[moxie]

I get a lot of credit for the stuff that Open Whisper Systems does, but it's not all me by a long shot. Trevor Perrin, Frederic Jacobs, Christine Corbett, Tyler Reinhard, Lilia Kai, Jake McGinty, and Rhodey Orbits are the crew that really made all this work happen.

[tw04]

Given that we have the man himself onboard - can I urge you to ask the WSJ to remove the comment at the start of the article about WhatsApp implementing your encryption schema? Unless I've missed something, there's absolutely no way for an end-user to determine if their messages are being encrypted (with whatsapp). Or how they're being encrypted for that matter. I feel like WhatsApp latched onto your groundwork (potentially even with good intentions) - but never actually has opened up about the implementation, opened the code to audit, or been forthright about exactly who/how many users are covered.

I fear articles like this just make the average joe think "oh, whatsapp == secure" when recent events have proven that's far, far from the truth.

http://arstechnica.com/tech-policy/2015/06/intercepted-whats...

[Permit]

Part way through the article they say:

>Last fall, WhatsApp added Mr. Marlinspike’s encryption scheme to text messages between users with Android smartphones, but there is no easy way to verify that the encryption software is actually turned on.

So they're being pretty open about the fact users can't determine if their messages are truly encrypted.

[xerophyte12932]

Yes but that's so deep down. A large number of people read the beginning and skim to the end. They might miss it. So it is a bit misleading IMO. Disclaimers should be more obvious

[tedunangst]

Start with the linked reddit comment? https://www.reddit.com/r/Android/comments/34ecja/the_heise_s...

[davisr]

"Absolutely no way"? I'm sorry to be impolite about it, but that's a bit of an exaggeration: one could jailbreak their phone, pull the binary into their computer, decompile it, and inspect it for implementation structures that would be coherent with how the two or three most popular encryption algorithms are commonly implemented. The expertise to be able to accomplish it doesn't come cheap, but it's certainly in the realm for anyone willing to invest the time.

If anyone out there does it, feel free to post your findings to http://imfreedom.org/.

I'd be willing to bet that WhatsApp has some competent programmers, and looks very similar to how Apple's built iMessage. I think everyone is entitled to the most security possible, but unfortunately when you're at the scale of WhatsApp, perfect security would make all that ultra-tantalizing data pretty hard to analyze. They're a business, they have a responsibility to their investors to grow the business, and data right now is a _big_ business.

[JupiterMoon]

So you've probably just broken the law by doing so. And you have to do this everytime the app gets updates. And you have to be sure that the encryption is actually getting used on every message. And that the key is strong and not known to Whatsapp. And also that the recipients copy of the app is behaving the same as yours. So I guess the question is, if you had something to hide would you bet your life on it?

Whereas with Textsecure. Well it just works...

[jsprogrammer]

>So you've probably just broken the law by doing so.

By modifying your own device? I don't think so.

[JupiterMoon]

Many countries have laws against reverse engineering programs. Whilst I think these laws are stupid I would prefer to just use the open source program than mess around with the closed source alternative.

[nitrogen]

According to Wikipedia[0], reverse engineering is generally legal in the US:

In the United States even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful as long as it has been legitimately obtained.

[0] https://en.wikipedia.org/wiki/Reverse_engineering#United_Sta...

[mightybyte]

> one could jailbreak their phone, pull the binary into their computer, decompile it, and inspect it for implementation structures that would be coherent with how the two or three most popular encryption algorithms are commonly implemented.

There's a much easier way. Turn off your phone's cellular connection, but turn on wifi and connect it to a wifi network you control. Then just sniff the packets.

[stouset]

Not unless you have discovered a novel technique for distinguishing between good crypto and bad crypto over the wire.

[higherpurpose]

At the very least I would want Whatsapp to:

1) add authentication with other users

2) make a public statement about it (believe it or not, that hasn't happened yet. Perhaps it will come when the iOS versions supports it - or perhaps it never will)

3) commit to the new encryption system in their privacy policy (make it at least somewhat legally binding - which could also be used against abusive law enforcement orders)

[ytdht]

even if an Android application would communicate with others 100% securely, Google has wireless administrator privileges and can be served secret letters that can order Google to do anything, so technically they could log the data before it's encrypted.

[jMyles]

Will an I/O audit of the network interface will detect this?

[drcross]

No. How do you propose that it would?

[jMyles]

I don't really know much about what kind of network chatter Android generates generally, but I imagine that, even if its encrypted, you can detect that there's suddenly network traffic to Google?

And then, depending on how silly the eavesdropping is, repeating the same message might cause the same encrypted payload to be transmitted?

[ytdht]

traffic to Google is probably very common... and to be sure that you get the whole picture, you would probably need to intercept wireless signals going to the cellphone company which are also encrypted

[venomsnake]

Only if you have google services installed.

[aw3c2]

Without which TextSecure does not work.

[em3rgent0rdr]

But what about the fork https://github.com/SMSSecure/SMSSecure which can be installed on via f-droid google-less phone?

[aw3c2]

It has no push messages which means bad experience for non-SMS messages.

[psykovsky]

The fork only handles SMS/MMS. There are no IM features in it.

[jsprogrammer]

> there's absolutely no way for an end-user to determine if their messages are being encrypted (with whatsapp)

Watch the network traffic with Wireshark?

[drcross]

You cant see into the encrypted traffic to see if it's implemented or not.

[jacquesm]

But in the worst case you'll be able to see that it is plaintext.

[em3rgent0rdr]

I would expect any messaging app these days woud never send pafkets with plain text.

[akkartik]

Thank you for http://www.youtube.com/watch?v=unZZCykRa5w. Your notion of 'bundling' was one of my top three most mulled ideas in the past five years. Once I started looking, I see it everywhere.

[packersville]

Thanks so much for posting this youtube. It is fantastic!

[justcommenting]

Upon considering that this talk was delivered pre-Snowden, the value and prescience of this talk is even more significant.

This article is now on the front page of WSJ.com!

[rrtwo]

Thanks, one of the best talks I have seen for awhile

[jnbiche]

For those of us who don't do YouTube, is there anywhere else we can read about Moxie's "bundling"?

[sj4nz]

Watched it last night. The very short summary is "bundling" is a kind of inside out Trojan Horse, the example Moxie used was "Google Analytics" which has some functionality that is undesirable to some users, enough so that it was blocked by some privacy extensions. Over time, Google started adding "useful" features to the GA code for websites, arguably because "you're already loading GA, why not get some utilities for your web site?" Well... this means that if you (the web dev) use the GA "utilities" on your web site, privacy extensions will break the website or have to allow GA to load. Some of those privacy extensions started to whitelist GA because of this.

Now the undesirable effects have come back and users now have to make a harder choice between a broken website or being another datapoint for someone's analytics.

The talk is not just about this, but more so about the way the world changed from attempted mandatory "controls" upon people to allowing them the "choice." The scope of "bundling" (features added to encourage use) gets larger and larger until you realize that you're living in a corporate panopticon along with everyone else. If you're not paying for it---you're the product---and bundling becomes the method used to keep you providing them with the best product.

[jnbiche]

Thank you for that summary, I really appreciate it.

[moxie]

And for people who are interested in Open Whisper Systems and want to get involved, we're hiring!

https://whispersystems.org/workworkwork/

[lectrick]

You are a gentleman for redistributing the credit. I have unfortunately worked for people who would not have. Regardless, thanks for your contribution to privacy, and may whatever karma exists rain invisibly on you ;)

[RexRollman]

I just want to take a moment and say "thank you" to youself and the entire team at Open Whisper. I appreciate your efforts.

Sadly, the march to "Safety Fascism" continues unabated.

[higherpurpose]

Moxie, the progress on TextSecure/Signal integration seems to have slowed down quite a bit (at least as seen from the outside). I think it's been almost a year since Signal for iOS came out - yet still no word on Signal for Android.

What is taking so long, if you don't mind me asking? Is there some sort of Signal 3.0 overhaul planned for all the platforms along with a big launch?

Also, I think you've been quite retreated in the past year or so, I assume so you can focus on working. But I believe you should personally get more involved in promoting your apps (as you do in this piece here). Go on more TV shows, podcasts and so on. Look how much Telegram has grown, not because it's any better than Signal (far from it), but because they've actively promoted themselves and took a more pro-active role in building a community.

More mainstream users need to know that "Skype is not secure, but Signal is" - which reminds me - I hope Signal will eventually get encrypted video-chat support as well, to make it a true alternative to Skype (and of course a desktop app, but I know your team has been working on that).

To monetize the apps have you considered trying to get Signal into enterprise, as a much more secure alternative to what enterprise customers are currently using, and then get paid for support? Or do you believe that would complicate things too much and make the apps worse off in the end?

[hlru]

I used to be a "fan" of TextSecure, but have become disillusioned lately. The development have always been slow. Very few people use it, even among my geek friends. Convincing people to use it is hard as well. Confusion over what it does, having to give out their phone number and no desktop client doesn't help. When I'm actually in need of encryption it doesn't even work, since Google Play services are blocked in China. I personally agree with the team behind hemlis, it's to late to become mainstream. Not that I expect most people to care. TextSecure fulfills it role as a political and technical wank.

[rhblake]

I've used TextSecure since sometime last year and my impression is that development has been speeding up in the past few months. [0] Seems like there's a new version every week. Most recent update brought a nicer UI, week before that "quick reply" from notifications, .. it really is very slick these days, and it works so well as a drop-in replacement that I've had no problem making my whole family (and various friends) use it. Not much explaining needed: you send texts just like before, but if the other person also uses TextSecure it's - well - secure (and free) and you don't have to think about it.

[0] https://github.com/WhisperSystems/TextSecure/commits/master

[NotSammyHagar]

There are too many different encrypted texting apps and no market winner. How does text secure compare to Bleep by the bitorrent people, for example?

For there to be enough users, we need public proclamations of support from Bruce Schneier or and maybe Moxie, celebs like that. Maybe interoperability.

[wtbob]

This. I used to recommend TextSecure to all my friends, but it didn't interact well with other services, and then IIRC it stopped working with SMSes entirely.

[snikeris]

TextSecure handles SMSes well. It doesn't support encrypted SMS anymore, but that's not a big deal.

I've been using TextSecure for awhile now even though I only communicate w/ one other person that uses it.

[wtbob]

> It doesn't support encrypted SMS anymore, but that's not a big deal.

Well, it's kinda a big deal if that was the entire reason one was using it…

[Joeboy]

> To monetize the apps have you considered trying to get Signal into enterprise

I agree with this bit. It seems weird that people with clear requirements for privacy, like doctors, lawyers, insurers etc, remain totally clueless about encryption.

While we might have more personal sympathy / affinity with political activists and nerds, they don't seem to be very good at proliferating encryption technology.

[tedks]

>yet still no word on Signal for Android.

Just in case you're not aware. RedPhone for android does encrypted calling, and TextSecure for android does encrypted messaging, so there doesn't seem to be a reason for Signal on Android aside from the brand unification.

[jchrisa]

What do you think about the options for baking key based reputation systems into next gen social software like Federated Wiki, Snow, etc?

I'm dreaming up a crypto currency where the scare resource is human creativity rather than CPU time. It is a little like key based identity taken through the looking glass. Quick read: http://thenewstack.io/why-art-could-become-currency-in-a-cry...

I asked a similar question of vbuterin the other day. Thanks for any response: https://www.reddit.com/r/ethereum/comments/3ai4pm/the_humans...

[tedks]

Moxie, how do you do it? There are other good crypto people, good developers, good designers, and you're probably not the best at any of those things, but how do you make results like:

>A few years ago, Matthew Green, a cryptographer and professor at Johns Hopkins University, unleashed his students on Mr. Marlinspike’s code. To Prof. Green’s surprise, they didn’t find any errors. He compared the experience to working with a home contractor who made “every single corner perfectly squared.”

...happen?

[newman314]

While having Signal is great, one thing I don't like is the use of phone numbers as identifiers. Why can't we have the option of using a random string?

[em3rgent0rdr]

secure transmission of texts is the goal, not providing anonymity of sender and receiver.

[newman314]

Why not do both (one optionally)?

[BuildTheRobots]

I'll also take this opportunity to give thanks and respect the whole team.

Though I have to say, whilst I understand the absolute ballache of technical reasons for dropping SMS support, I'm _still_ extremely sad to see it gone :(

[mirimir]

Maybe you could answer a few questions? That'd be cool.

Is there much hope for strong privacy and anonymity using smartphones? Even with secure apps, there's the baseband, controlled by the cell provider. Can it be isolated?

What are the chances for open-source hardware?

What are the main pros and cons of iOS and Android?

[jrcii]

For a sandboxed baseband check out the Neo900 project.

[mirimir]

It seems interesting. But they want an address just to create an account. At least they don't demand a mobile number ;) And the only payment options are bank wire and PayPal. I don't see that they accept Bitcoin. Also, I see no option for anonymous fulfillment.

[programmernews3]

Response from IRC:

http://irclog.whitequark.org/neo900/2015-07-10

[mirimir]

Thanks, programmernews3 :)

DocScrutinizer05 says on IRC that neo900 will accept cash by mail and Bitcoin. And "anonymous fulfillment" (on-site pickup, I presume) for wholesale (N>50) orders. Cool. Someone could sell them for cash at conferences, etc.

[thegainz]

Well thank you, and everyone else, for the hard work!

[gault8121]

Great job Open Whisper Systems team!

[realusername]

I would take this opportunity to say a big thank you to the whole team, textsecure is my default messaging software and it's really well done. Thanks to all of you ! :)

[n_siddharth]

I remember being in an applied crypto class with you at CMU taught by Virgil Gligor if I am not mistaken and was thoroughly impressed with your knowledge of cryptosystems. I am happy for you! Way to go.

[mo92]

He went to CMU?

[n_siddharth]

He attended a class there. I am not sure if he was enrolled as a full time student.

[martindale]

Glad to see the effort getting attention in any regard. Thanks to you and the whole team for working so hard on all of this. Keep up the good work.

[ulam2]

I tried TextSecure through bluestacks and captured the stream to find out that it is using TLSv1. I am a noob in computer security, but isn't TLSv1.2 more secure?

[bcg1]

True hacker.