Who's they? Because Whatsapp has never said it uses end to end encryption - anywhere.
Also, I guess it is possible that the so called terrorists used iPhones, but I think there's a higher chance they used Android phones. Of course we don't know exactly, but either way you shouldn't have assumed Whatsapp uses end-to-end encryption even before this.
So those who thought Whatsapp was "safe", treat this as yet another warning sign that you shouldn't be using it for private conversations.
Those who were already paranoid about it, you probably weren't using it already for that, so this changes nothing.
which, if you rely on it, defeats at least one "end" in "end-to-end" if you don't know what device your peer is using.
So much for end-to-end encryption in Whatsapp...
As much as I like and respect Moxie, I think it's a huge personal risk for him to associate himself with Facebook (WhatsApp)[0].
That said, come on... there's no user exposed key management in Whatsapp, or secure means to perform a handshake with your contacts. Even if they've really rolled out Moxies crypto protocol on Android, like they claim (go look at the source and verify... oh, wait), on features alone you can't trust it... you just can't create a secure channel unless you're in control of the keys.
And on terrorists using Whatsapp... well, Whatsapp accounts are tied to your cell phone #. The authorities can work with WhatsApp to piece together who messaged who, and when, and where you both physically were at the time. This is enough to bust terrorists. Deploying E-to-E crypto was never about anonymity.
As many have pointed out Whats App's E2EE isn't deployed on all platforms and messaging services.
Furthermore they've only rolled it out about 6 months ago, there's a good chance that the information which lead to this case was collected before the E2E encryption was rolled out.
It's by far easier to force MSFT, Google or Apple to backdoor the device rather than an individual app.
Especially since at least on Android devices you can always pull the APK you got form the store apart and see if it's being messed with.
Seems very unwise of them to disclose this capability, if it exists. Might be a red herring? Or maybe an accidental disclosure through due to belgian/US miscommunication.
From an intelligence perspective this was profoundly dumb to reveal. This is the heart of what protecting sources and methods is all about. However, it really should go without saying that one should operate in the assumption that all digital communications are compromised, at least commercial services.
In the comments on this unrelated story of identifying a terrorist people argued that it's possible the story is deliberate misinformation, it could also be the case here.
Almost certainly Whatsapp is doing consumer to server encryption, but not end to end. If this is true, then Whatsapp holds or can decrypt the internal storage or transfer of messages.
Alternatively, there is a likelihood that the encryption keys are escrowed or trivially encrypted.
This is what we're seeing in the consolidating web giant world. Words don't match technical expectations, but they meet the letter of the law. We see/saw the same thing with privacy.
I find it funny that somebody could be really so naive to expect privacy from WhatsApp after it got acquired by Facebook. Especially after we've had similar lessons with Skype + Microsoft.
I think in this particular case the story title applies. The part of the story that is interesting/important to HN users is about WhatsApp's compromised encryption, not so much the arrest and charges. Perhaps a nod to the article's title would be better though; something like "Suspects Arrested in Probe Based On WhatsApp Eavesdropping". That covers both aspects of the story.
Nonsense. The spirit of the guidelines is what matters. That post would never get on the front page of HN, and the current title is far from clickbait - it's the very reason it's of interest to the community.
EDIT: For reference, the original title was something to the effect of WhatsApp - so much for end-to-end encryption.
Yeah but OP is trying to point out a specific piece of information that's relevant for hacker news users. It wouldn't have been read through otherwise.
It is a failing of a vote-based ranking system that a comment with nothing but a complaint about the HN title remains at the top of the discussion, after the title has been corrected (http://i.imgur.com/fItX7pd.png).
Perhaps moderators should take the time to cull/derank these comments when they fix the titles.
[+] [-] dsjoerg|10 years ago|reply
https://whispersystems.org/blog/whatsapp/
Did they make a subsequent announcement that they were encrypting those?
[+] [-] higherpurpose|10 years ago|reply
Also, I guess it is possible that the so called terrorists used iPhones, but I think there's a higher chance they used Android phones. Of course we don't know exactly, but either way you shouldn't have assumed Whatsapp uses end-to-end encryption even before this.
So those who thought Whatsapp was "safe", treat this as yet another warning sign that you shouldn't be using it for private conversations.
Those who were already paranoid about it, you probably weren't using it already for that, so this changes nothing.
[+] [-] solarexplorer|10 years ago|reply
http://www.heise.de/ct/artikel/Keeping-Tabs-on-WhatsApp-s-En...
tl;dr end-to-end encryption in WhatsApp is not really useful (yet)
[+] [-] zeeed|10 years ago|reply
[+] [-] nly|10 years ago|reply
That said, come on... there's no user exposed key management in Whatsapp, or secure means to perform a handshake with your contacts. Even if they've really rolled out Moxies crypto protocol on Android, like they claim (go look at the source and verify... oh, wait), on features alone you can't trust it... you just can't create a secure channel unless you're in control of the keys.
And on terrorists using Whatsapp... well, Whatsapp accounts are tied to your cell phone #. The authorities can work with WhatsApp to piece together who messaged who, and when, and where you both physically were at the time. This is enough to bust terrorists. Deploying E-to-E crypto was never about anonymity.
[0] https://whispersystems.org/blog/whatsapp/
[+] [-] dogma1138|10 years ago|reply
Furthermore they've only rolled it out about 6 months ago, there's a good chance that the information which lead to this case was collected before the E2E encryption was rolled out.
[+] [-] simonvc|10 years ago|reply
https://whispersystems.org/blog/signal/
There's no guarantee that apple/google/microsoft haven't been ordered to install a backdoored version.
tl;dr RMS was right
[+] [-] dogma1138|10 years ago|reply
[+] [-] phreeza|10 years ago|reply
[+] [-] briandear|10 years ago|reply
[+] [-] speculation|10 years ago|reply
In the comments on this unrelated story of identifying a terrorist people argued that it's possible the story is deliberate misinformation, it could also be the case here.
[+] [-] late2part|10 years ago|reply
[+] [-] mapgrep|10 years ago|reply
[+] [-] late2part|10 years ago|reply
Almost certainly Whatsapp is doing consumer to server encryption, but not end to end. If this is true, then Whatsapp holds or can decrypt the internal storage or transfer of messages.
Alternatively, there is a likelihood that the encryption keys are escrowed or trivially encrypted.
This is what we're seeing in the consolidating web giant world. Words don't match technical expectations, but they meet the letter of the law. We see/saw the same thing with privacy.
[+] [-] caminante|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] jhallenworld|10 years ago|reply
Perhaps they pushed an insecure version on the suspects.
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] sehugg|10 years ago|reply
http://www.businessinsider.com/whatsapp-may-have-gotten-16-a...
[+] [-] kbart|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] tptacek|10 years ago|reply
The correct title for this story would be "Belgium Arrests Two in Probe Over Returning Syria Fighter".
[+] [-] morganvachon|10 years ago|reply
[+] [-] oskarth|10 years ago|reply
EDIT: For reference, the original title was something to the effect of WhatsApp - so much for end-to-end encryption.
[+] [-] roryhughes|10 years ago|reply
[+] [-] sehugg|10 years ago|reply
[+] [-] Crito|10 years ago|reply
Perhaps moderators should take the time to cull/derank these comments when they fix the titles.
[+] [-] flurdy|10 years ago|reply
[+] [-] jokr004|10 years ago|reply
[+] [-] Errorcod3|10 years ago|reply
and note taken
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] comrade1|10 years ago|reply
[+] [-] coolgirl43|10 years ago|reply
[deleted]