If you read the article, it’s talking about not putting in a backdoor, and not Facebook saying “we have access to all encrypted messages, we’re just not giving them to you”. As it stands, they’re end-to-end encrypted so not even Facebook can’t see your messages, and that’s what Barr doesn’t like
> they’re end-to-end encrypted so not even Facebook can’t see your messages
Not quite. Facebook still controls the endpoints, so when you see the message so can they. This is obvious: you use their app to view the encrypted message, hence the app has access to the cleartext.
If the app is not phoning home with the cleartext, this seems okay.
You need some software to retrieve/read text anyway, so this becomes an exercise about trusting trust, etc.
An extreme argument? If you don't care about security, perhaps you are right.
In any other case, using a closed source endpoint from the company that promises you "encryption" is completely crazy. They "only" have the ability to decrypt all your messages, remove encryption altogether without notice, targeting ads based on your conversation history, and installing targeted decryption backdoors. Yeah not big deal at all, seems like something really trustworthy.
It's still better than nothing, although in the hands of Facebook it might actually be worse than nothing.
Not at all. Good security often involves some black-and-white thinking, which not everyone is accustomed to.
If Facebook controls the endpoint, then they have the power to access the plaintext, full stop. Using their product (hopefully) implies a choice to trust them not to abuse such access.
I'd argue for not trusting a cryptosystem that requires you to use a particular vendor's CPUs. Open standards and independent implementations at every level should be table stakes.
Although I argue the black-and-white "everyone is a potential adversary" thinking is misguided. Your threat model determines requisite security measures, and you usually have to trust someone. (Although Facebook should probably not be that someone)
The fear is that Facebook could push updates to targets that the US government is interested in and initiate a phone home. The update mechanism is the "front door" that could be used to implant a backdoor.
I agree that this is a risk for basically any networked app, but can't we distinguish whether this is an active concern or a hypothetical one?
In order to actually provide your messages to Facebook, the app needs to either call home when you view the message or write the cleartext somewhere on-device to send home later. If you view the message and then the app calls out with data we can't inspect, or writes something locally that we can't inspect, it could potentially be exfiltrating the message you viewed. If not... am I missing an attack vector, or is that message safe?
(To be precise: this would only prove forward secrecy, meaning safety for that viewing of that message. If we can't see the app's code, it could have testbench cutouts like Volkswagen or WannaCry, or more likely could only trigger for certain users or in certain cases à la Greyball.)
Yeah this - as far as I see it, there's nothing that prevents FB / WhatsApp from "accidentally" shipping the private keys on my phone / machine to their server.
Also, where is the private key stored and when/where exactly is it passed into the decryption algorithm? When/where is the original private key generated and managed? Inside fb software somewhere?
I'm sure realistically the US gov could creatively accomplish what they want.
Not sure the fallout of the public finding out would be worth it over the value add of reading messages, maybe I'm wrong but that's how I would look at it.
If I login to Facebook.com from any random device+browser, I seem to be able to read my "Facebook Messenger" history - maybe this is different if I use the Messenger app, but it seems like there's no E2EE here since I get the plaintext from anywhere.
On WhatsApp there seems to be E2EE enabled but I have no idea what the keys are. A layperson definitely has no idea what the keys are.
Could Facebook build an "NSA mode" where the old keys (K1) are quietly replaced with some known keys (K2) for a particular user at a particular timestamp T?
This means that all messages before T are to be parsed by using K1 and all messages after T are to be parsed by using K2.
As a WhatsApp user, would I even know if "NSA mode" has been enabled for my account? This would enable courts to allow surveillance for all future messages, but the old messages would still be E2EE.
What if you involve Apple+Google into the mix and have them silently deploy a rogue update to a particular user's WhatsApp program - couldn't you just ask a court to write some kind of surveillance warrant which orders the 3 companies to work together to give the alphabet agency a way to remotely take the keys?
That's exactly what the Assistance and Access Act of 2018 in Australia was for. It allows law enforcement to compel third parties to subvert encryption. This doesn't necessarily mean break the encryption itself, but could mean deploying a malicious update to a target device that keylogs or screen captures, or otherwise allows eavesdropping. Keep an eye out for similar bills in your respective governments, it passed without struggle in Australia despite the seemingly negative opinion the public and media had on the issue.
Facebook Messenger conversations are not E2EE by default. When you start one, you have to choose "Secret" in order for E2EE to be applied. This is only available from the Messenger app on mobile devices.
WhatsApp is default E2E and is quite visibly indicated in the application. You can probably make the call on how visible the E2E features in Messenger are yourself if you take a look.
That would require to join Facebook and I'm not coming back there. I'm aware of WhatsApp being E2E, yeah, everywhere except for backups. Another user replied that Facebook plans to go E2E completely, that's surprising but good.
> On WhatsApp there seems to be E2EE enabled but I have no idea what the keys are.
The keys are shown right in the contact's profile under "Encryption", same as Signal. It even has a feature to validate their key by taking a picture of their screen. How could it be any easier for laypeople than that?
> This code can be found in the contact info screen, both as a QR code and a 60-digit number. These codes are unique to each chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted. Security codes are just visible versions of the special key shared between you - and don't worry, it's not the actual key itself, that's always kept secret
So basically it's just a random unique number and could have no relationship to the key whatsoever. We'll never know.
From the content of the article it also seems like it maybe should have that title. In the body they say they won't open their messaging product to law enforcement. Nowhere does it suggest (or deny) they can open messages. Some clarity on this would be nice.
Agreed. "Can't" implies they are unable to do it at all, which means they will not give the information to random LEO requests, because they simply can't.
"Won't" implies they select who they want to give the data to, which mean they probably give that data to other actors, without users even knowing about it.
How would a can't be possible here? They're being asked to modify the client code to enable surveillance. A client can't be secure against changes to its own code, and a protocol can't be secure against the client sharing the data it receives.
It's surprising to me that so many people give the benefit of the doubt to enterprises, when they (at huge effort and expense) emit "mealy-mouthed" rebuttals that leave open the possibility that they actually are doing evil.
These people aren't stupid, and their legal and PR teams understand the fine details of the English language.
It says what they mean to say, not what we wish it would say.
>It surprising to me that so many people give the benefit of the doubt to enterprises, when they (at huge effort and expense) emit "mealy-mouthed" rebuttals that leave open the possibility that they actually are doing evil.
And the alternative is an organization which has an absolutely stellar track record at not doing evil (obvious sarcasm should hopefully be obvious).
Neither party is can be taken at at face value here.