/)

[https://whispersystems.org/blog/private-
groups/](https://whispersystems.org/blog/private-groups/)

~~~
andyjohnson0
You're right and I was wrong. The TextSecure protocol was originally based on
OTR, but I hadn't appreciated the degree of divergence from it required by
their introduction of asynchronous ephemeral key negotiation.

So, thanks! I learned about some cool stuff.

------
otoburb
The submitted link
([https://whispersystems.org/blog/whatsapp/](https://whispersystems.org/blog/whatsapp/))
is 404. Also, at this time, the Whisper Systems blog doesn't actually show a
blog entry referencing WhatsApp.

~~~
charlieok
huh, it worked for me just a minute ago. Wonder if they just took it down?
(edit: looks like it's back up now)

Here's the text of the page I got:

At Open Whisper Systems, our goal is to make private communication simple. For
the past three years, we’ve been developing a modern, open source, strong
encryption protocol [1] for asynchronous messaging systems, designed to make
seamless end-to-end encrypted messaging possible.

Today we’re excited to publicly announce a partnership with WhatsApp, the most
popular messaging app in the world, to incorporate the TextSecure protocol
into their clients and provide end-to-end encryption for their users by
default.

Your messages may already be encrypted

The most recent WhatsApp Android client release includes support for the
TextSecure encryption protocol, and billions of encrypted messages are being
exchanged daily. The WhatsApp Android client does not yet support encrypted
messaging for group chat or media messages, but we’ll be rolling out support
for those next, in addition to support for more client platforms. We’ll also
be surfacing options for key verification in clients as the protocol
integrations are completed.

WhatsApp runs on an incredible number of mobile platforms, so full deployment
will be an incremental process as we add TextSecure protocol support into each
WhatsApp client platform. We have a ways to go until all mobile platforms are
fully supported, but we are moving quickly towards a world where all WhatsApp
users will get end-to-end encryption by default. This is still the beginning

We’re continuing to develop the TextSecure app [2], and our roadmap for our
own products remains unchanged. We’ve been working with WhatsApp for the past
half year, and have learned a lot through the process of deploying the
TextSecure protocol at the scale of hundreds of millions of users. We’re
excited to incorporate what we’ve learned from this integration into our
future design decisions, and to bring this experience to bear on integrations
that we do with other companies and products in the future.

We believe that by continuing to advance the state of the art for frictionless
private communication with open source software, open protocols, and simple
libraries, we’ll have additional opportunities to support mass adoption of
end-to-end encryption.

WhatsApp deserves enormous praise for devoting considerable time and effort to
this project. Even though we’re still at the beginning of the rollout, we
believe this already represents the largest deployment of end-to-end encrypted
communication in history. Brian Acton and the WhatsApp engineering team has
been amazing to work with. Their devotion to the project as well as their
thoroughness in getting this done are inspiring in a world where so many other
companies are focused on surveillance instead of privacy.

Get involved!

If you’d like to participate in Open Whisper Systems, there are still a few
more days to apply to Winter Of Code [3], our retreat in Hawaii this January.
Or check out our Android [4], iOS [5], and browser [6] clients on GitHub to
join in on development.

If you’d like to donate to Open Whisper Systems, we accept Bitcoin donations
[7] that are automatically paid out to each merged PR via BitHub [8]. You can
also make tax-deductible donations by credit card through the Freedom Of The
Press Foundation here [9].

Links:

    
    
      [1] https://whispersystems.org/blog/advanced-ratcheting/
      [2] https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
      [3] https://whispersystems.org/blog/winter-of-code/
      [4] https://github.com/whispersystems/textsecure
      [5] https://github.com/whispersystems/signal-ios
      [6] https://github.com/WhisperSystems/TextSecure-Browser/
      [7] http://bithub.whispersystems.org/
      [8] https://whispersystems.org/blog/bithub/
      [9] https://freedom.press/bundle/encryption-tools-journalists

------
therealmarv
Also the article from The Verge went offline
[http://www.theverge.com/2014/11/18/7239221/whatsapp-rolls-
ou...](http://www.theverge.com/2014/11/18/7239221/whatsapp-rolls-out-end-to-
end-encryption-with-textsecure)

------
Tepix
This is a huge improvement and I'm very glad that WhatsApp is going this
route.

However, from my point of view, TextSecure isn't there yet. The ideal solution
should be decentralized, like XMPP. That makes gathering meta data so much
harder.

------
thewarrior
This is going to backfire big time on WhatsApp and get them banned from many
countries like India , Saudi Arabia etc.

------
estefan
...and once this is rolled out, they'll add auto-deleting messages, et voila!
Snapchat destroyed over night!

------
nodata
First a million bucks to FreeBSD, now this? Keep it coming WhatsApp!

------
secfirstmd
Amazing news!

