[messaging] WhatsApp & OWS team up

Nadim Kobeissi nadim at nadim.computer
Tue Nov 18 10:54:41 PST 2014


Mike Hearn hits the nail on the head! My only questions were in fact
regarding how to handle identity authentication and how to deal with
the closed-source nature of WhatsApp damaging potential security
guarantees.

Although, I just noticed something: TextSecure is GPL, and Moxie says
that WhatsApp is using the same code as TextSecure. Doesn't that mean
that WhatsApp is now obligated to send a copy of its source code to
whoever demands it? :-) That would be amazing if true.

Either way, this is historic. I think Moxie's team deserve immense
respect for accomplishing this. This is an accomplishment I will look
up to for many years to come. Truly inspiring.

NK

-----Original Message-----
From: Messaging [mailto:messaging-bounces at moderncrypto.org] On Behalf
Of Joseph Bonneau
Sent: November 18, 2014 1:16 PM
To: Mike Hearn
Cc: messaging
Subject: Re: [messaging] WhatsApp & OWS team up


On Tue, Nov 18, 2014 at 11:23 AM, Mike Hearn <mike at plan99.net
<mailto:mike at plan99.net> > wrote:


	https://whispersystems.org/blog/whatsapp/

	Huge, massive congratulations to Moxie and the team - this sort of
mainstream success is inspiring. I'd been hoping for a long time that
once TextSecure showed you could build a secure messenger with
production quality usability, Facebook / WhatsApp might pick it up,
and today my dream came true :)


I echo the major congratulations! One of our main goals with the EFF
Scorecard was to push big providers to take steps like this, hopefully
many more will follow suit.


	I can see a couple of directions to go now:


I would add

3) Design an efficient, auditable, privacy-friendly public key
directory. WhatsApp/TextSecure still largely rely on a centralized
public key directory. Cracking usable key verification would be great,
but I'd also like these key directories to be able to convincingly
prove to me that they've only signed for a certain set of keys for my
username over a given time period. Some work is underway on this at
Princeton and hopefully elsewhere...


	It will be interesting to see what the political ramifications of
this are. WhatsApp should now be pretty close to intercept-proof for
all governments bar the USA. Given its ubiquity and complete
centralisation inside California, I suspect this will result in all
kinds of interesting jockying as different countries try to get lawful
intercept capabilities to it (by switching keys, I guess).


Presumably Apple has already been in this position for over a year
with iMessage, although it might be more interesting because WhatsApp
doesn't have the political clout


More information about the Messaging mailing list