[messaging] WhatsApp & OWS team up

Mike Hearn mike at plan99.net
Wed Nov 19 02:40:21 PST 2014


>
> I'm just curious: I'd not trust the communication via WhatsApp is secure
> because of its closed source, Android, Google Keyboard and everything else,
> but when you say WhatsApp E2E encryption is pretty close to intercept-proof
> for all governments but the US, how do you suggest they can intercept the
> messages? By choosing weak keys?
>

Force Facebook to do a key rotation on the target account with a MITM
controlled key. In practice that just means get a court order.

The question is not "can they intercept WhatsApp communications" as the
answer is clearly yes. It's "who can make them do it". The UK in particular
has been making noises lately about getting a lot more aggressive with
Silicon Valley tech companies and forcing them to basically give GCHQ
everything, all the time. Cameron is dumb enough he might actually try
this, whatever the costs. It boils down entirely to a question of politics
and commerce - how much leverage does a country have over Facebook?

Note that given everything was SSL protected before, and WhatsApp I believe
does not log messages so could not provide past messages anyway (except
perhaps if they were buffering up waiting to be delivered?) and keys can be
changed at any time or forward security disabled entirely for certain user
populations without them knowing .... then using the TextSecure protocol
inside SSL doesn't actually change much immediately. I see it more as a
useful next step, that can be built upon to achieve more impactful change
in future.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/d911bd3c/attachment.html>


More information about the Messaging mailing list