Originally published at: http://boingboing.net/2017/01/13/whatsapp-facebooks-ability.html
…
Having followed crypto issues for 20 years or so I think we are at the limit of what is possible in securing point to point communication. Knowledgeable users can choose good security, but at the cost of attracting attention from law enforcement.
Other users get unreliable privacy. I don’t see a way around it. Normal people are easy to trick into giving their information away.
That, and their willingness to do so for not much in return, is the problem.
It’s almost like we can’t trust surveillance companies with our data.
I would guess that Facebook doesn’t count as a “third party” in their lawyer’s labyrinthine language.
“When possible”.
You see this crap in contracts all the time, but only ever from the corporate side. Try telling your bank that you’ll pay them back “when possible”.
What? We’re not saying it’s a feature anymore?
A big factor in this that is mentioned in the ars technica article, but conveniently left off here is that the server does not know who has enabled security event notifications, or which users have verified their partners secret key.
So facebook could do this once, and almost certainly get away with it (>99% of users probably do no key verification at all). But If they do it to thousands of users (out of their >1 billion users), the would have almost certainly been caught. That is why this attack vector is not suitable for mass surveillance. Users who have reason to think they are individually targeted should turn on the security event notification and manually verify key fingerprints.
The bit about resending past messages is also rather misleading. The potential attack requires forcing the intended recipient offline. Only messages not acknowledged before the recipient goes offline can be recovered. It does not expose your entire chat history.
Again: this attack is not about mass surveillance. Stop claiming it is – even if you feel that this is a bad design and that facebook should change it, lying and misrepresenting it just makes it harder for users to make informed choices, and in the end is bad for security.
No.
But your screenshot nicely shows the slider that enables notifications on key changes, if you toggle that you get the behavior is being suggested.
Since you didn’t reply to anyone directly or quote anyone, who exactly is it that you’re addressing this to?
Thank you for clarifying this!
Open Whisper Systems have responded to this issue. Effectively there are two major things to note. If you add the setting mentioned in this thread in a previous post, you can see when the key changes. WhatsApp servers do not store messages only your phone does, meaning that any past posts re-read. Also as mentioned earlier, the system to state “Am I listening for keychanges” is only recorded locally.
Open Whisper’s defense is so disappointing in light of the fact that it rests entirely on a notification that nearly 0% of the network has enabled or is aware that it represents the primary security hole in the system.
All WhatsApp has to do is turn it on by default. There is no serious downside to this. The minor inconvenience of having to read the message below extremely infrequently is grossly outweighed by the benefit.
“Your contact has changed their security keys, you should ask them if they have reinstalled WhatsApp since your last conversation. If that’s not the case, see here.”
This topic was automatically closed after 5 days. New replies are no longer allowed.