It's the largest-ever deployment of end-to-end crypto, and assuming they didn't add any back-doors or make critical errors, this means that hundreds of millions of users can now communicate without being spied upon by governments, crooks, cops, spies or voyeurs.
Marlinspike's Textsecure has an impeccable reputation as a secure platform, and Whatsapp founder Jan Koum attributes his desire to add security to his users' conversations to his experiences with the surveillance state while growing up in Soviet Ukraine. However, without any independent security audit or (even better) source-code publication, we have to take the company's word that it has done the right thing and that it's done it correctly.
In its initial phase, though, Whatsapp's messaging encryption is limited to Android, and doesn't yet apply to group messages, photos or video messages. Marlinspike says that Whatsapp plans to expand its Textsecure rollout into those other features and other platforms, including Apple's iOS, soon. He wouldn't specify an exact time frame, and Whatsapp staffers declined to comment on the new encryption features. Marlinspike says the Textsecure implementation has been in the works for six months, since shortly after Whatsapp was acquired by Facebook last February.
Whatsapp's Android users alone represent a massive new user base for end-to-end encrypted messaging: Whatsapp's page in the Google Play store lists more than 500 million downloads. Textsecure had previously been installed on only around 10 million gadgets running the Cyanogen mod variant of Android and about 500,000 other devices.
The only encrypted messaging system that compares in size is Apple's iMessage, which also claims to use a version of end-to-end encryption. Compared with Textsecure, however, Apple's iMessage security has some serious shortcomings. iMessage doesn't track which devices' cryptographic keys are associated with a certain user, so Apple could simply create a new key the user wasn't aware of to start intercepting his or her messages. Additionally, many users unwittingly back up their stored iMessages to Apple's iCloud, which renders any end-to-end encryption moot. Plus, unlike Textsecure, iMessage doesn't use a feature called "forward secrecy" that creates a new encryption key for each message sent. This means that anyone who collects a user's encrypted messages and successfully cracks a user's key can decrypt all their communications, not just the one message that uses that key.
Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions of Users [Andy Greenberg/Wired]
(Image: Moxie Marlinspike, CC-BY-SA)