<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Marco Berlinguer</b> <span dir="ltr"><<a href="mailto:marco.berlinguer@gmail.com">marco.berlinguer@gmail.com</a>></span><br>Date: Thu, Nov 20, 2014 at 7:32 PM<br>Subject: end-to-end encryption for the masses<br>To: P2PValue Members <<a href="mailto:members@p2pvalue.eu">members@p2pvalue.eu</a>><br><br><br><div dir="ltr"><div>This is interesting. Something is moving out there.<br></div>M.<br><div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Felix Stalder</b> <span dir="ltr"><<a href="mailto:felix@openflows.com" target="_blank">felix@openflows.com</a>></span><br>Date: 2014-11-19 17:30 GMT+01:00<br>Subject: <nettime> end-to-end encryption for the masses<br>To: <a href="mailto:nettime-l@kein.org" target="_blank">nettime-l@kein.org</a><br><br><br><a href="http://www.wired.com/2014/11/whatsapp-encrypted-messaging/" target="_blank">http://www.wired.com/2014/11/whatsapp-encrypted-messaging/</a><br>
<br>
Growing up in Soviet Ukraine in the 1980s, Whatsapp founder Jan Koum<br>
learned to distrust the government and detest its surveillance. After he<br>
emigrated to the U.S. and created his ultra-popular messaging system<br>
decades later, he vowed that Whatsapp would never make eavesdropping<br>
easy for anyone. Now, Whatsapp is following through on that<br>
anti-snooping promise at an unprecedented scale.<br>
<br>
On Tuesday, Whatsapp announced that it's implementing end-to-end<br>
encryption, an upgrade to its privacy protections that makes it nearly<br>
impossible for anyone to read users' messages -- even the company itself.<br>
Whatsapp will integrate the open-source software Textsecure, created by<br>
privacy-focused non-profit Open Whisper Systems, which scrambles<br>
messages with a cryptographic key that only the user can access and<br>
never leaves his or her device. The result is practically uncrackable<br>
encryption for hundreds of millions of phones and tablets that have<br>
Whatsapp installed -- by some measures the world's largest-ever<br>
implementation of this standard of encryption in a messaging service.<br>
<br>
"Whatsapp is integrating Textsecure into the most popular messaging app<br>
in the world, where people exchange billions of messages a day," says<br>
Moxie Marlinspike, Open Whisper System's creator and a well known<br>
software developer in the cryptography community. "I do think this is<br>
the largest deployment of end-to-end encryption ever."<br>
<br>
Textsecure has actually already been quietly encrypting Whatsapp<br>
messages between Android devices for a week. The new encryption scheme<br>
means Whatsapp messages will now travel all the way to the recipients'<br>
device before being decrypted, rather than merely being encrypted<br>
between the user's device and Whatsapp's server. The change is nearly<br>
invisible, though Marlinspike says Whatsapp will soon add a feature to<br>
allow users to verify each others' identities based on their<br>
cryptographic key, a defense against man-in-the-middle attacks that<br>
intercept conversations. "Ordinary users won't know the difference,"<br>
says Marlinspike. "It's totally frictionless."<br>
"This is the largest deployment of end-to-end encryption ever."<br>
<br>
In its initial phase, though, Whatsapp's messaging encryption is limited<br>
to Android, and doesn't yet apply to group messages, photos or video<br>
messages. Marlinspike says that Whatsapp plans to expand its Textsecure<br>
rollout into those other features and other platforms, including Apple's<br>
iOS, soon. He wouldn't specify an exact time frame, and Whatsapp<br>
staffers declined to comment on the new encryption features. Marlinspike<br>
says the Textsecure implementation has been in the works for six months,<br>
since shortly after Whatsapp was acquired by Facebook last February.<br>
<br>
Whatsapp's Android users alone represent a massive new user base for<br>
end-to-end encrypted messaging: Whatsapp's page in the Google Play store<br>
lists more than 500 million downloads. Textsecure had previously been<br>
installed on only around 10 million gadgets running the Cyanogen mod<br>
variant of Android and about 500,000 other devices.<br>
<br>
The only encrypted messaging system that compares in size is Apple's<br>
iMessage, which also claims to use a version of end-to-end encryption.<br>
Compared with Textsecure, however, Apple's iMessage security has some<br>
serious shortcomings. iMessage doesn't track which devices'<br>
cryptographic keys are associated with a certain user, so Apple could<br>
simply create a new key the user wasn't aware of to start intercepting<br>
his or her messages. Additionally, many users unwittingly back up their<br>
stored iMessages to Apple's iCloud, which renders any end-to-end<br>
encryption moot. Plus, unlike Textsecure, iMessage doesn't use a feature<br>
called "forward secrecy" that creates a new encryption key for each<br>
message sent. This means that anyone who collects a user's encrypted<br>
messages and successfully cracks a user's key can decrypt all their<br>
communications, not just the one message that uses that key.<br>
<br>
Whatsapp's rollout of strong encryption to hundreds of millions of users<br>
may be an unpopular move among governments around the world, whose<br>
surveillance it could make far more difficult. Whatsapp's user base is<br>
highly international, with large populations of users in Europe and<br>
India. But Whatsapp founder Jan Koum has been vocal about his opposition<br>
to cooperating with government snooping. "I grew up in a society where<br>
everything you did was eavesdropped on, recorded, snitched on," he told<br>
Wired UK earlier this year. "Nobody should have the right to eavesdrop,<br>
or you become a totalitarian state -- the kind of state I escaped as a kid<br>
to come to this country where you have democracy and freedom of speech.<br>
Our goal is to protect it."<br>
<br>
<br>
# distributed via <nettime>: no commercial use without permission<br>
# <nettime> is a moderated mailing list for net criticism,<br>
# collaborative text filtering and cultural politics of the nets<br>
# more info: <a href="http://mx.kein.org/mailman/listinfo/nettime-l" target="_blank">http://mx.kein.org/mailman/listinfo/nettime-l</a><br>
# archive: <a href="http://www.nettime.org" target="_blank">http://www.nettime.org</a> contact: <a href="mailto:nettime@kein.org" target="_blank">nettime@kein.org</a><br>
</div><br></div></div></div>
</div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Check out the Commons Transition Plan here at: <a href="http://en.wiki.floksociety.org/w/Research_Plan" target="_blank">http://en.wiki.floksociety.org/w/Research_Plan</a> </div><div><br></div>P2P Foundation: <a href="http://p2pfoundation.net" target="_blank">http://p2pfoundation.net</a> - <a href="http://blog.p2pfoundation.net" target="_blank">http://blog.p2pfoundation.net</a> <br><br><a href="http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation" target="_blank"></a>Updates: <a href="http://twitter.com/mbauwens" target="_blank">http://twitter.com/mbauwens</a>; <a href="http://www.facebook.com/mbauwens" target="_blank">http://www.facebook.com/mbauwens</a><br><br>#82 on the (En)Rich list: <a href="http://enrichlist.org/the-complete-list/" target="_blank">http://enrichlist.org/the-complete-list/</a> <br></div></div>
</div>