Yeah, the more of these (admittedly excellent) security features they add the more glaring a hole the lack of an open source client seems by comparison.
Like, key transparency only helps in a situation where Facebook's servers are compromised, right? That's the most obvious way a man in the middle attack could happen. But if you're worried about an attacker who can compromise Facebook servers, why not also worry about whether that same attacker can compromise the WhatsApp client app, or even compromise Facebook itself at an organizational level?
I don't want to downplay this change too much; it's a genuinely useful security measure that I don't think I've seen any other messaging app implement. But at this point, adding further defenses against external attackers is starting to feel like layering more and more complicated locking mechanisms onto a vault door that's made out of glass.
I think there are two different things: a) The developers of WhatsApp cannot decide to make it open source, but they can decide to write genuinely nice security features. b) Those in power don't want to open source it.
Open source is of very limited usefulness in terms of ensuring security. Unless you're building the client from the source, you have no assurance that the binary you're using corresponds exactly with the source.
That can be fixed with reproducible builds to ensure the source matches the binary, and binary transparency to ensure the version of the app you're running is the same one everyone else is running.
Open source code is a prerequisite to either of those being useful though.
Yes, but that is why I said that it is actually very useful to people who need the security. Most people don't think they do, but those who actually do can ask help to build from source (which is not that hard).
> that is why I said that it is actually very useful to people who need the security
How is it useful to people who need the security but don't have the skills?
> those who actually do can ask help to build from source (which is not that hard).
It's not hard to people like us, but to the majority of people, it's simply not going to happen. No normal person is even going to consider building from source as a possibility, let alone ask for help to do it.
And who would they ask? A huge number of people don't have a suitable nerd friend, and they're not going to follow online instructions to do it. It's too intimidating and scary.
Besides, don't you think it's a bit much to expect everyone -- regardless of skill level -- to build everything from source just in case the binaries aren't built from the same source?
This is all why OSS does not, all by itself, do much to address security issues.
I think it's good to have open source clients, because it makes it easier to audit them. If you get your Signal client from F-droid, and competent people can compare the F-droid binary with the open, audited sources, then it's easier for you to trust the binary.
Of course competent people can reverse-engineer a proprietary binary, but that seems harder than having fairly reproducible builds.
Of course many people are not competent to make the audit by themselves, and therefore they need to trust someone.
And of course, OSS does not all by itself address security issues.
Still I am convinced that it helps.
> It's useless for people who don't have the ability to build from source, which is most people.
I strongly disagree with that. If you have an open source client and a reproducible build, then many competent people can audit the binary you provide on some store. Then most people can benefit from those third-party audits.
It's about power. If they DON'T open source now, with very little effort they have the option to in the future. They don't make money now, but maybe circumstances change? No one knows the future, and we don't know their plans.
But if they do open source it, then it will take a lot of hard work to revert it.
In other words, it's a company and this is their asset.
I support your point on open source. At the same time, it has to be said that Signal doesn't to "pretty much exactly" what WhatsApp does. On my Android it's quite sluggish, whereas WhatsApp is very smooth.
If you don't think Meta makes money from the WhatsApp user contact network and linking that data to their other data sets, you are most certainly mistaken. There's tons of money in it, even now, before they start adding new privacy compromising features.
They are trying to make "unofficial" synonymous with harmful. Sure the article doesn't outright say that all apps are harmful. But it definitely doesn't make any suggesting that a third-party app from a trusted developer could be ok.
At the end what matters the most is who is operating the project and which laws they have to follow.
One point to keep in mind is that almost all open-source projects don't really have transparent builds, and the transparent builds are rarely built really transparent (using public compilers, etc), but more behind the curtains.
Plus, even an open-source app that would have perfectly transparent builds (which is not the case from what I've seen), the app publisher can find way to push targeted updates (via app stores), feature flags, betas or settings to very specific users, etc if compelled to do so.
And there is always a potential excuse that store builds don't match open-source code, because the stores are re-signing the apps (and changing the checksums).
So it's more about who you decide to trust, unless you build the client yourself, which is an extreme outlier.
Most Signal users I know (even very sensitive users), they have iOS, they don't build the code themselves, they don't review the code, etc.
They just press Install (and I understand them, I would do the same).
The choice matters. That's what open source is all about, a choice and giving the users some power.
I still can't believe people feel the need to justify Facebook's actions, even after their horrible track record and continuous violations of the user privacy and trust.
Privacy is about granular controls provided to the user. Closed source doesn't even offer you an option. It's either "Use it how we like" or "Get out".
If open source clients aren't that of a big deal or big privacy win as you've explained, then maybe there shouldn't be a need to justify the decisions of a company like Facebook either.
Like, key transparency only helps in a situation where Facebook's servers are compromised, right? That's the most obvious way a man in the middle attack could happen. But if you're worried about an attacker who can compromise Facebook servers, why not also worry about whether that same attacker can compromise the WhatsApp client app, or even compromise Facebook itself at an organizational level?
I don't want to downplay this change too much; it's a genuinely useful security measure that I don't think I've seen any other messaging app implement. But at this point, adding further defenses against external attackers is starting to feel like layering more and more complicated locking mechanisms onto a vault door that's made out of glass.