[messaging] Second thoughts on WhatsApp encryption

Joseph Bonneau jbonneau at gmail.com
Fri Nov 21 06:54:34 PST 2014

On Fri, Nov 21, 2014 at 9:13 AM, Nadim Kobeissi <nadim at nadim.computer>
> To me this is kind of a deal-breaker. If WhatsApp's servers and executives
> can decide to revoke my "encryption permit" at any time, silently,
> server-side and without me knowing, what's the point, at all, of having
> Axolotl in the first place? Are we hoping that WhatsApp will play nice even
> when faced with a court order?

Assuming this is implemented with care, it isn't really any less secure of
a setup than relying on WhatsApp as a centralized key directory. If Alice
trusts WhatsApp absolutely to learn the other Bob's key, then it doesn't
really matter if WhatsApp tells Alice the Bob has no key or that Bob's key
is something What'sApp knows. If all your communication to WhatsApp is
through a TLS tunnel then in either case WhatsApp can read your messages
and other network observers can't. Either solution for key verification
(fingerprint checking or some sort of transparency log) should also be able
to detect this type of attack by WhatsApp.

There are two ways this could be less secure if implemented poorly:

1) If WhatsApp *isn't* wrapping everything with TLS, then I suppose it's
slightly worse if they put you into no-encryption mode since you're
vulnerable to the whole network now. AFAIK for any clients recent enough to
support E2E encryption everything runs over TLS.

2) If there is some sort of version rollback attack where a network
attacker can make the connection fail and convince the clients to try
communicating without the E2E encryption, this would be bad. TLS should fix
this problem.

The only real worry I have about this is that it introduces the possibility
of whole countries with repressive governments (or whole classes of devices
sold there) have WhatsApp shipping with encryption turned off permanently
in the name of "performance" or compliance. These countries could always
block WhatsApp completely, but this might be very unpopular if millions of
people can't talk to their friends on WhatsApp in other places. You'd like
to force countries to either block WhatsApp completely and risk popular
anger, or allow WhatsApp with E2E included. Techies and activists will know
if they take the middle route of allowing WhatsApp but banning E2E
encryption and can protest about it, but I worry that's less much likely to
cause an uproar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141121/ffd98557/attachment.html>

More information about the Messaging mailing list