
WhatsApp Just Switched on Encryption for a Billion People - uptown
http://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/
======
dang
[https://news.ycombinator.com/item?id=11431108](https://news.ycombinator.com/item?id=11431108)

------
visarga
> The encryption genie is out of the bottle

> There was a middle period where the government had a broad ability to
> surveil, but if you look at human history in total, people evolved and
> civilizations evolved with private conversations and private speech. If
> anything, we’re bringing that back to individuals.

I think on the contrary, the surveillance demon is out of the bottle. It's too
hard to hide metadata such as ip addresses in communications; in many places
Tor is blocked, browsers can be fingerprinted, typing style and writing style
can be identified by statistical methods; we depend on auto-updated operating
systems that might be backdoored in the future or are already backdoored and
even if we have an "untraceable" system, we can't possibly use our old
accounts were we logged in with our real name, or using our real IP address in
the past. So, anonymous web use is not as social as plain web use. Besides, we
already leak too much data through our GSM phones, at least to the carrier and
the state agencies that log the user data.

~~~
mtrimpe
There is no reason why we can't create an entire new computing paradigm that
_does_ respect our historic conventions around privacy though.

I gave a talk about such conversational languages [1] at ClojureD last month
if you're interested...

[1] [https://www.youtube.com/watch?v=CD-
Dtr9j0f4](https://www.youtube.com/watch?v=CD-Dtr9j0f4)

------
aorth
So now WhatsApp is finally on par with iMessage and Signal, and shares the
same weakness: public key distribution. Key distribution is controlled by a
centralized server that could, for malicious or other reasons, send you new
fake keys for people you communicate with. For iMessage, this is explained in
this 2015 post by Matthew Green:

[http://blog.cryptographyengineering.com/2015/09/lets-talk-
ab...](http://blog.cryptographyengineering.com/2015/09/lets-talk-about-
imessage-again.html)

At least with Signal you can compile your own client (though that doesn't help
if the server is going to send you fake public keys!).

~~~
TillE
If you go to Settings -> Account -> Security, you can enable the option that
will notify you in case the key changes.

You do have to trust the client and opt in, but the feature exists.

~~~
aorth
You're right. So when you get a notification of a key change (for malicious or
other reasons) it is up to you to verify that the user did indeed have a key
change — preferably out of band, or at least over another medium.

------
neerdowell
Whisper System's announcement of this:
[https://whispersystems.org/blog/whatsapp-
complete/](https://whispersystems.org/blog/whatsapp-complete/)

~~~
distances
> This includes chats, group chats, attachments, voice notes, and voice calls
> across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and
> BB10.

Wow. I'm genuinely impressed. The Nokia app store closed over two years ago,
and they still implemented this for those old, trusty devices. That's some
dedication for serving the users!

------
wcummings
>And that’s true on any phone that runs the app, from iPhones to Android
phones to Windows phones to _old school Nokia flip phones._

Woo! Props to the WhatsApp team for supporting these features for dumbphone
users like me.

Does anyone know if/how/where you can verify a users fingerprint?

~~~
M4v3R
At least on smartphones yes, you can (by tapping on persons name during chat,
and then selecting "Encryption").

~~~
wcummings
I meant on S40.

~~~
wcummings
Hazzah, you can! Shame they're only supporting s40 through the end of '16 :(

------
jonny_eh
> WhatsApp has no way of complying with a court order demanding access to the
> content of any message, phone call, photo, or video traveling through its
> service

Unless the NSA/FBI/CIA secretly orders WhatApp to release compromised app
update with a backdoor.

~~~
SteveNuts
It's only a matter of time

------
raulk
The article says: "With end-to-end encryption in place, not even WhatsApp’s
employees can read the data that’s sent across its network."

But according to the diagram: [http://www.wired.com/wp-
content/uploads/2016/04/Whatsapp_Enc...](http://www.wired.com/wp-
content/uploads/2016/04/Whatsapp_Encryption_Proxima-1024x600.jpg)

... A's message is encrypted with Whatsapp's public key, which means that
Whatsapp's private key can (and has to) decrypt it on the server side to
encrypt it in turn with B's public key.

If the diagram is truthful, the claims the article makes are incorrect.

~~~
dogma1138
Why are people downvoting this? While the "public key" is not "WhatsApp's" it
is served from their server hence in theory they can provide you with any
public key they want, decrypt the message, store it, and re-encrypt it with
the "correct" private key and send it off to the user.

With PKI the ability of the user to verify that they received and used the
correct public key is critical and while I have to admit that I haven't read
that much about WhatsApp's E2EE setup I haven't seen anything that shows how
this issue can be mitigated in a way that would be useful for most users.

~~~
M4v3R
That's true, but they provide means to verify the fingerprint of the other
party, so you can verify that your app is encrypting messages using legitimate
public key and that there's no MITM going on.

~~~
dogma1138
Yeah but again there are quite a few questions here (not an WA user).

How foolproof is the verification system, how susceptible is it to downgrade
attacks (while E2EE isn't not universally deployed) is there are 3d party
verification of signatures, is there a community trust signing, can whats app
disable E2EE in it's application without a noticeable UX change to either
party, how does this work with multi user messages, how does this work with
multiple devices, how does this work with historic messages that were
encrypted using different keys etc.

I would say that there are sufficient "unknowns" at this point to take the
security of this entire solution with some skepticism especially if you
remotely planning to use this for anything that could put your life at any
risk.

~~~
SAI_Peregrinus
Downgrade attacks should be difficult. As the article mentions once a client
has communicated with another once using encryption all future communications
to that client will be encrypted. So a downgrade attack would require either
spoofing a new client for a user (eg a phone they didn't have before) which is
likely noticeable.

The whitepaper ([https://www.whatsapp.com/security/WhatsApp-Security-
Whitepap...](https://www.whatsapp.com/security/WhatsApp-Security-
Whitepaper.pdf)) goes into more detail.

That said, they could push out an update that changes the UI to disable E2EE
without notifying the user, and that would be difficult to notice since the
app is closed source. For this reason Signal is more secure, despite using the
exact same protocol.

------
ibejoeb
My understanding of this situation is that, previously, E2E encryption was
enabled between Android clients[1]. Now, it is claimed that all clients, for
all media types, do it.

1\. [http://www.wired.com/2014/11/whatsapp-encrypted-
messaging/](http://www.wired.com/2014/11/whatsapp-encrypted-messaging/)

------
subliminalpanda
My question is, how can this be verified?

~~~
mordocai
Watch the traffic go by with a packet sniffer? Verifying that it is done
securely is a lot harder, but you can at least verify that things are not
being sent as plain text/data.

~~~
fweespee_ch
Yeah but that just shows its https.

~~~
arcticfox
Can't you MITM yourself fairly easily to decrypt the https and see what's
being passed? Assuming you have full control of your device.

------
visarga
>“The encryption genie is out of the bottle” ... > There was a middle period
where the government had a broad ability to surveil, but if you look at human
history in total, people evolved and civilizations evolved with private
conversations and private speech. If anything, we’re bringing that back to
individuals.

I think on the contrary, the surveillance demon is out of the bottle. It's
impossible to hide metadata (ip addresses) in communications, we depend on
auto-updated operating systems that might be backdoored in the future or are
already backdoored and even if we have an "untraceable" system, we can't
possibly use our old accounts were we logged in with our real name, or which
can be traced to our IP address.

~~~
delinka
delete your dupe to revive some karma

------
Propen
I can't believe that no one ever mentions Signal in any of these articles.

------
jonalmeida
I'd like to know how backing up data on Google Drive will be done now. Does it
remain encrypted, so that when you re-import it to your phone only then it'll
be readable?

------
mfringel
So, now we have a billion people who think they're communications are secure,
as opposed to just encrypted.

~~~
techthroway443
Are you implying WhatsApp designed an insecure encryption?

~~~
sickbeard
how do you know it's secure other than what you read from the press release?

~~~
techthroway443
I have no idea how secure it is, I was asking for clarification.

Side note, I noticed your account is still green and 13 days old. Are new
accounts green only for two weeks?

------
aorth
Bravo to moxie, and the WhatsApp guys actually sound really cool. So, assuming
you're using WhatsApp Web, does that mean you have end-to-end encryption there
too? I recall the web version used your phone somehow.

~~~
harigov
Apparently it does. I just opened whatsapp web and it greeted me with a
message that any messages and calls through it are now encrypted.

------
motdiem
Looks great, but I find it a bit weird that there's no Whatsapp announcement -
I also wonder if it'll slow down the ability to have the same whatsapp account
on multiple devices.

~~~
Slippery_John
[https://blog.whatsapp.com/10000618/End-to-end-
encryption](https://blog.whatsapp.com/10000618/End-to-end-encryption)

------
sidcool
How does this compare with Telegram? Same, better or worse?

~~~
Nekit1234007
Basically Telegram is _nothing_ compared to this.

~~~
sidcool
Really? How so? I can understand from scale perspective, but is it more secure
than Telegram?

~~~
Nekit1234007
Telegram received quite a backlash from crypto community for rolling out
nonsensical throw-a-bunch-of-crypto-algorithms-together homebrew protocol that
was designed by Math PhD™ students and having an audacity of conducting a
contest to break it.

This OTOH uses peer reviewed, strong, modern crypto that was designed by
people who know how to do these things.

~~~
alias240
The crypto might be superior, but we do not know for sure that
Whatsapp/Facebook is not covertly decrypting the messages and funneling
through some Prism v2 NSA surveillance operation.

~~~
Nekit1234007
You can say say the same about Telegram, can you not?

------
d0ugie
Did they roll this out to their Mainland Chinese users?

