WhatsApp rolls out end-to-end Encryption
- Maybe but you have 600million ppl that will believe it. Also, if in fact it is true I would love for BlackBerry to offer a bbm protected package with secusmart integration for 10-20$/yr I bet 2-3million bbm users would pay for that you're looking at 20-60mil/yr in bbm rev just from consumers. They need top line growth.
Posted via CB1011-20-14 05:57 PMLike 0 - Man, there are a lot of people who love to argue for the sake of arguing. :-)
I'm going to say it one more time. Hopefully it sinks in.
Perhaps the reason why BlackBerry does have a back door is specifically by design ... to accommodate auditing at the enterprise level; and to accommodate country specific laws when court cases arise at a consumer level.
and
Even though WhatsApp has end-to-end encryption and claims they have "no back door", they may be operating in violation of local laws for circumstances like a court injunction; or they do have another means of solving the problem which means there is a way of extracting the information when a court injunction arrives.
Perhaps I'm wrong and this is simply a case of BBM having flawed security and falling behind. But perhaps there's also a reason for it.
And maybe WhatsApp became the king of distribution for kiddie porn on a global basis.
If BB has global keys so they can play nice for government contracts and doesn't tell us via transparency reports how often they get accessed thats on them. As a consumer with a choice I'll use end-to-end and call on BB to do the same.
If India wants to ban WhatApp and prosecute individuals because they use the app then its up to the individual citizen there if they want to risk flouting the law not on BB to make end-to-end not part of the app. Doubt they'll have much success. Its legal here and I'll take advantage of it.11-20-14 06:15 PMLike 0 - Actually, I deleted this post, because one below when I was writing this answered the question I had. But the point at the top still stands. Some people like to argue for the sake of it. :-)
The bad guys will use encryption is the same argument the US government is using crying that default encryption for phones is going to kill children. Also the same argument for any tech to which governments want unfettered access: bad guys will use burners so lets scoop up all the mobile data.
If BB has global keys so they can play nice for government contracts and doesn't tell us via transparency reports how often they get accessed thats on them. As a consumer with a choice I'll use end-to-end and call on BB to do the same.11-20-14 07:16 PMLike 0 -
Last edited by mornhavon; 11-20-14 at 08:49 PM.
11-20-14 08:30 PMLike 0 - Ahh - I see. Thank you for clarifying. This is a very interesting topic, I must confess.
Can you point to any laws in countries where these tech companies operate that make end-to-end encryption illegal?
FAQ - Lawful Access – Consultation Document - Summary of Submissions to the Lawful Access Consultation - Lawful Access FAQ
Specifically:
"Under the current laws, not all telecommunications service providers are required to design intercept capabilities into their networks. When a new technology or communication service is introduced, law enforcement and national security agencies often have to research and develop new methods to gain lawful access to those networks. The lack of a technical solution, or a delay in the ability to use it, hampers investigations and the prevention of serious crimes or threats to national security.
To address this issue, the government is proposing that service providers in Canada be required to ensure their networks or infrastructures have the technical capability to enable lawful access by law enforcement and national security agencies when the agencies are legally authorized to intercept a communication or search and seize data."
From the Canadian government of all places.
Cheers11-20-14 08:49 PMLike 0 - I'm not sure this qualifies by your definition as it's not approved but
FAQ - Lawful Access � Consultation Document - Summary of Submissions to the Lawful Access Consultation - Lawful Access FAQ
Specifically:
"Under the current laws, not all telecommunications service providers are required to design intercept capabilities into their networks. When a new technology or communication service is introduced, law enforcement and national security agencies often have to research and develop new methods to gain lawful access to those networks. The lack of a technical solution, or a delay in the ability to use it, hampers investigations and the prevention of serious crimes or threats to national security.
To address this issue, the government is proposing that service providers in Canada be required to ensure their networks or infrastructures have the technical capability to enable lawful access by law enforcement and national security agencies when the agencies are legally authorized to intercept a communication or search and seize data."
From the Canadian government of all places.11-20-14 09:08 PMLike 0 - I'm not sure this qualifies by your definition as it's not approved but
FAQ - Lawful Access – Consultation Document - Summary of Submissions to the Lawful Access Consultation - Lawful Access FAQ
Specifically:
"Under the current laws, not all telecommunications service providers are required to design intercept capabilities into their networks. When a new technology or communication service is introduced, law enforcement and national security agencies often have to research and develop new methods to gain lawful access to those networks. The lack of a technical solution, or a delay in the ability to use it, hampers investigations and the prevention of serious crimes or threats to national security.
To address this issue, the government is proposing that service providers in Canada be required to ensure their networks or infrastructures have the technical capability to enable lawful access by law enforcement and national security agencies when the agencies are legally authorized to intercept a communication or search and seize data."
From the Canadian government of all places.
Cheers
I'm certain there are examples out there of what you're looking for, however. A number of countries have taken issue with BBM's encryption even in its current form, so I can't imagine they'd take kindly to end-to-end encryption. We'll have to see if they react to WhatsApp, but I suspect they took this into account when making the decision to do this - the loss of customers in some countries does not necessarily outweigh the improved service for millions of other customers.
Having said that, if the entire messaging industry moves towards end-to-end encryption, these governments may have no choice but to accept it - what will their citizens be left using if Hangouts, iMessage, BBM, Skype, Viber and WhatsApp are all using it one day?mornhavon likes this.11-20-14 09:12 PMLike 1 - Yeah, the term "service providers" is a little loose in that it wasn't defined further. I first read it to assume "carriers" and "internet service providers", but without definition clarified could mean "messaging service providers" etc well. Can't read their mind, so I'll just call it ambiguous.
so I can't imagine they'd take kindly to end-to-end encryption. We'll have to see if they react to WhatsApp, but I suspect they took this into account when making the decision to do this - the loss of customers in some countries does not necessarily outweigh the improved service for millions of other customers.11-21-14 05:32 AMLike 0 - In a regulated corporate setting a BBM-type of IM will be preferable. Both secure and being able to be audited. If you can't audit it, you can't use it.
In the case of WhatsApp it wasn't that long ago that they transmitted in the clear and some other attempts at encryption by said company weren't looked on favorably. From Feb 2014 The problem with WhatsApp?s privacy boasts: They?re not true | PandoDaily . Did they do it right this time? Who knows, only time will tell. But personally I wouldn't take there word for it.11-21-14 02:38 PMLike 0 - In a regulated corporate setting a BBM-type of IM will be preferable. Both secure and being able to be audited. If you can't audit it, you can't use it.
In the case of WhatsApp it wasn't that long ago that they transmitted in the clear and some other attempts at encryption by said company weren't looked on favorably. From Feb 2014 The problem with WhatsApp?s privacy boasts: They?re not true | PandoDaily . Did they do it right this time? Who knows, only time will tell. But personally I wouldn't take there word for it.
Posted via CB1011-21-14 04:29 PMLike 0 - In a regulated corporate setting a BBM-type of IM will be preferable. Both secure and being able to be audited. If you can't audit it, you can't use it.
In the case of WhatsApp it wasn't that long ago that they transmitted in the clear and some other attempts at encryption by said company weren't looked on favorably. From Feb 2014 The problem with WhatsApp?s privacy boasts: They?re not true | PandoDaily . Did they do it right this time? Who knows, only time will tell. But personally I wouldn't take there word for it.11-22-14 04:05 AMLike 0 -
- Isn't it ironic that there is a big uproar in the forums that now it can be seen if and when a message was read in WhatsApp? There are rumours that this will be made optional soon or removed at all because of these user concerns.
When reading forums regarding BBM there is always the complaint that this feature was missing in the past at WhatsApp. Seems like the majority does not agree in this respect. They also have end to end encryption now - something very important as far as I am concerned and massively covered by the media - albeit not at crackberry.
I love my BlackBerry phones and have converted a few to switch (back). But BBM is dead, at least in mainland Europe.
Posted via CB1011-25-14 12:00 PMLike 0 - Encryption != security. Those messages travel over the open Internet, not a private network like BlackBerry's. They can be Man-in-the-middled all day long and probably are. This could explain the slowness of WhatsApp or iMessage, in fact.11-25-14 09:00 PMLike 0
-
<Encrypted>
ZUql3CJRxlBs7SWlWkOoVHxXuFdIE81jtt5Vl/A2fsvphXe+3d1nRJYYS9O/Ry7oVCW8/Xto7OvX9Z//
PVB4aiEbEbhQ6nSD1+8mf5Gisn0=
</Encrypted>11-25-14 09:44 PMLike 0 - <Encrypted>
ZUql3CJRxlBs7SWlWkOoVHxXuFdIE81jtt5Vl/A2fsvphXe+3d1nRJYYS9O/Ry7oVCW8/Xto7OvX9Z//
PVB4aiEbEbhQ6nSD1+8mf5Gisn0=
</Encrypted>
Hey, no fair, you put a password on it! If I have your password or key, I can decode it. If I have root on your device, I have your key.Last edited by gogogadgets; 11-25-14 at 10:38 PM.
11-25-14 09:59 PMLike 0 - Nope. It is in English though :-)
Sorry, just having some fun trying to prove a point. If proper encryption were easy to read just because it was intercepted, there would be little to no point in encryption.Last edited by mornhavon; 11-25-14 at 10:32 PM.
11-25-14 10:08 PMLike 0 -
If you have root on my device, you still aren't any closer to having a properly stored private encryption key. And besides, you were talking about decrypting messages from intercepted traffic, not some fantasy scenario where you have my device, figured out my password and managed to root it without wiping the device, all of which still wouldn't get you the private keys.Last edited by mornhavon; 11-25-14 at 11:05 PM.
11-25-14 10:50 PMLike 0 - The whatsapp has stated that their encryption creates a unique key for every message sent known as forward secrecy. But if it creates a unique key per message, that unique key would have to be derived from a fixed key. No?
Now would this fixed key be on their servers or within the app? And is this fixed key like a master key and is the same for all whatsapp users? If it is, then more than likely It would be stored on the whatsapp servers. If not and the fixed key is on the phone then it would have to create a unique key with an algorithm maybe using the phone number as a variable? Or something.
If it does this then this would also provide not only forward but even backwards secrecy?
Sounds like DUKPT cryptography but no where online do they even mention it. Unless I'm seeing similarities where there are none. Also sounds like the encryption used when entering your pin number at an ATM, that provides a unique key for every transaction but I think they change the fixed keys every 12-24 hours.
If their encryption is all what it's made out to be then good luck to those that try to break it. Unless you are a government agency it ain't happening.
But maybe it's susceptible to a replay attack. Not like such an attack would lead to anything valuable.
Posted via CB1011-25-14 11:03 PMLike 0 - I was talking about MITM attacks which are possible in many many ways. The point I was making is that the encrypted traffic is only as secure as its endpoints. It could be a random number generator that's not so random. It could be a lot of things.
As for private keys, I wouldn't need to physically gain access to your device or figure out your password to "root" it. On Android, privilege escalation is a fairly well known and documented fact, and you're just plain wrong if you think the private keys are not stored on the device and 100 percent visible to root.
WhatsApp messages sent over the open internet via Android and iOS devices should not be considered secure. Kudos to WhatsApp for doing what little it can though.
BBM is in the same boat out of the box, by the way: not highly secure. Can be made so though, unlike just about anything else. iMessage, I am convinced, is nothing but one big MITM attack. It's so incredibly slow and unreliable -- big tipoff that something is going on in transit.11-26-14 10:41 PMLike 0 - BlackBerry needs to step up here. iMessage and now WhatsApp do this, it's time for BBM to follow suit with their free messenger.
There's a snowball's chance in hell that I'll convince my friends to pay for an encrypted BBM when free alternatives are available. Heck, they're all on Android and giving Google their data anyway.
I would like to hear from BlackBerry how from a consumer stand point who can't get BES or bbm protected, how our files and data are still more secure with BlackBerry vs whatsapp and apple now that they are both going with "we even can't see their info" encryption
*Z30 STA100-5 10.2.1.2977/3247*11-26-14 10:51 PMLike 0 - Not gonna lie, it does intrigue me to give whatsapp a second look.. I deleted it for bbm thinking it's better, but now I'm not so sure, especially if BlackBerry isn't putting out transparency reports like American companies are..
I would like to hear from BlackBerry how from a consumer stand point who can't get BES or bbm protected, how our files and data are still more secure with BlackBerry vs whatsapp and apple now that they are both going with "we even can't see their info" encryption
*Z30 STA100-5 10.2.1.2977/3247*11-26-14 11:20 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
WhatsApp rolls out end-to-end Encryption
Similar Threads
-
Pull down to refresh sucks
By sonicpix in forum Site and App Feedback & HelpReplies: 20Last Post: 12-23-14, 06:43 AM -
Android user thinking of moving back to blackberry, many questions.
By intrloper in forum BlackBerry ClassicReplies: 111Last Post: 12-02-14, 10:01 PM -
Globe and Mail: Why BlackBerry is on the verge of returning to substantial growth
By nelsonpml in forum General BlackBerry News, Discussion & RumorsReplies: 6Last Post: 11-19-14, 04:20 AM -
I have BlackBerry OS 10.2.1.3062 installed in my Q5. Can any body upload the link to download the Bl
By Don Roa in forum Ask a QuestionReplies: 1Last Post: 11-18-14, 09:09 AM -
Could Blackberry And Samsung partner to enhance Android safety?
By PaulJosaph in forum General BlackBerry News, Discussion & RumorsReplies: 2Last Post: 11-18-14, 07:43 AM
LINK TO POST COPIED TO CLIPBOARD