Torproject disease infects WhatsApp - User experience trumps(sic) security
At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change....
Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.
Ars Technica agrees: "Reported “backdoor” in WhatsApp is in fact a feature" http://arstechnica.com/security/2017/01/whatsapp-and-friends-take-umbrage-at...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/15/2017 01:33 PM, Razer wrote:
At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change....
Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.
Ars Technica agrees: "Reported “backdoor” in WhatsApp is in fact a feature"
http://arstechnica.com/security/2017/01/whatsapp-and-friends-take-umbr age-at-report-its-crypto-is-backdoored/
"For
the attack to work well, it would require control of a WhatsApp server, which is something most people would consider extraordinarily difficult to do." "WhatsApp does not give governments a "backdoor" into its systems and would fight any government request to create a backdoor." without ever informing the sender of the change.... without ever informing the sender of the change.... without ever informing the sender of the change.... ... because that might confuse someone, might frighten someone, might make someone to think about what they are doing, might shatter the illusion that WhatsApp loves and cares for them and keeps them perfectly safe forever and ever. Asking the Consumer of an Experience to think or act like a User wielding a Tool is the ultimate affront to all that is good and holy in this, the best of all possible worlds. Perfect helplessness, total dependency, and absolute safety are human rights. Accepting these rights into your life as free gifts is enough to secure them for yourself and your posterity. Kind, loving, all-powerful corporations only want to make it just so, and all they ask is a few screen taps or mouse clicks: Just Say Yes. Won't you accept them into your heart and life? It would be so cruel and unfair to deny them the only thing they ask for in this world, a chance to take care of you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYfjoHAAoJEECU6c5XzmuqBSQH/AwY+GaQcr8daHqFoADpwIT+ dl3xI94xjCEgoq9v9u5XMv+yOr5OJmup3tLeGvV0ePFa76/eNe1kL18WF1v70jeO Uo7XFd6zzsWRrcT4tBkR38SKvdGyUIAmHMpfSIPCVWvOJHXWWXPE8u8bXl75EiDH mZ366rQdU0tL9YyNjk86TyHWJ/MO37CbqAuy4YlmRfmsXVoeaG4JMtK+9cuxkUVh bXC3tivjDJbR4NrHI8z+rysRFgeMUEtc8uil6YQPPZvn8ByGTHVjGNzvD22fZZDY suEfsDM5/xcajOLjlS/NR6oBErM75hg1VarIEjQsU+VzeKA4bZWkq9Gd2xHWowM= =f+PQ -----END PGP SIGNATURE-----
participants (2)
-
Razer -
Steve Kinney