Torproject disease infects WhatsApp - User experience trumps(sic) security

Tue Jan 17 07:36:39 PST 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/15/2017 01:33 PM, Razer wrote:
>> At issue is the way WhatsApp behaves when an end user's
>> encryption key changes. By default, the app will use the new key
>> to encrypt messages without ever informing the sender of the
>> change....
>> 
>> Critics of Friday's Guardian post, and most encryption
>> practitioners, argue such behavior is common in encryption apps
>> and often a necessary requirement. Among other things, it lets
>> existing WhatsApp users who buy a new phone continue an ongoing
>> conversation thread.
> 
> 
> Ars Technica agrees: "Reported “backdoor” in WhatsApp is in fact a
> feature"
> 
> http://arstechnica.com/security/2017/01/whatsapp-and-friends-take-umbr
age-at-report-its-crypto-is-backdoored/

"For
> 
the attack to work well, it would require control of a WhatsApp
server, which is something most people would consider extraordinarily
difficult to do."

"WhatsApp does not give governments a "backdoor" into its systems and
would fight any government request to create a backdoor."

without ever informing the sender of the change....

... because that might confuse someone, might frighten someone, might
make someone to think about what they are doing, might shatter the
illusion that WhatsApp loves and cares for them and keeps them
perfectly safe forever and ever.  Asking the Consumer of an Experience
to think or act like a User wielding a Tool is the ultimate affront to
all that is good and holy in this, the best of all possible worlds.

Perfect helplessness, total dependency, and absolute safety are human
rights.  Accepting these rights into your life as free gifts is enough
to secure them for yourself and your posterity.  Kind, loving,
all-powerful corporations only want to make it just so, and all they
ask is a few screen taps or mouse clicks:  Just Say Yes.  Won't you
accept them into your heart and life?  It would be so cruel and unfair
to deny them the only thing they ask for in this world, a chance to
take care of you.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYfjoHAAoJEECU6c5XzmuqBSQH/AwY+GaQcr8daHqFoADpwIT+
dl3xI94xjCEgoq9v9u5XMv+yOr5OJmup3tLeGvV0ePFa76/eNe1kL18WF1v70jeO
Uo7XFd6zzsWRrcT4tBkR38SKvdGyUIAmHMpfSIPCVWvOJHXWWXPE8u8bXl75EiDH
mZ366rQdU0tL9YyNjk86TyHWJ/MO37CbqAuy4YlmRfmsXVoeaG4JMtK+9cuxkUVh
bXC3tivjDJbR4NrHI8z+rysRFgeMUEtc8uil6YQPPZvn8ByGTHVjGNzvD22fZZDY
suEfsDM5/xcajOLjlS/NR6oBErM75hg1VarIEjQsU+VzeKA4bZWkq9Gd2xHWowM=
=f+PQ
-----END PGP SIGNATURE-----