> What I can not comprehend is how respectable people and experts like Snowden and others from EFF can get behind a messenger that its authentication is based on cell phone numbers!
Authentication isn't based on cell phone numbers, that's just the identifier. See "verify security code" here: https://www.whatsapp.com/faq/en/general/28030015 The problem, which EFF does mention is that "if your contact changes keys, this fact is hidden away by default."
> When an application sends all your contacts to its servers (whether they are hashed or not) and more importantly when your whole access depends on a none encrypted code sent via SMS
Correct me if I'm wrong but it seems as if you think that someone who hijacks your number will get access to some account where all your contacts are. That's not the case. The problem here is the same as above.
> and worst of all, your identifier can be tied to your real identity extremely easy, how can they call it secure at all?
> It is not all about E2E or how the crypto is designed or implemented, its also about your anonymity, your social graph and other pieces of information which are arguably more important not to give away!
On the first point: Account authentication (when you setup your account or when you add a new device) is done via a non encrypted text message delivered to you by the tel-co service. This method is extremely insecure as it has been used by state and non-state sponsored hackers to hijack the account. IMHO the only reason a messaging service uses and relies on phone number to identify (and of course authenticate accounts) is to steal (that's how I see it) their contacts and force them to use the service in order to grow their user base. Such unethical and disturbing practice can not be endorsed by an organization like EFF.
Regarding the second point, as mentioned above, my problem is with the support EFF shows for such applications/corporations. If you are looking to avoid mass surveillance, of course the ability to be anonymous is critical.
> On the first point: Account authentication (when you setup your account or when you add a new device) is done via a non encrypted text message delivered to you by the tel-co service. This method is extremely insecure as it has been used by state and non-state sponsored hackers to hijack the account.
Again, the problem here is that "if your contact changes keys, this fact is hidden away by default." If WhatsApp did that by default, like Signal, then you would know that the key had changed.
> IMHO the only reason a messaging service uses and relies on phone number to identify (and of course authenticate accounts) is to steal (that's how I see it) their contacts and force them to use the service in order to grow their user base. Such unethical and disturbing practice can not be endorsed by an organization like EFF.
The phone number is used for contact discovery. You're not forced to do anything. For most people when they download a messenger they want to use it to talk to other people and they don't find it disturbing or unethical when that's possible.
> If you are looking to avoid mass surveillance, of course the ability to be anonymous is critical.
Luckily it's possible to use more than one app. I'm ok with my friends knowing who I am. This app makes it easy to find your friends. If you want to talk to people you don't know without them knowing who you are, there are other apps. That's not the purpose of this one. It doesn't make it bad, it doesn't make it insecure, it just means it's not for you.
1) Again I'm not talking about verification of whoever is on the other side of the conversation, its about hijacking the account (whether by breaking into the Tel-Co system or having access to it using a court order). There are other means to verify the person you are talking to (signing a message in the beginning of conversation using another app or software) but if all that it takes for someone to have access to my account is to get a copy of that text (containing authentication code) I'm not sure if anyone can call this secure. IMO this security flaw is far more important than having E2E. I hope I was able to differentiate between authentication and verification.
2) If you are using this app, you are forced to give up a copy of all you contacts and also the app is scanning for new contacts several times every hour! If this was an opt in option, I wouldn't have any issues with it. Some people might favor convenience over security as is their right but forcing a social graph of all your friends (almost in all cases without even a simple warning) out of you because you simply want to use the service is frankly disturbing.
3) Unluckily, there are no apps that have such strong E2E standard while implementing the points I raised.
What I'm more concerned about is EFF's bar to endorse a platform with such bug flaws.
> 1) Again I'm not talking about verification of whoever is on the other side of the conversation, its about hijacking the account (whether by breaking into the Tel-Co system or having access to it using a court order).
What do you imagine happens when someone hijacks "the account"? They don't get access to your past conversations, they don't get access to your contacts. All that happens is that they can impersonate you, which your friends will notice when they are notified that the key changed.
> If you are using this app, you are forced to give up a copy of all you contacts and also the app is scanning for new contacts several times every hour!
I'm pretty sure it asks you and you have to give it permission. And again, most people WANT to find their contacts. What's the point of having a messenger and no one to send your messages to?
> If this was an opt in option
It is opt-in, no one is forcing you to use WhatsApp. It's not like people don't know that they will be able to contact their friends through WhatsApp and are shocked and dismayed when they find out that's the case. You do realize not every app in existence has to follow your requirements right? You're free to use something that does, but the reason the majority use WhatsApp is that it doesn't. That's not a bug, it's a design choice that you happen to disagree with.
https://news.ycombinator.com/item?id=12559127
Thanks for your interest and looking forward to have a discussion here with other HNers