<div dir="ltr"><div>I am confused: if whatsapp *really* does E2E encryption so even *they* cannot snoop on messages in bulk (i.e. at scale without doing it per-user) and therefore cannot mine the data, why did Facebook spend 19Billion $ for it? Is this a gift to the world? Are there at least metadata they can glean from it? Or is it just that having yet another app running on people's phone gives them more data to crunch throu? <br><br></div>Whatsapp currently has 600M users [0] paying 1$/year, so within 7/8 years or less (since user base will likely grow) Facebook will have recovered as much as they've spent for the purchase. Is this why Facebook does not care about whatsapp data?<br><br>[0] <a href="http://www.statista.com/statistics/260819/number-of-monthly-active-whatsapp-users/">http://www.statista.com/statistics/260819/number-of-monthly-active-whatsapp-users/</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 19, 2014 at 10:40 AM, Mike Hearn <span dir="ltr"><<a href="mailto:mike@plan99.net" target="_blank">mike@plan99.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm just curious: I'd not trust the communication via WhatsApp is secure because of its closed source, Android, Google Keyboard and everything else, but when you say WhatsApp E2E encryption is pretty close to intercept-proof for all governments but the US, how do you suggest they can intercept the messages? By choosing weak keys?<br></blockquote><div><br></div><div>Force Facebook to do a key rotation on the target account with a MITM controlled key. In practice that just means get a court order.</div><div><br></div><div>The question is not "can they intercept WhatsApp communications" as the answer is clearly yes. It's "who can make them do it". The UK in particular has been making noises lately about getting a lot more aggressive with Silicon Valley tech companies and forcing them to basically give GCHQ everything, all the time. Cameron is dumb enough he might actually try this, whatever the costs. It boils down entirely to a question of politics and commerce - how much leverage does a country have over Facebook?</div><div><br></div><div>Note that given everything was SSL protected before, and WhatsApp I believe does not log messages so could not provide past messages anyway (except perhaps if they were buffering up waiting to be delivered?) and keys can be changed at any time or forward security disabled entirely for certain user populations without them knowing .... then using the TextSecure protocol inside SSL doesn't actually change much immediately. I see it more as a useful next step, that can be built upon to achieve more impactful change in future.</div></div>
<br>_______________________________________________<br>
Messaging mailing list<br>
<a href="mailto:Messaging@moderncrypto.org">Messaging@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br>
<br></blockquote></div><br></div>