[aiharkness]

Imagine your messages are like a safe being transported back and forth between you and your contacts. Just because UPS/Fedex might know that your safe is waiting to be picked up doesn't mean they know how to crack it and get to its contents. In e2e WA doesn't know the combination and once its 'delivered' to you they don't have the container either.

The safe being transported from person A to person B with contents secure inside is a good analogy, but only as far as it goes.

Think about you as person A and you have done everything possible to make sure the contents remain private as you prepare them, work with them, and ultimately place them in the safe and lock the safe, and hand over the safe to the shipper. And we trust the shipper couldn't open the safe if shipper even wanted to do so.

But person B can open the safe. What has person B done to make sure the contents are kept private and secure while the safe is open. What is person B doing to to keep the contents private and secure while working with or using the contents? What is person B doing to prevent some bad actor from viewing or taking some or all of the contents when the safe is open and the person B is working with or viewing the contents?

I'm thinking of the wisecracks* about BlackBerry claims about BlackBerry security when standard BBM isn't end-to-end encrypted. I'm not making any other statement here beyond this, and that is end-to-end encryption is no doubt important to those who need and use it, but you can bet that isn't the limit or extent of their security precautions (or they are fools if they do really need it and that is the limit and extent of their precautions).

* I wonder, are those the same people who root their android device and complain that BlackBerry doesn't allow BlackBerry users to root their device? Are those the same people who post every little detail about themselves all over the Internet? Do they lock their device when they don't have eyes on the device or when they are on the move? Do these people think about the fact that bad actors don't need the content of the safe, that it's probably enough to know just the who and where and mostly they can figure the what?

[TGR1]

The safe being transported from person A to person B with contents secure inside is a good analogy, but only as far as it goes.

Think about you as person A and you have done everything possible to make sure the contents remain private as you prepare them, work with them, and ultimately place them in the safe and lock the safe, and hand over the safe to the shipper. And we trust the shipper couldn't open the safe if shipper even wanted to do so.

But person B can open the safe. What has person B done to make sure the contents are kept private and secure while the safe is open. What is person B doing to to keep the contents private and secure while working with or using the contents? What is person B doing to prevent some bad actor from viewing or taking some or all of the contents when the safe is open and the person B is working with or viewing the contents?

I'm thinking of the wisecracks* about BlackBerry claims about BlackBerry security when standard BBM isn't end-to-end encrypted. I'm not making any other statement here beyond this, and that is end-to-end encryption is no doubt important to those who need and use it, but you can bet that isn't the limit or extent of their security precautions (or they are fools if they do really need it and that is the limit and extent of their precautions).

* I wonder, are those the same people who root their android device and complain that BlackBerry doesn't allow BlackBerry users to root their device? Are those the same people who post every little detail about themselves all over the Internet? Do they lock their device when they don't have eyes on the device or when they are on the move? Do these people think about the fact that bad actors don't need the content of the safe, that it's probably enough to know just the who and where and mostly they can figure the what?

You aren't talking e2e encryption anymore though. You are describing PEBKAC.

[aiharkness]

You aren't talking e2e encryption anymore though. You are describing PEBKAC.

Well, exactly. That's my point. Note the reason I stated for commenting in the first place.

[app_Developer]

Well as I know Visa, Mastercard & BBM use the same 3des standard for encryption. So if I have to trust my money on this standard I guess it's not too scary to trust my messages being encrypted on the same standard too right?

The problem isn't with 3DES, the problem is that they use one key for all messages from all users and that same key has been used for years. That is not anywhere close to secure.

BB has called it scrambling I think before. That's a better word than encryption when you reuse the same key over and over again. BTW that key is in every BB ever made. The exact same key.

Of course AES is superior to triple DES, but that's not the issue here. It's the key and the fact that BB can read every message you send on free BBM. Soon Emtek can also read every message you send. Plus every government and intelligence agency that has ever gotten that one global key can read those messages as well.

The point is free BBM does not offer the privacy that other modern chat programs provide. That is the point that AI is raising.

[bobshine]

Well as I know Visa, Mastercard & BBM use the same 3des standard for encryption. So if I have to trust my money on this standard I guess it's not too scary to trust my messages being encrypted on the same standard too right?

Nope

Cause the encryption by BBM is not end to end. However for the normal person out there, it's good enough. But if you have delicate content that you don't want your competitors or the gouvernement to know, then BBM is not at all a good IM solution.

[Loc22]

The safe being transported from person A to person B with contents secure inside is a good analogy, but only as far as it goes.

Think about you as person A and you have done everything possible to make sure the contents remain private as you prepare them, work with them, and ultimately place them in the safe and lock the safe, and hand over the safe to the shipper. And we trust the shipper couldn't open the safe if shipper even wanted to do so.

But person B can open the safe. What has person B done to make sure the contents are kept private and secure while the safe is open. What is person B doing to to keep the contents private and secure while working with or using the contents? What is person B doing to prevent some bad actor from viewing or taking some or all of the contents when the safe is open and the person B is working with or viewing the contents?

I'm thinking of the wisecracks* about BlackBerry claims about BlackBerry security when standard BBM isn't end-to-end encrypted. I'm not making any other statement here beyond this, and that is end-to-end encryption is no doubt important to those who need and use it, but you can bet that isn't the limit or extent of their security precautions (or they are fools if they do really need it and that is the limit and extent of their precautions).

* I wonder, are those the same people who root their android device and complain that BlackBerry doesn't allow BlackBerry users to root their device? Are those the same people who post every little detail about themselves all over the Internet? Do they lock their device when they don't have eyes on the device or when they are on the move? Do these people think about the fact that bad actors don't need the content of the safe, that it's probably enough to know just the who and where and mostly they can figure the what?

Good analogy.

How about using the same analogy where the safe is being transported between you and A and B cannot open it. However, the terms and conditions of using the service for free is so that B will somehow understand what interests you so that they can provide relevant advertisements to you?

If B cannot open the safe as they claim, how will they know what interests you?

[aiharkness]

Good analogy.

How about using the same analogy where the safe is being transported between you and A and B cannot open it. However, the terms and conditions of using the service for free is so that B will somehow understand what interests you so that they can provide relevant advertisements to you?

If B cannot open the safe as they claim, how will they know what interests you?

Not sure I understand. In my example, person B is your contact, the recipient of the message, not the service provider or any service provider partners.

What I personally think we will be seeing eventually is regulations that require the service provider, down to the app developer, to explicitly identify exactly what information they collect, and how they use it, and require and document in some way that the user of the service or the app accept those terms and conditions of use before the user can even use the service or app. So, if and when this happens, person B would never even receive the safe if you begin to ship the safe by Service X and then do not accept Service X terms and conditions of service.

I read a headline the other day and skimmed the article, and sorry I can't link, but apparently there is legislation in the works in the USA. I didn't read close enough to know where it's at or how likely it is to be enacted. Also, the way I read it, it seems it would apply to the broadband providers (think Comcast, AT&T, Verizon, etc.) and I didn't get the clear answer whether it would apply to the Whatapps and the Facebooks, and the Googles of the world operating under USA jurisdiction. Still, my sense is this is where things are going, and I expect is will eventually happen and will at somepoint be applied to the Whatsapps and the Facebooks and the Googles, and Amazon, and ....

[Ment]

Good analogy.

How about using the same analogy where the safe is being transported between you and A and B cannot open it. However, the terms and conditions of using the service for free is so that B will somehow understand what interests you so that they can provide relevant advertisements to you?

If B cannot open the safe as they claim, how will they know what interests you?

B can scrape data from keyboard input if they wish. Its the in-transit and at rest where e2e come into play, nothing in theory prevents an app or dev to get info from creating the message at the device level and direct ads based on it or sending select info to chatbots to do their thing.

[aiharkness]

Good analogy.

How about using the same analogy where the safe is being transported between you and A and B cannot open it. However, the terms and conditions of using the service for free is so that B will somehow understand what interests you so that they can provide relevant advertisements to you?

If B cannot open the safe as they claim, how will they know what interests you?

I read again. I understand. But I don't exactly know the answer. Here is what I guess.

So, in my explanation, keep you as A and your contact is B, and X is the shipper (or messaging service provider). X has partners or customers, Y1, Y2,...Yn. In addition, X or some of the Yi are buying data from brokers. So, from the service X is providing to you, X doesn't glean the what, but it does glean the who, the when, and maybe the where. Not just on you, but also your contacts.

Any data point or few data points in isolation may not mean much, but the data feed from X and how it supports the aggregation of data for the partners and/or customers is apparently enough to sustain an ongoing business enterprise that makes money off that data.

X's business isn't necessarily selling stuff to you or advertising. X's busines may just be gathering the data that it can gather (to the exclusion of the contents of the safe, or your message) and selling that data to partners or customers who combine it with other data to advertise or sell.

All is well when you benefit from how service companies can use that information to give you better service. All is well so long as it stays that way.

[aiharkness]

@Loc22 Just thinking out loud here...

Let's say the messaging app collects who you message and when, and it collects coarse location information when that is all it can get, and granular location when it can get that. That is, we're saying this hypothetical messaging app gets the location information from your device's location services functionality, and also from network information it gleans from your device's connection to the network. If you have GPS enabled, then the app is collecting precise location, maybe your movements, depending.

So in our scenario you begin using the app and you connect on your home wifi. You do that a lot, and at times when a person in your time zone (location) would likely be at home. You should figure the algorithm used by X or one of the Yi will figure out the location of your home. From that the algorithm probably makes a good prediction of your income range, maybe your age range. Into the file.

Of course you are using the app a lot. Perhaps the app collects your location at a Starbucks. Maybe it collects your location at a series of women's fashion shops, and of course the algorithms are collating this informating, looking up the actual stores and the age and income level of typical customers. And of course the algorithm determines you are female. Maybe the algorithms have enough data to predict if you are an adult, college age and whether in school or not, or a minor living at home. All this, into the file.

And then the app collects your location at an airport, and another city. You travel! Into the file.

You are at a Residence Inn. Into the file!

And a Courtyard Marriott. Into the file!

Now a Marriott. You like the Marriott chain. And you do travel a lot. Into the file!

Use your imagination. That is just the messaging app. And it is collecting your contacts and the same data on them.

And that data is being sold or shared with other partners and customers who have data on you and your social media presence, what you search for online, where you shop online, what you buy online, all sorts of data on you. But the more data the better from the standpoint of those making use of the data on you. The bigger the data the more actual facts and the better and more accurate the inferences.

[bobshine]

We should be careful not to mix two things here. Without defending WhatsApp and the fact that they will be sharing information with Facebook, their new policy doesn't mean at all that your messages are "data mined". In fact it's just the contrary, they are guaranteeing end to end encryption.

However they will most probably share contact list and phone numbers with Facebook and will link profiles together. With your Facebook profile, they can add you interest to you Whatsapp profile and then allow advertisers on whatsapp to have access to that. Maybe you walk in a store and you will get a message on your whatsapp with a coupon... who knows. Possibilities are endless

[aiharkness]

I don't know exactly what Whatsapp does. If I'm the one being addressed, I purposely did not name an app or a company.

End-to-end encryption means to me, simply that the message is encrypted from senders device over the network to the server, is still encrypted as it transits the server, and is still as originally encrypted when received by the recipient. That in general doesn't mean anything else to me about what is done or not done with metadata. Repeat, end-to-end encryption does not guarantee the metadata is not being gathered and used.

It was asked how the service shipping the safe from person A to person B could gain any useful data without knowledge of of contents of the safe. I have given a general answer how it might be accomplished.

Again if it is me being addressed, I think I have been careful. Others use my thoughts as they may.

But fair enough if company X states in its policy that it doesn't collect or use metadata and it monetizes it's product some other way. I'm not arguing that point.

[Ment]

Agreed, as regards to privacy from inquiring government/corporate minds, e2e insulates from just a part of a greater whole. Your information still leaks from tracking your whereabouts, linking your phone#, email, other accounts to other existing profiles. E2e is a good thing just not everything.

Amnesty weighs e2e highly because their audience cares about governments using its power to target specific people/groups such as dissidents. Gathering metadata on specific targets is useful to them but not as much as reading emails and messages.

[Loc22]

We should be careful not to mix two things here. Without defending WhatsApp and the fact that they will be sharing information with Facebook, their new policy doesn't mean at all that your messages are "data mined". In fact it's just the contrary, they are guaranteeing end to end encryption.

However they will most probably share contact list and phone numbers with Facebook and will link profiles together. With your Facebook profile, they can add you interest to you Whatsapp profile and then allow advertisers on whatsapp to have access to that. Maybe you walk in a store and you will get a message on your whatsapp with a coupon... who knows. Possibilities are endless

To track a person walking into a store and knowing what store it is may be practical in the US or certain parts of Europe. However it would be totally meaningless in Asia where stores are usually located in multi-storey buildings with multiple stores in the same location.

I don't believe that technology is as advanced as that it can locate and identify at the same location but at different levels on the same building.

[keyboardweeb]

I don't believe that technology is as advanced as that it can locate and identify at the same location but at different levels on the same building.

It's not that hard to track a wireless transceiver (such as a cell phone) through different levels of a building. It gets even easier when said transceiver is actively cooperating with you.

A cell phone, and especially a smart phone, is essentially a tracking device that also makes phone calls.

Whether this capability is actually being exploited or not is another matter (and make no mistake--Google is harvesting as much as they can from Android phones), but the capability certainly exists and has existed for longer than cell phones have.

[chain13]

Summary : BBM is not secure

[aiharkness]

To track a person walking into a store and knowing what store it is may be practical in the US or certain parts of Europe. However it would be totally meaningless in Asia where stores are usually located in multi-storey buildings with multiple stores in the same location.

I don't believe that technology is as advanced as that it can locate and identify at the same location but at different levels on the same building.

Don't get caught up in details. The point is the general idea. The answer to your question is there can be lots of data available outside of the safe and it can be useful.

Someone just mentioned that you can be tracked in the building. There has been news that malls (and assume it might also be any large conventional buildings with stores and offices) are tracking customers by their mobile devices to see in the grand scheme where customers are going, how long they stay where, and so on. Maybe they get enough unique information to identify "you" the next time "you" visit, so they know "you" and how often "you" visit. Maybe they have other information so they not only know "you" but they know you.

Now imagine what the mall or building owner is doing with that information (or not). They probably share or sell at least the statistics with the store owners. How much more than just the statistics? What does the mall owner sell to data brokers?

My only point is this. Don't get hung up on a detail. The lesson in the hypothetical thoughts is there is a lot of data to be gathered, data that is traded and sold, and combined with other data to make the whole more useful than the parts by themselves. Maybe our hypothetical app X doesn't have the granular location at some particular time, but it has the coarse location and time. And it could be a part that is being aggregated into some whole by some other entity that is getting data from X.

[aiharkness]

Agreed, as regards to privacy from inquiring government/corporate minds, e2e insulates from just a part of a greater whole. Your information still leaks from tracking your whereabouts, linking your phone#, email, other accounts to other existing profiles. E2e is a good thing just not everything.

Amnesty weighs e2e highly because their audience cares about governments using its power to target specific people/groups such as dissidents. Gathering metadata on specific targets is useful to them but not as much as reading emails and messages.

On that last statement, maybe or maybe not. Depends on the purpose or goal of the entity doing the watching. If the entity wants to identify "conspirators" it can achieve that goal with just the metadata. Maybe being identified as a "conspirator" is enough to be of great concern to you. Just in general, the who, when, and where can be very useful without the what to a malicious entity just as it can be useful to the helpful entity. Even disclosing the when and where could be harmful to you, or maybe just the when or just the where.

[aiharkness]

For anyone interested, and sort of on topic...

https://kieranhealy.org/blog/archive...d-paul-revere/

I've always thought that is a good article. Was reminded of it. Went back and looked for it.

[darkehawke]

Summary : BBM is not secure

And the Crackberry forums are late to the party.
Isnt this old news?

[bobshine]

People are overly dramatic. It's like using a gun to kill a fly... I mean the question you should as is: is it secure enough?

[jope28]

People are overly dramatic. It's like using a gun to kill a fly... I mean the question you should as is: is it secure enough?

There doesn't seem to be consensus on what "secure enough" means.
To me, end-to-end encryption with private keys is "secure enough" and BBM Protected does a great job of it.

 Passport filter-evading the NSA  Make BlackBerry Great Again!

[Ment]

On that last statement, maybe or maybe not. Depends on the purpose or goal of the entity doing the watching. If the entity wants to identify "conspirators" it can achieve that goal with just the metadata. Maybe being identified as a "conspirator" is enough to be of great concern to you. Just in general, the who, when, and where can be very useful without the what to a malicious entity just as it can be useful to the helpful entity. Even disclosing the when and where could be harmful to you, or maybe just the when or just the where.

Yes metadata is useful for acquiring additional targets. Not sure how an app can obfuscate that and actually reliably get messages to and from you. Whether you use phone#, acct# or some other ID, those markers would be disclosed to someone with legal mandate or corporate access. Maybe there is a TOR equivalent to messaging but I haven't looked into that.

[aiharkness]

There doesn't seem to be consensus on what "secure enough" means.
To me, end-to-end encryption with private keys is "secure enough" and BBM Protected does a great job of it.

 Passport filter-evading the NSA  Make BlackBerry Great Again!

There isn't really and understanding of "secure" among most users who are remarking on it. Ask the drive by comments to state why BBM is not secure. Would be interesting if they would first define secure and then state where BBM falls short, and then why that matters to the typical consumer of messaging services.

[aiharkness]

Yes metadata is useful for acquiring additional targets. Not sure how an app can obfuscate that and actually reliably get messages to and from you. Whether you use phone#, acct# or some other ID, those markers would be disclosed to someone with legal mandate or corporate access. Maybe there is a TOR equivalent to messaging but I haven't looked into that.

That's the point, which I think is clear now. Everyone seriously participating in this thread seems to acknowledge that end-to-end encryption is not the necessary and sufficient condition to ultimate security and privacy.

I hope it's also agreed that "better than" depends--just as "secure enough" depends--on what the user needs.