[messaging] WhatsApp & OWS team up

carlo von lynX lynX at i.know.you.are.psyced.org
Thu Nov 20 05:12:28 PST 2014

On Thu, Nov 20, 2014 at 10:29:36AM +0000, Wasa Bee wrote:
> I am confused: if whatsapp *really* does E2E encryption so even *they*
> cannot snoop on messages in bulk (i.e. at scale without doing it per-user)

... within the limitations of law. They cannot impede US gov from having
them provide backdoors for bulk surveillance and they also must proclaim
that this is not happening. The idea that an actual court order is
needed has been shown to not be respected very much.

It is entirely within their business choices if they will make use of
gov backdoors for themselves or not. If they are actually getting paid
by users they could try doing without - or it could be a smoke screen,
since $1 p.a. may not be all that much.

Who knows. And who knows what will be in a dozen years.

> > Note that given everything was SSL protected before, and WhatsApp I
> > believe does not log messages so could not provide past messages anyway

We don't know if logging takes place. Even their sysadmins do not know what
US gov does with all that data. Does it log the stuff? Possibly. Given their
track record, very likely.

> > (except perhaps if they were buffering up waiting to be delivered?) and
> > keys can be changed at any time or forward security disabled entirely for
> > certain user populations without them knowing .... then using the
> > TextSecure protocol inside SSL doesn't actually change much immediately. I
> > see it more as a useful next step, that can be built upon to achieve more
> > impactful change in future.

Like how, by opensourcing the entire thing? I don't see any other possible
step that could have any impact for privacy.


More information about the Messaging mailing list