Hacker News new | ask | show | jobs
by snowboarder63 1159 days ago
WhatsApp announced that they’re adding key transparency to enhance end-to-end encryption verification within their suite of apps. There’s a blog post going into details on the engineering blog including announcing that the core logic for managing an auditable key directory is being open-sourced on Github: https://github.com/facebook/akd
2 comments
gouggoug 1159 days ago
I can’t really put my finger on why, but this comment looks like it came straight from chatGPT.

Did it?

link
syrrim 1159 days ago
It's phrased as if it's an answer to a question, which it would be if it was the result of a prompt to chatgpt. Of course, a person could deliberately emulate that style as well, making this an unreliable way to determine whether a comment was written by a bot.
link
snowboarder63 1159 days ago
I did not use ChatGPT to write this - Me lol
link
Lionga 1159 days ago
Sounds like something ChatGPT would say
link
vorpalhex 1159 days ago
> Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.

https://news.ycombinator.com/newsguidelines.html

link
Gunnerhead 1158 days ago
Not to me, even after re-reading it. ChatGPT often sounds too formal but this isn’t.
link
JustSomeNobody 1159 days ago
Could be. I'm saw one on Reddit the other day, checked the users history and they all had that uncanny valley feel to them.
link
imwillofficial 1159 days ago
Cut this crap out. This type of questioning all the time will not be good for HN.
link
axus 1159 days ago
Using chatGPT to make a comment isn't necessarily a bad thing. I'd say the curiosity about how the comment was written is a good thing, as long as it's not a criticism.
link
mardifoufs 1159 days ago
Sure, but it's still pretty rude because it's usually baseless. And as you said, it doesn't even really matter. If the comment is bad, just downvote it. If it's good enough, why even bring it up?
link
InCityDreams 1159 days ago
"Don't ask rude questions", usually said by those with something to hide. Obviously there's a current novelty factor with cgpt answers, and i for one am happy people 'challenge' them. If the comment isn't what you like, ignore it?
link
imwillofficial 1159 days ago
This is starting witch hunts for ai generated comments, attempting to discredit the comment by its format, not its content. This violates the goodwill we all share in conversation on HN.
link
wkat4242 1159 days ago
Why would someone even bother using a chatbot to write a comment? Just writing it would be a lot quicker.

There isn't really anything to gain here with that either.

link
gouggoug 1158 days ago
“Someone” wouldn’t. A bot would. Which was implied (albeit maybe not obvious) in my question.
link
wkat4242 1158 days ago
But a current-gen bot doesn't go look around for forums to leave comments on by itself. There must be a human that set that up through the API.

My question is why, what's the point? If it even happens, in this case it was not so.

link
rvnx 1159 days ago
The problem is not technical, FB could write anything, the security of the system is as weak as its weakest link.

The problem here is way way behind the computer.

https://xkcd.com/538/

The weakest link here, is that Facebook has to respect US laws.

They don't have a choice there.

So, if US law permits or requests in some way interception of communications, or that operators have to report certain activities, then your right to secrecy is done.

Of course, a random user won't have its dog food or gardening communications intercepted, but once you trigger certain patterns, welcome to the new "user trials / feature flags / beta".

Not saying it specifically for WhatsApp, it's valid for any US-based app

-> and broadly any app where the founders may eventually be arrested by the US (as the US has a lot of extra-jurisdiction power).

(think about it, how easy it would be to decrypt Mega.nz file, for example in a real-life scenario. One push of code on one URL to send back the part about the # sign, and done, or to activate new trials in Google Chrome, or to push a Play Store update to single users, etc...).

I'd be really surprised that Zuck takes responsibility and ends up in jail because he refuses to execute a legal request regarding imminent terrorism attack (risking penal risk and being charged as helping the criminals, well, there's a plus; that's more time to spend in the Metaverse).

The most likely scenario, is that the US-gov is very powerful and capable to enforce laws in their own country and that you have to respect the laws if you want you company to continue.

Same with China.

link
russell_h 1159 days ago
You're describing exactly the problem that key transparency helps to solve.

With this rolled out, the WhatsApp app itself will be able to detect, by default without any manual verification, if FB attempts to MITM the connection.

While this doesn't make it technically impossible for Facebook to modify the app and servers, it does make it organizationally almost impossible to do so secretly. Such a move would require the involvement of numerous individuals across multiple teams and would be noticeable to security researchers through changes to the app.

This approach is taking off in a bunch of similar problem spaces (web PKI, code signing, etc), so very exciting to see it applied here.

Randomly, and somewhat weirdly, Facebook actually offered one of the first Certificate Transparency monitoring tools, which made it possible to monitor all certificates issued for your domain using a very similar approach: https://www.facebook.com/notes/3497286220327506/

link
rvnx 1159 days ago
Not really ?

I don't see what prevents the app from pushing a decoded copy of the conversation ?

Even a variant of Skype was caught doing such (we only know about it because they left the server which had the raw logs completely open).

And still, Skype is very secure/encrypted/blablabla; which is true, but within the borders of local regulations.

https://web.archive.org/web/20090210230204/http://www.inform...

The end comment/advice from the US part is even a bit funny: "travelers should assume that all communications are monitored."

link
russell_h 1159 days ago
You're making my point: some Chinese Skype variant did this, back in 2009, and got caught.

There's just no way, in real life, for Facebook to add what you're describing to one of the most prominent messaging apps in the world without somebody noticing.

I'm not here to tell you that your WhatsApp messages are perfectly secure. If the CIA wants to read your messages they'll probably just hit you with the wrench instead of some FB exec. But I do think that transparency logs are deeply under-appreciated for their ability to make undetected mass-surveillance dramatically more challenging.

link
mschuster91 1159 days ago
> There's just no way, in real life, for Facebook to add what you're describing to one of the most prominent messaging apps in the world without somebody noticing.

That assumes somebody is digging through each update and the thousands of classes. FFS the OG Facebook app was already blowing past the limits of Android in 2013 [1], and the current Whatsapp app isn't much better - just look at the current APK file:

    2023-04-12 11:38:58 .....      2578508      1171345  classes.dex
    2023-04-12 11:39:04 .....     13312588      6020223  classes2.dex
    2023-04-12 11:39:08 .....      7671448      3310145  classes3.dex
    2023-04-12 11:39:08 .....      2118352       945166  classes4.dex
25MB of already compressed Dalvik code, probably double that if you restore it to Java class files and triple to quadruple that in Java source files. It's impossible to audit that there is no routine pushing keys to, say, the usual analytics backend they use - and to make it worse, according to APKMirror, they push updates every few days [2].

Although my biggest question is... it's a fucking messenger app. Why does it produce a larger binary content than a full-blown Linux kernel?!

[1] https://engineering.fb.com/2013/03/04/android/under-the-hood...

[2] https://www.apkmirror.com/uploads/?appcategory=whatsapp

link
qtzfz 1159 days ago
>Although my biggest question is... it's a fucking messenger app. Why does it produce a larger binary content than a full-blown Linux kernel?!

Because it does so much more than messaging. Also, UI code is generally very verbose.

link
buran77 1159 days ago
> There's just no way, in real life, for Facebook to add what you're describing to one of the most prominent messaging apps in the world without somebody noticing

Your point moved from "key transparency is the defense" to "someone will notice". But if your defense is the hope of "someone noticing" you're in for a big surprise. Sometimes things go unnoticed. Look no further than OpenSSL, open source, used by billions, deployed by companies worth as much as small countries, and yet nobody noticed Heartbleed for years.

So I'll be very cynical that some development flag targeting a handful of people in an app like WhatsApp and then is removed will be so noticeable that it's a strong defense.

link
palata 1159 days ago
I think you are trying to say "it's never 100% secure", and the parent agrees with you. The parent is just saying "this is making it more secure (but not 100% secure)".
link
crote 1159 days ago
The trick is to push a modified version only to the few clients you want to attack. Use it sparingly and you won't get caught.
link
palata 1159 days ago
Or just hack the phone of those few clients with another attack vector. Doesn't mean that security is entirely useless. It depends on the threat model.
link
rvnx 1159 days ago
and most of all, do not forget the logfiles on an open server (it was their mistake, otherwise it would have been fine I think)
link
btown 1159 days ago
There are also tons of ways to exfiltrate data through known channels in ways that are difficult for security researchers to distinguish from otherwise secure app analytics code.

A crash/exception logging system, say, might appear to researchers to anonymize data, but it would be very possible for code to be written that happens to raise a mundane exception when specific users or geofences see specific words on screen, in a way where that list of users/geofences/words could be controlled by non-technical teams. The log message itself doesn't even need to carry sensitive data; its existence alone, when the trigger conditions are known, can be used to carry out a highly targeted attack.

Even open-source systems can be vulnerable to this: see e.g. https://github.com/signalapp/Signal-iOS/blob/eaed4da06347a3a... and consider the ways it might be possible for a small group of people at Signal to cause a specific set of messages to be seen as corrupt without raising any flags to the community auditing the code.

Of course, lack of visibility into runtime errors can lead to vulnerabilities as well. I don't think the solution is for us as a community to advocate for removing all error analytics in distributed systems. But we can't ever forget that: all analytics surfaces are attack surfaces.

link
dheera 1159 days ago
Exactly, without Zuck opening the protocol and sanctioning the use of open-source clients it is not meaningful.
link
rvnx 1159 days ago
Somehow I think this is still possible. The engineers behind WhatsApp seem to be very talented, and they may be able to convince Zuck that an open client would increase trust in Meta's brands, and increase usage (which can then be used to promote other Meta's products).

If they keep the server-side closed, it's totally fair I think.

link
palata 1159 days ago
Or open source alternatives will pick up their work, and the WhatsApp engineers will probably be happy about it.
link
kmac_ 1159 days ago
This solves a real issue. Key transparency for SSL certificates introduced years ago by Google surfaced a lot of misissued certificates and fixed large hole in the whole system. Of course, this is for WhatsApp and the impact is smaller, but still. Congrats to Meta team.
link
2Gkashmiri 1159 days ago
Because of my handle, I would appear to be biased but here is a popular Indian news article around WhatsApp.

https://scroll.in/article/1044425/how-a-cross-border-love-st...

The fact is, Indian govt has long been able to intercept WhatsApp and failing which they force group admins to get "registered"

https://thenextweb.com/news/kashmirs-police-want-people-to-r...

With local Intel suggesting malware being installed when admins to go the station for "registration". Remember, this was before all the state sponsored malware came into light a few years ago so we locally have known this for quite some time now.

link
hangonhn 1159 days ago
> So, if US law permits or requests in some way interception of communications, or that operators have to report certain activities, then your right to secrecy is done.

Yep. FISA Section 702 allows that but supposedly only if you're not in the US and not an US citizen. Will an American get caught up the in the net? Maybe? Oh and it doesn't require a warrant. It's set to expire the end of this year but they've been known to renew it. https://www.eff.org/702-spying

link
EGreg 1159 days ago
Actually, this is exactly what Pavel Durov (Mark Zuckerberg’s counterpart and founder of the Russian Facebook vkontakte) did when Russian authorities asked him to reveal who helped organize the Maidan protests in 2013/2014

https://globalvoices.org/2014/02/22/pro-maidan-video-goes-vi...

https://www.documentcloud.org/documents/1146789-durov1

(Besides these guys I mean: https://www.ndi.org/eurasia/ukraine)

And he just posted the middle finger on his site.

Pretty soon he started receiving the standard “tax evader” treatment (i.e. offices being ransacked, veiled personal threats etc.), his shareholders pushed him out and he and his brother fled the country and started Telegram.

Pavel is a true libertarian who’s stood for his beliefs against his own government, and lost control of his company as a result. Unlike Moxie Marlinspike (founder of WhatsApp and also Signal) who claims he is an “anarchist”, Pavel walked the walk.

When he started Telegram, he pissed off his US investor who got heat for Telegram being used by ISIS to communicate. The investors were pissed off that they never made a profit on Telegram and was mentally associated with helping ISIS. Although Pavel eventually did take action: https://www.wsj.com/articles/telegram-app-tackles-islamic-st...

Pavel also claims his team was approached by the CIA multiple times and they successfully resisted it. Telegram offices are nowhere to be found in Dubai: https://m.youtube.com/watch?v=Pg8mWJUM7x4

That is how you run a free speech absolutist social network that governments all want to control. Telegram is probably the most secure and trusted centralized social network (with Signal a distant second).

But that is insane. We don’t have to trust Pavel or Moxie to be our “last line of defense.” Why do we rely on giant, centralized corporations to host all our private conversations?

This was my response to Moxie’s critique of Web3 and decentralization:

https://community.intercoin.app/t/web3-moxie-signal-telegram...

link
sgjohnson 1159 days ago
So why the fuck Telegram is not e2e encrypted by default, and why are group chats not e2e encrypted?

Not to mention that even when chats are e2e encrypted, they are encrypted using their proprietary algorithm?

link
upofadown 1159 days ago
As mentioned in the linked article, E2EE group chats are more or less impractical due to the identity verification problem. This initiative is intended to help with that. I will also point out that large group chats are impractical due to the simple fact that not everyone will know everyone else. So someone can just leak the messages.

The Telegram method of dealing with this is obviously not the only way, but it is a legitimate way.

>Not to mention that even when chats are e2e encrypted, they are encrypted using their proprietary algorithm?

The algorithm is public. It is a straightforward application of well known primitives. It is hardly proprietary.

link
robryk 1159 days ago
> The algorithm is public. It is a straightforward application of well known primitives. It is hardly proprietary.

Note that its predecessor, was very much not that (e.g. https://words.filippo.io/dispatches/telegram-ecdh/ was a vulnerability in it, and it stuck to some weird choices of crypto primitives/key sizes for a pretty long time). This colors my expectations about the current version slightly.

I personally know nothing about the current protocol used (mtproto 2.0) and a few minutes of googling surfaced https://eprint.iacr.org/2022/595.pdf, https://eprint.iacr.org/2023/469 and https://arxiv.org/abs/2012.03141, which I'd need to read in reasonable amount of detail to have an opinion on mtproto 2.0.

link
EGreg 1159 days ago
That’s like Mehdi Hassan nitpicking small factual inaccuracies in the Twitter filea last week and ignoring the main discussion with Matt Taibbi about government censorship around the world.

Look, if people want to encrypt their chats on Telegram, they start a secret chat. That’s how it should be. Why should it be the default? Because you think people are idiots?

If I make a secret chat on Telegram, I trust it more than a default chat on Signal. Both are good, but one company is much harder to pressure than another.

And this is all a moot point - like arguing which homeless person is richer. If you want real privacy and control — simply communicate without using the infrastructure and software provided by centralized corporations!

link
robryk 1159 days ago
> Look, if people want to encrypt their chats on Telegram, they start a secret chat. That’s how it should be. Why should it be the default? Because you think people are idiots?

Because everyone is an idiot once in a while (just after waking up, when drunk, when stressed, when sick, ...). Also, because the very presence of a secret chat is something that can be observed and can be enough to raise suspicion.

link
EGreg 1159 days ago
I know this is a bit of a cop-out but even writing in a non-secret chat and having Telegram know, then totally deleting a message on Telegram with no visual trace to the counterpart, is less worrying for me than doing the same on the “e2e encrypted” WhatsApp which shows “Message deleted” and if I failed to do it, prevents me from deleting the message after a while. Telegram lets me delete everyone’s messages and even the entire chat anytime. That shows where their head is at.

That said, you are right that not-on-by-default-for-everyone makes the encrypted chats more suspicious.

I have to say that I have a nuanced view on encryption, which isn’t matching the orthodoxy on HN:

https://community.qbix.com/t/balancing-privacy-and-accountab...

link