Whatsapp: Facebook's ability to decrypt messages is a "limitation," not a "defect"

Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest

A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

WhatsApp wooed users with privacy promise, but will soon share data with Facebook

The mobile messaging app will soon begin sharing with Facebook the phone numbers and analytics data for its more than one billion users.

When messaging app WhatsApp was acquired by Facebook in 2014, WhatsApp co-founder Jan Koum promised the deal wouldn't affect users' privacy.

Read the rest

Brazil judge orders WhatsApp blocked for 72 hours, affecting 100 million people

A state judge in the Brazilian state of Sergipe has ordered all mobile phone operators in the country to block Facebook-owned WhatsApp for 72 hours, nationwide. Those five telecom providers put the ban into effect today, and it affects about 100 million people. In Brazil, WhatsApp is the most popular messaging app.

Read the rest

Facebook values Whatsapp users' data at $1/year

This week, Whatsapp -- an instant messaging company that was founded on the principle of charging $1/year and preserving your privacy in exchange, but which sold to Facebook in 2014 for $19B -- sent users a message that their accounts would be free forevermore -- at the same time as the app quietly introduced a tickbox (optional, for now) to share your data with Facebook "to improve your Facebook experience." Read the rest

Moxie Marlinspike profiled in WSJ. Obama thinks secure messaging apps like the one he built are “a problem.”

[Wall Street Journal]

The Wall Street Journal just discovered what some of us have known for a long time: Moxie Marlinspike is really cool, and the work he does is important. Read the rest

Whatsapp abused the DMCA to censor related projects from Github

Prior to Whatsapp's $19B acquisition by Facebook, the company sent a large number of spurious takedowns against projects on Github. In a DMCA notice served by Whatsapp's General Counsel to Github, a number of projects are targeted for removal on the basis that they are "content that infringes on WhatsApp Inc.'s copyrights and trademarks."

This is grossly improper. DMCA takedown notices never apply to alleged trademark violations (it's called the "Digital Millennium Copyright Act" and not the "Digital Millennium Trademark Act"). Using DMCA notices to pursue trademark infringements isn't protecting your interests -- it's using barratry-like tactics to scare and bully third parties into participating in illegitimate censorship.

The letter goes on to demand takedown of these Github projects on the basis that they constitute "unauthorized use of WhatsApp APIs, software, and/or services" -- again, this is not a copyright issue, and it is improper to ask Github to police the code its hosts on this basis. It is certainly not the sort of activity that the DMCA's takedown procedure exists to police.

So what about copyright infringement? In the related Hacker News thread, a number of the projects' authors weigh in on the censorship, making persuasive cases that they software did not infringe on any of Whatsapp's copyrights -- rather, these were tools that made use of the Whatsapp API, were proof-of-concept security tools for Whatsapp, or, in one case, merely contained the string "whatsapp" in its sourcecode.

There may well have been some legitimately infringing material on Github, but it's clear that Whatsapp's General Counsel did not actually limit her or his request to this material. Read the rest

The most concise explanation yet for why Facebook's paying $19 billion for WhatsApp

As I wrote in my post when the news broke, it's all about growth.

Read Parmy Olson's Forbes story out today, which she began reporting long before the acquisition announcement: "The Rags-To-Riches Tale Of How Jan Koum Built WhatsApp Into Facebook's New $19 Billion Baby"

[Via]. [Previously on Boing Boing].

Read the rest