Congrats Moxie and team. You guys are doing a great thing for humanity.
As closed-source, I still couldn't recommend WhatsApp above Signal/TextSecure, but this means that the squillions of WhatsApp users out there right now will hopefully get strong protection and probably won't even notice - and that's fantastic.
Makes me wonder if perhaps other clients for the TextSecure protocol are viable, maybe even possibly standardisable (although please let's not start going design-by-committee on it, don't allow any changes that haven't been security-reviewed). A desktop TextSecure client is something I would like to have right now.
Especially curious what happens if you properly plug together TextSecure, a DHT (or two), and a mixnet like Tor. (Are you listening, Project Tox?)
while i trust textsecure, it is hard to trust any mobile OS and mobile hardware.
I don't mind a healthy distrust in governments either, but it's hard to ignore that WhatsApp, Apple and Google are US companies bound to US laws. In other words, while end-to-end cryptography protects you against dragnet surveillance it certainly doesn't solve any of the other, and arguably much bigger, problems we're facing.
When it comes to respect for WhatsApp I'm still undecided. A huge win for WhatsApp is that they actually have a business model, but on the other side they took a decentralised system (XMPP/Jabber) and centralised it.
Effectively what we have here is XMPP/Jabber with TextSecure on top of it instead of XMPP/Jabber with OTR on top of it, which has been around for quite some time now. Maybe that's not terribly impressive but it's great to see big companies join the privacy-by-design camp.
The TextSecure protocol, based on the Axolotl Rachet, is a significant improvement on OTR, both in terms of cryptographic capability and usability.
Without that, your carrier owns you at a bit by bit level in the memory of "your" computer.
By comparison, application-based encryption of messages addresses a bunch of real threats. The NSA is not the only threat; malicious wifi operators, for example.
Moves like this one, though, are fantastic at making mass surveillance much harder, and I applaud them with as many hands as I can borrow.
While there is no doubt you are correct that a baseband attack is possible, it's a much, much harder task for a Telco to get control of your baseband, start poking around in it and reading your private messages via this channel. Has there been any released code that exploits this?
They easily have the technology now to read all your SMS and capture all the data you send. If you can crypt this, you're much better off from a privacy and security perspective than if you don't.
That's what's important about this announcement.
Your BIOS might be spying on your, or your hard disk, or your wifi card, your video card.
This offers good, strong protection for a lot of the attacks your data can be subject to. Not every attack, but the majority.
Maybe it makes sense for non-baseband enabled devices, tablets, phones with baseband chips disabled somehow (physically).
Can you provide examples? Or explain his alleged reasons? I glanced through couple of his posts and failed to see anything on that matter.
I understand that. I'm questioning why they've set such an arbitrary restriction in the first place.
WhatsApp, Hangouts, Skype, etc are all cancer on interpersonal communications by trying to make it a profit center. They destroy user freedom, they severely limit communication, and they do it while making you think its worth your money when you could host your own XMPP server and delegate with an entire network of chat servers.
And no, I do not mean your grandmother should host an XMPP server.
Facebook gets props for using XMPP in its messaging implementation, even if they crippled it by not letting users message outside Facebooks network.
If I compare the XMPP feature set with what people around me are doing with WhatsApp though..
- Without optional features (stream resumption?) you have flaky connections/lose messages, even today
- people tend to use WhatsApp etc to send inline media, be it pictures or videos. How would you do that with XMPP, without controlling the client (I run pidgin. Might be on bitlbee?).
- Having more than one device? Tablet and phone? You probably now want carbons (works reasonably well with some rough edges, but some clients don't support them) and likely would like to see your message history on both clients (-> a shared archive).
If the last point, security issues notwithstanding, makes sense/seems plausible, XMPP doesn't seem to offer a decent solution right now. MAM [1] seems to be the answer, but is experimental and .. well - there's no support for it yet.
Yes, I would love to see a world in which XMPP succeeds. But right now it's not practical as far as I can tell.
This is how you deliver strong security to the masses. Not by convincing all your friends to adopt some weird and obscure chat app with the only benefit that it's "more secure" (most won't care), but by getting large service providers to adopt it and push it to hundreds of million of users without them even noticing.
Oh, and I assume that if Whatsapp adopted it, Facebook Chat isn't too far behind...right?
You cannot deliver strong security on a mobile phone platform. The carrier owns you. In fact, the carrier owns you doubly over because it can control "your" computer via two pathways - with the baseband and the SIM card - both of which you have no control over.
You cannot be secure on a device that a third party can interact with at the level of DMA. Further, while I keep adding a caveat about some phones whose SOC involves a baseband that is more akin to a USB modem, in terms of architecture, it turns out that even these "less terrible" SOC designs still have kind-of-sort-of ways to attain full control by the baseband over the AP.
It really is that bad. You gain no protection from the carrier or a state actor that can influence the carrier, and certainly no protection from a rogue cellsite that can instruct your baseband (or your SIM) to manipulate main memory arbitrarily.
The fact that Facebook owns WhatsApp makes this announcement a big surprise as I think they profit far more with unencrypted messages (although WhatsApp was just delivering, not storing them supposedly).
The ads I see on Facebook currently are for SSL certificates (guess what I bought recently), BGP routing optimisation products (not sure why), and TransferWise (I used them once). In short, lots of remarketing and something presumably targeted at one of the news sources I get in my feed e.g. slashdot.
These are all pretty nerdy yet also pretty reasonable ads. Ads targeted based on my chats would mostly revolve around .... well, not sure. At best, nights out or local cinemas. I doubt there's much profit in that.
But that's also 404 now, here's a cached copy: http://webcache.googleusercontent.com/search?q=cache:NAz9uOi...
And here's a copy of the article text: http://pastebin.com/Y5CUPqDJ
They talked to Moxie about it, so it doesn't look like a hoax. More like it wasn't supposed be announced yet.
It goes without saying that this would be a big deal. And it would explain a lot of the slow movement w.r.t. an iOS client. Although The Verge wasn't sure if and when the encryption would be available on iOS. And WhatsApp is closed source software, something that's unlikely to change, which really isn't what we want from a secure messenger. So I might keep Text Secure installed for the time being.
But still. OTR (and the enhanced/modified version of it TextSecure is using) is probably the easiest to use way to communicate in a reasonably secure fashion, and it'd would be fantastic to see it used by hundreds of millions of users all of a sudden -- even if it's sitting on top of insecure mobile operating systems and untrusted-yet-privileged hardware.
Have you had issues getting OTR to connect sometimes? Myself and about 5 friends have been using OTR with ChatSecure on the phone and pidgin on the desktop. Sometimes the OTR connection just doesn't engage, and we suspect it's because there are multiple instances of the chat client signed in and it like "crosses the streams" or something. CryptoCat has similar issues. Is there a perscribed way of using OTR that won't give us these problems?
TextSecure hasn't given us any problems yet ... though, we never see the encrypted text messages in our SMS, even when we use textsecure over google voice. Does TextSecure just bypass actual SMS channels?
[0] https://otr.cypherpunks.ca/UPGRADING-libotr-4.1.0.txt
A simple workaround is to use a different account for each device (e.g. me@jabber.com, me+mobile@jabber.com).
TextSecure's developers recognize that a good multi-device experience is essential to provide a comparable experience to other messaging apps. Their approach is different from OTR's, and is described here [0].
[0] https://moderncrypto.org/mail-archive/messaging/2014/001022....
I don't know how well, if at all, either of them deal with multiple simultaneous logins. XMPP (Jabber) doesn't have a great answer for it (ie. there may be support in the protocol or a protocol extension, but implementation support is terrible). Which is a shame because it's very desirable from a user perspective; both just being able to receive incoming messages on multiple devices as well as the next level of synchronising message session history across devices. Clearly the latter is way easier if you're willing to store the history on the server.
[0] https://github.com/WhisperSystems/TextSecure/issues/1737 also on HN somewhere
http://www.theverge.com/2014/11/18/7241011/whatsapp-rolls-ou...
Here's the text of the page I got:
At Open Whisper Systems, our goal is to make private communication simple. For the past three years, we’ve been developing a modern, open source, strong encryption protocol [1] for asynchronous messaging systems, designed to make seamless end-to-end encrypted messaging possible.
Today we’re excited to publicly announce a partnership with WhatsApp, the most popular messaging app in the world, to incorporate the TextSecure protocol into their clients and provide end-to-end encryption for their users by default.
Your messages may already be encrypted
The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.
WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default. This is still the beginning
We’re continuing to develop the TextSecure app [2], and our roadmap for our own products remains unchanged. We’ve been working with WhatsApp for the past half year, and have learned a lot through the process of deploying the TextSecure protocol at the scale of hundreds of millions of users. We’re excited to incorporate what we’ve learned from this integration into our future design decisions, and to bring this experience to bear on integrations that we do with other companies and products in the future.
We believe that by continuing to advance the state of the art for frictionless private communication with open source software, open protocols, and simple libraries, we’ll have additional opportunities to support mass adoption of end-to-end encryption.
WhatsApp deserves enormous praise for devoting considerable time and effort to this project. Even though we’re still at the beginning of the rollout, we believe this already represents the largest deployment of end-to-end encrypted communication in history. Brian Acton and the WhatsApp engineering team has been amazing to work with. Their devotion to the project as well as their thoroughness in getting this done are inspiring in a world where so many other companies are focused on surveillance instead of privacy.
Get involved!
If you’d like to participate in Open Whisper Systems, there are still a few more days to apply to Winter Of Code [3], our retreat in Hawaii this January. Or check out our Android [4], iOS [5], and browser [6] clients on GitHub to join in on development.
If you’d like to donate to Open Whisper Systems, we accept Bitcoin donations [7] that are automatically paid out to each merged PR via BitHub [8]. You can also make tax-deductible donations by credit card through the Freedom Of The Press Foundation here [9].
Links:
[1] https://whispersystems.org/blog/advanced-ratcheting/
[2] https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
[3] https://whispersystems.org/blog/winter-of-code/
[4] https://github.com/whispersystems/textsecure
[5] https://github.com/whispersystems/signal-ios
[6] https://github.com/WhisperSystems/TextSecure-Browser/
[7] http://bithub.whispersystems.org/
[8] https://whispersystems.org/blog/bithub/
[9] https://freedom.press/bundle/encryption-tools-journalistsWhat is that roadmap? TextSecure for iOS is stalled...
Awesome for Moxie and team, his is huge news. But the world still needs a cross platform, open source, end-to-end encrypted platform... It's just too important to trust Facebook with.
https://github.com/WhisperSystems/Signal-iOS/commits/textSec...
Completely right. Facebook paid $19Bn for whatsapp. How is not being able to keyword-search messages going to help them cover some of that cost? It sounds great but doesn't add up.
Well, no. As pointed out elsewhere in this thread, if Whisper Systems doesn't own the whole app, then the Whatsapp code might include code (that they "forget" to show Moxie) that phones home to the Zuckerberg mansion/windowless black buildings in Virgina.
OTR actually uses "ephemeral" Diffie-Hellman [5], where a new shared key is generated for each session. This provides forward security by guaranteeing that a key compromise in the future won't render past messages decryptable.
[1] http://en.wikipedia.org/wiki/TextSecure
[2] http://en.wikipedia.org/wiki/Off-the-Record_Messaging
[3] http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exch...
https://github.com/trevp/axolotl/wiki
It's much much better than OTR in that:
- Asynchronicity is on by default (you don't need both parties to be up and running at the same time to start a convo)
- You don't need to wait for your recipient to answer before you can write something (ie you can send multiple messages one after another, directly)
- Because you can do both of the above, you can easily do multiparty, something OTR struggles with.
For more details:
Also they have a browser extension that could use some help from front-end devs:
https://github.com/WhisperSystems/TextSecure-Browser
It is still pretty early but the project has Bithub as well. From my understanding, this is their planned desktop version.
The other link posted, theverge.com, is 404 as well, btw.
However, from my point of view, TextSecure isn't there yet. The ideal solution should be decentralized, like XMPP. That makes gathering meta data so much harder.