Why are crypto geeks always so black and white? Is there really only "perfect" or "useless" with nothing in-between?
Notably, a noted goal of WhatsApp encryption was to stop mass surveillance. I'm no expert but I dont see how these objections make mass surveillance of messages remotely as easy as it was when WhatsApp was entirely unencrypted
This is a great example of security nihilism. "This tool can't protect against every possible attack from every possible adversary, therefore it is useless."
Building safe, secure products at scale for real populations is a process of balancing multiple equities and addressing the most pressing and realistic threat scenarios. This always means building security protections that have theoretical failure modes. The real art is in trying to make those failures as graceful as possible while educating your huge, diverse set of users on the security properties of the product and in what situations they can rely upon it.
Doing this well is still something the entire industry needs to work on, but giving it a shot and building practical protections for real people is always a better option than throwing up your hands and giving up.
They tend to be black and white b/c, unlike most other areas of engineering, a flaw of any severity in a crypto system can lead to its total compromise. Those systems are also subject to active opposition, and breaches tend to be both catastrophic and not known till after the damage is done.
By way of comparison, when Boeing builds a jumbo jet, its "threat model" is gravity and drag and other laws of nature, and if the in-flight entertainment system breaks they don't have to worry about the plane falling out of the sky.
Also compare to the "move fast, break things" web/app dev community for even more stark contrast.
Those differences tend to lead to crypto folks being more black and white on average.
> Is there really only "perfect" or "useless" with nothing in-between?
Are you suggesting that the ability to completely circumvent a system doesn't make that system broken?
If the goal of WhatsApp encryption is to protect against surveillance, and there's a way to surveil users using WhatsApp, then it's broken, full stop. Are you going to place your trust in a home security system that works pretty well, but only against unskilled burglars? Or what about an authentication system to a server holding sensitive customer information? Or your banking information? Or information that might put your life at risk as a dissident in a repressive state?
Flagged for misleading headline; if keys are verified WhatsApp is secure against this attack. If you don't have out of band comms or a pre-shared key, mitm attacks are provably impossible to prevent.
This is offset by two factor authentication: Pin-based or email based. If you want extra security the encrypt your device and two-factor your phone number based messenger.
If this is true, It's really sad. Whatsapp penetration is so high around me that not using it's... very impractical. I do use other channels with some friends, but I don't think people will adopt other channels any time soon.
Turn on the setting to warn you when the other party's encryption key changes and go about your business. This is non-news unless you have unusually good cause to worry about targeted attacks.
In the case of WhatsApp, your data is only on your device and, optionally, in iCloud. So even if an attacker is able to take over your WhatsApp account, your existing data is still private unless the attacker can obtain your device password (and your device) or your iCloud password.
[+] [-] infodroid|10 years ago|reply
[+] [-] leecarraher|10 years ago|reply
[+] [-] skrebbel|10 years ago|reply
Notably, a noted goal of WhatsApp encryption was to stop mass surveillance. I'm no expert but I dont see how these objections make mass surveillance of messages remotely as easy as it was when WhatsApp was entirely unencrypted
[+] [-] secalex|10 years ago|reply
Building safe, secure products at scale for real populations is a process of balancing multiple equities and addressing the most pressing and realistic threat scenarios. This always means building security protections that have theoretical failure modes. The real art is in trying to make those failures as graceful as possible while educating your huge, diverse set of users on the security properties of the product and in what situations they can rely upon it.
Doing this well is still something the entire industry needs to work on, but giving it a shot and building practical protections for real people is always a better option than throwing up your hands and giving up.
[+] [-] SkyMarshal|10 years ago|reply
By way of comparison, when Boeing builds a jumbo jet, its "threat model" is gravity and drag and other laws of nature, and if the in-flight entertainment system breaks they don't have to worry about the plane falling out of the sky.
Also compare to the "move fast, break things" web/app dev community for even more stark contrast.
Those differences tend to lead to crypto folks being more black and white on average.
[+] [-] mikegerwitz|10 years ago|reply
Are you suggesting that the ability to completely circumvent a system doesn't make that system broken?
If the goal of WhatsApp encryption is to protect against surveillance, and there's a way to surveil users using WhatsApp, then it's broken, full stop. Are you going to place your trust in a home security system that works pretty well, but only against unskilled burglars? Or what about an authentication system to a server holding sensitive customer information? Or your banking information? Or information that might put your life at risk as a dissident in a repressive state?
[+] [-] Robin_Message|10 years ago|reply
[+] [-] emdd|10 years ago|reply
[+] [-] tsunamifury|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] thesimon|10 years ago|reply
[+] [-] merqurio|10 years ago|reply
[+] [-] alainv|10 years ago|reply
[+] [-] mikek|10 years ago|reply