> What I can not comprehend is how respectable people and experts like Snowden and others from EFF can get behind a messenger that its authentication is based on cell phone numbers!
Authentication isn't based on cell phone numbers, that's just the identifier. See "verify security code" here: https://www.whatsapp.com/faq/en/general/28030015 The problem, which EFF does mention is that "if your contact changes keys, this fact is hidden away by default."
> When an application sends all your contacts to its servers (whether they are hashed or not) and more importantly when your whole access depends on a none encrypted code sent via SMS
Correct me if I'm wrong but it seems as if you think that someone who hijacks your number will get access to some account where all your contacts are. That's not the case. The problem here is the same as above.
> and worst of all, your identifier can be tied to your real identity extremely easy, how can they call it secure at all?
> It is not all about E2E or how the crypto is designed or implemented, its also about your anonymity, your social graph and other pieces of information which are arguably more important not to give away!
Amir6|9 years ago
https://news.ycombinator.com/item?id=12559127
Thanks for your interest and looking forward to have a discussion here with other HNers
uph|9 years ago
Authentication isn't based on cell phone numbers, that's just the identifier. See "verify security code" here: https://www.whatsapp.com/faq/en/general/28030015 The problem, which EFF does mention is that "if your contact changes keys, this fact is hidden away by default."
> When an application sends all your contacts to its servers (whether they are hashed or not) and more importantly when your whole access depends on a none encrypted code sent via SMS
Correct me if I'm wrong but it seems as if you think that someone who hijacks your number will get access to some account where all your contacts are. That's not the case. The problem here is the same as above.
> and worst of all, your identifier can be tied to your real identity extremely easy, how can they call it secure at all? > It is not all about E2E or how the crypto is designed or implemented, its also about your anonymity, your social graph and other pieces of information which are arguably more important not to give away!
That doesn't make it insecure, it's just not anonymous. No one claims that it is and it's not a goal https://www.whatsapp.com/faq/en/general/20971813