[liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Steve Weis
steveweis at gmail.com
Thu Jan 15 08:49:31 PST 2015
Hello Carlo. This is about backward compatibility. WhatsApps is running on
hundreds of millions of iOS, Android, Windows, Blackberry and Nokia phones.
There are even people using it on 8 year old Java ME feature phones. It's
not feasible to simultaneously upgrade their installed apps to support
end-to-end crypto at once.
Upgrading all those clients takes time and there will be a significant
fraction of non-e2e clients for a while. Until enough clients are upgraded,
senders will need to distinguish which receivers support end-to-end
encryption and will need to retain the ability to fallback to
transport-only encryption.
The original message
<https://moderncrypto.org/mail-archive/messaging/2014/001133.html> you
cited by Nadim Kobeissi mentions this: "Upgrading [old WhatsApps] clients
to Axolotl might be challenging". Moxie Marlinspike also addresses it in one
of the replies
<https://moderncrypto.org/mail-archive/messaging/2014/001140.html>:
*"Clients need to negotiate encryption capability until all clients support
encryption. We'll be surfacing this into the UI for each client once
protocol support is complete on that client. Rolling something like this
out to 600MM+ devices is an incremental process that takes time."*
Note you said "users will never know" if e2e is being used, but as Moxie
says "we'll be surfacing this into the UI" of upgraded clients.
On Thu, Jan 15, 2015 at 5:26 AM, carlo von lynX <lynX at time.to.get.psyced.org>
wrote:
>
> Concerning Whatsapp there is a very interesting clue
> in a thread on "messaging" that suggests users will
> never know if end-to-end encryption is being used, since
> the server decides whether they are allowed to, and
> the user is not informed. Knowing the NSA that means
> that Whatsapp would never encrypt anything end-to-end.
> Whatsapp should therefore be considered a Trojan horse
> for people seeking easy to use privacy. Read about that at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150115/c10d5096/attachment-0001.html>
More information about the liberationtech
mailing list