WhisperSystems + WhatsApp

Subrosa.io contact at subrosa.io
Wed Nov 19 04:05:48 PST 2014


4. How is the key stored on the user's device? Is it backed up by Android's Sync to Google's servers, or backed up by iCloud to Apple's servers? 

5. Even if there is no backdoor right now, an automatic update can easily sneak in a "key escrow".

WhatsApp's "end to end encryption" is voodoo. You cannot expect security from closed source code, certainly not automatically updating closed source code.

---- On Wed, 19 Nov 2014 09:46:50 +0100   wrote ---- 
>Date: Wed, 19 Nov 2014 09:46:50 +0100
>From: Marco Pozzato <mpodroid at gmail.com>
>To: Eric Mill <eric at konklone.com>
>Cc: cypherpunks <cypherpunks at cpunks.org>
>Subject: Re: WhisperSystems + WhatsApp
>Message-ID:
>    <CAHzaDb=TdsPZDXdOOF1+D_gBu=JxtArJ5+SE+tghMAK-+6k4mQ at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>WhisperSystems designed good protocols, but I am afraid that Moxie was too
>anxious to release this info and hit ENTER key too early :-)
>
>I am quite skeptical about the actual value from the security point of this
>press release.
>
>WhisperSystems reports about end-to-end encryption, that means, I encrypt
>my message with an encryption key that only you or both of us know.
>
> 1. How can we negotiate that key? Users are not involved, but everything
> happens automatically, under the hood, between two whatsapp clients. How?
> they negotiate the encryption keys through whatsapp servers: is it my own
> key or the NSA one? are they leaking the key to Facebook?
> 2. We do need to authenticate the identity, eg: via QR code,
> fingerprint, spell it loudly on the phone, etc.., which reduces usability,
> especially for mass market.
> 3. Last but not least: even if we authenticated identities and keys, how
> can we be sure that whatsapp client is really using the authenticated keys
> and not the NSA keys, maybe only on a white list of suspected mobile phone
> numbers? above all, they provide a proprietary and closed source app
>
>The security model is faulted, at the root level:
>
> - If I subscribe to a security service - such as messaging -, the
> service provider is untrusted by default. I need total transparency ->
> every single components in the architecture should be auditable and open
> source
> - If mobile app is closed source, I can trust only the infrastructure
> that should be under my full control, to be sure that no information leak
> outside infrastructure is ever possible.
>
>
>My 2 cents
>
>Marco




More information about the cypherpunks mailing list