<div dir="ltr">The OWS Contributor Agreement appears to permit multiple licensing agreements that would permit using OWS open source code within a proprietary app after reaching an agreement with OWS which is probably what is happening here.<br><br><a href="https://whispersystems.org/cla/" target="_blank">https://whispersystems.org/cla/</a><br><br><ol style="color:rgb(0,0,0);font-family:Nobile;font-size:16px;line-height:24px"><li>Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to Open Whisper Systems and to recipients of software distributed by Open Whisper Systems a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, and distribute Your Contributions and such derivative works, as well as the right to sublicense and have sublicensed all of the foregoing rights, through multiple tiers of sublicensees, provided that in all cases, Open Whisper Systems will make Your Contributions available under an OSI-approved open source license.<br><br></li></ol><div class="gmail_extra">
<br><div class="gmail_quote">On Tue, Nov 18, 2014 at 10:54 AM, Nadim Kobeissi <span dir="ltr"><<a href="mailto:nadim@nadim.computer" target="_blank">nadim@nadim.computer</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Mike Hearn hits the nail on the head! My only questions were in fact<br>
regarding how to handle identity authentication and how to deal with<br>
the closed-source nature of WhatsApp damaging potential security<br>
guarantees.<br>
<br>
Although, I just noticed something: TextSecure is GPL, and Moxie says<br>
that WhatsApp is using the same code as TextSecure. Doesn't that mean<br>
that WhatsApp is now obligated to send a copy of its source code to<br>
whoever demands it? :-) That would be amazing if true.<br>
<br>
Either way, this is historic. I think Moxie's team deserve immense<br>
respect for accomplishing this. This is an accomplishment I will look<br>
up to for many years to come. Truly inspiring.<br>
<span><font color="#888888"><br>
NK<br>
</font></span><span><br>
-----Original Message-----<br>
From: Messaging [mailto:<a href="mailto:messaging-bounces@moderncrypto.org" target="_blank">messaging-bounces@moderncrypto.org</a>] On Behalf<br>
Of Joseph Bonneau<br>
Sent: November 18, 2014 1:16 PM<br>
To: Mike Hearn<br>
Cc: messaging<br>
Subject: Re: [messaging] WhatsApp & OWS team up<br>
<br>
<br>
On Tue, Nov 18, 2014 at 11:23 AM, Mike Hearn <<a href="mailto:mike@plan99.net" target="_blank">mike@plan99.net</a><br>
</span><div><div><mailto:<a href="mailto:mike@plan99.net" target="_blank">mike@plan99.net</a>> > wrote:<br>
<br>
<br>
<a href="https://whispersystems.org/blog/whatsapp/" target="_blank">https://whispersystems.org/blog/whatsapp/</a><br>
<br>
Huge, massive congratulations to Moxie and the team - this sort of<br>
mainstream success is inspiring. I'd been hoping for a long time that<br>
once TextSecure showed you could build a secure messenger with<br>
production quality usability, Facebook / WhatsApp might pick it up,<br>
and today my dream came true :)<br>
<br>
<br>
I echo the major congratulations! One of our main goals with the EFF<br>
Scorecard was to push big providers to take steps like this, hopefully<br>
many more will follow suit.<br>
<br>
<br>
I can see a couple of directions to go now:<br>
<br>
<br>
I would add<br>
<br>
3) Design an efficient, auditable, privacy-friendly public key<br>
directory. WhatsApp/TextSecure still largely rely on a centralized<br>
public key directory. Cracking usable key verification would be great,<br>
but I'd also like these key directories to be able to convincingly<br>
prove to me that they've only signed for a certain set of keys for my<br>
username over a given time period. Some work is underway on this at<br>
Princeton and hopefully elsewhere...<br>
<br>
<br>
It will be interesting to see what the political ramifications of<br>
this are. WhatsApp should now be pretty close to intercept-proof for<br>
all governments bar the USA. Given its ubiquity and complete<br>
centralisation inside California, I suspect this will result in all<br>
kinds of interesting jockying as different countries try to get lawful<br>
intercept capabilities to it (by switching keys, I guess).<br>
<br>
<br>
Presumably Apple has already been in this position for over a year<br>
with iMessage, although it might be more interesting because WhatsApp<br>
doesn't have the political clout<br>
</div></div><div><div>_______________________________________________<br>
Messaging mailing list<br>
<a href="mailto:Messaging@moderncrypto.org" target="_blank">Messaging@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br>
</div></div></blockquote></div><br></div></div>