WhisperSystems designed good protocols, but I am afraid that Moxie was
   too anxious to release this info and hit ENTER key too early :-)
   I am quite skeptical about the actual value from the security point of
   this press release.
   WhisperSystems reports about end-to-end encryption, that means, I
   encrypt my message with an encryption key that only you or both of us
   know.
    1. How can we negotiate that key? Users are not involved, but
       everything happens automatically, under the hood, between two
       whatsapp clients. How? they negotiate the encryption keys through
       whatsapp servers: is it my own key or the NSA one? are they leaking
       the key to Facebook?
    2. We do need to authenticate the identity, eg: via QR code,
       fingerprint, spell it loudly on the phone,  etc.., which reduces
       usability, especially for mass market.
    3. Last but not least: even if we authenticated identities and keys,
       how can we be sure that whatsapp client is really using the
       authenticated keys and not the NSA keys, maybe only on a white list
       of suspected mobile phone numbers? above all, they provide a
       proprietary and closed source app

   The security model is faulted, at the root level:
     * If I subscribe to a security service - such as messaging -,  the
       service provider is untrusted by default. I need total transparency
       -> every single components in the architecture should be auditable
       and open source
     * If mobile app is closed source, I can trust only the infrastructure
       that should be under my full control, to be sure that no
       information leak outside infrastructure is ever possible.

   My 2 cents
   Marco

   2014-11-19 7:25 GMT+01:00 Eric Mill <[1]eric@konklone.com>:

   This was honestly just about as exciting as the new
   EFF/Mozilla/Akamai/etc CA. Strong encryption with no UX degradation,
   for *so* many people, and the post certainly indicates it'll be going
   into the rest of WhatsApp's native applications.
   I'm sure this fed into improvements into the TextSecure protocol, and
   that the PR will help WhisperSystems obtain more partnerships like
   this. A great day for the TS project.

   On Tue, Nov 18, 2014 at 6:35 PM, rysiek <[2]rysiek@hackerspace.pl>
   wrote:

     Well,
     I didn't see THAT coming:
     [3]https://whispersystems.org/blog/whatsapp/
     --
     Pozdr
     rysiek

   --
   [4]konklone.com | [5]@konklone

References

   1. mailto:eric@konklone.com
   2. mailto:rysiek@hackerspace.pl
   3. https://whispersystems.org/blog/whatsapp/
   4. https://konklone.com/
   5. https://twitter.com/konklone