Hacker News new | ask | show | jobs
by therealmarv 3681 days ago
It's not about the program. It's about the network... you cannot switch a network when all your friends and colleagues use WhatsApp and their groups. But I'm happy WhatsApp is more secure than most of the alternatives with good E2E encryption support.
2 comments
drcross 3681 days ago
> with good E2E encryption support.

They say there is good E2E encryption. Great claims require great proof.

link
Aoyagi 3681 days ago
The only great proof would be opensourcing it completely, and I don't see that happening.

Then again, Moxie said he himself oversaw the implementation of the encryption and that he has trust in it...

link
awqrre 3681 days ago
Even if they implemented correctly, it doesn't mean that they didn't add a backdoor for the government.
link
Aoyagi 3681 days ago
To quote him:

"I was very closely involved for the integration, had full access to the source code, did plenty of review, and have a lot of confidence in the engineers that are maintaining it.

There are plenty of engineers in the world who are capable of inspecting the binaries they're distributing, so it would be incredibly risky of them to inject surveillance code client side."

link
awqrre 3681 days ago
I guess that the governmenet doesn't even need a backdoor in the Facebook app... Since Google has admin privileges on your device and is in bed with the NSA, they could go that route instead.
link
bad_user 3681 days ago
Behind WhatsApp's E2E encryption is the technology from Signal / Open Whisper Systems, which is developed in the open, the work on WhatsApp being done in partnership with them, see: https://whispersystems.org

Of course, it's not totally trustworthy, because in the end it's still a proprietary app, distributed as a binary blob, connecting to proprietary servers, for which you can't have access to the source code and in spite of any well meaning partnerships, they can always push an update that undoes all of that.

But you know, at this point that's still better and more trustworthy than other mainstream alternatives. So now I have WhatsApp installed.

link
therealmarv 3681 days ago
https://translate.google.de/translate?sl=de&tl=en&js=y&prev=...
link
ojosilva 3681 days ago
I wonder if good E2E encryption of the WhatsApp message rules out the app sending, in parallel, an indexed list of juicy keywords (encrypted or not) to FB servers for the purpose of targeting ads.
link
r00fus 3681 days ago
So you're saying the client indexes your words locally and then e2e encrypts and sends to the person whom you're conversing with?

Is that feasible client-side without burning all your battery?

link
tremon 3681 days ago
The cpu is not the most power-consuming component of your device: the radio and display both consume more power than the processor. According to [1], the cpu typically accounts for only 10%-20% of power usage.

However, a secondary stream from the app to a different endpoint would be detectable, so there are other practical challenges to the GP's scenario.

[1] https://www.usenix.org/event/usenix10/tech/full_papers/Carro...

link
r00fus 3681 days ago
Couldn't it be a secondary stream to the same endpoint but using a different keying (ie, encryption with server's pubkey) mechanism (the metadata then wouldn't be E2E encrypted, but that's not covered in WhatsApp's E2E security page)?
link