61 comments

[ 4.3 ms ] story [ 120 ms ] thread
I don't understand this argument. "Facebook control the WhatsApp code, therefore they can do whatever they want, therefore they can read your messages". I mean, yeah, by that metric, Signal could too, and every other encrypted messenger. We never relied on "Facebook can't change the code" for security, so I don't see how this post brings any new information to the table.

I don't even know why it goes into backup folder details and things, as if they matter. If Facebook wanted to change the code to read your chats, they wouldn't have to count on the existence of a specially named folder, they could just change the code to send the chats to them directly.

I don't think this is written with purely the technical people in mind.

It is written for the people that don't know better and believe end-to-end encryption will always be safe, even though Facebook controls the source code and therefore can do whatever they want.

> I mean, yeah, by that metric, Signal could too, and every other encrypted messenger.

Open source ones would be a lot less likely to get away with it.

The difference between Signal and Wattsapp is really in all the non-message-contents data that Wattsapp collects, as you can see in their privacy (hah!) policy: ( https://www.whatsapp.com/legal/#privacy-policy-information-w...)

"(We collect) hardware model, operating system information, battery level, signal strength, app version, browser information, and mobile network, connection information including phone number, mobile operator or ISP, language and time zone, and IP, device operations information, and identifiers like device identifiers (including identifiers unique to Facebook Company Products associated with the same device or account)

"...how you interact with others using our Services, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services, the features you use like our messaging, calling, Status, or groups features, profile photo, about information, whether you are online, when you last used our Services (your "last seen"), and when you last updated your about information.

"We collect device location information if you use our location features, like when you choose to share your location with your contacts, view locations nearby or those others have shared with you, and the like, and for diagnostics and troubleshooting purposes such as if you are having trouble with our app's location features. We use various technologies to determine location, including IP, GPS, Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.

"We receive information about you from other users and businesses. For example, when other users or businesses you know use our Services, they may provide your phone number, name, and other information

"Businesses you interact with using WhatsApp provide us information about their interactions with you.

> battery level, signal strength,

This reminds me Windows 10 collecting color of the device, in that it is unnecessary for operation but enough to pinpoint a person in combination.

It asks you what colour your device is? Haven't run into that yet.
It collects without noticing you. There is a chassis color stored in somewhere as I understand it correctly.
Why?

These applications are super complex and you can't count on all eyeballs detecting a potential backdoor. And, you don't know if the code in the repo matches what you download from the App Store.

This is a very weak argument, eyeballs do find backdoors. Usually each commit is checked by few people and the introduction of the backdoor is rather obvious.

As for not knowing what has been downloading (if someone tempered with), the best approach is compiling it on your own.

This is a very weak argument, eyeballs do find backdoors

Eventually, maybe. How many eyeballs and how long to find Heartbleed?

There's a difference between a potential backdoor and a bug. While a lot of eyeballs might oversee a bug, you have to make an effort to design your backdoor to go unnoticed.
Good backdoors are indistinguishable from bugs, for plausible deniability
The question isn't whether there won't ever be backdoors, but how likely that is, how long they will stay in place undetected, and what the effects on the reputation of the product/project/committer are once they are discovered.

Bringing this up as an argument is a sensible as claiming that transparency and democracy isn't any better than a dictatorship because there is still corruption.

Can you cite any commits for any open source software where a back door was attempted to be introduced & code review found it pre-emptively?

The reason I ask is that this is an oft repeated claim about open source by developers yet when I talk to security people they don’t seem to care about open source nearly as much. To them inspecting binaries is table stakes anyway.

Meanwhile people write backdoors that aren’t obvious for fun. http://underhanded-c.org/

Signal has had its encryption code audited by researchers, and the Store binaries are signed by the developer, while the repo offers reproducable builds: you can check for yourself if the downloaded apk from Google Play matches what you built from the repo.
If your point is that it is not perfect, you are right. Case in point here is openssl which after decades of usage was so convoluted that people decided to create independent implementations to cut down on the problems that were found in it regularly.

You are also right that appstores are a problem. However, one of the nice things they do is using signatures to prevent tampering with the builds. So having a build system that produces reproducible builds and signatures means users can check whether things line up.

A bigger problem is the reliance on the phone network for identity. A lot of these chat clients insist on using telephone numbers for identifying users. This has been used to shut down chat networks in countries with telecom operators that are collaborating with governments.

If you want to stay secure, most of the chat apps out there are problematic at some level. Signal is one of the very few decent options out there. It is one of the few solutions that has both open source clients and servers and a wide community of people using it and scrutinizing it. With e.g. whatsapp, you are at the mercy of a multinational with a track record of indifference and negligence towards the goal of preserving their user's privacy and, worse, a strong incentive towards doing the exact opposite.

If you are being super paranoid...

Unless the open source app is transparently built and app store deployed from a public build server, it's very easy for the owner to inject a back-door into it.

There's no mechanism built into the app stores to validate an app against its source code.

So the owner could checkout master, add a back-door, build and publish to the app stores, and you'd update, never knowing you're exposed.

Nothing is 100% safe. It's just dependent on how much trust you assign.

Another angle on this is we have no way to know what is changed in each WhatsApp version. There could be APIs its hitting that leak data, private keys could be getting exported at the behest of a government, etc

Commoners have no transparency if Facebook is data mining who they talk to, how often, what type of content and for how long. From the anecdata we have, we know some of this metadata is being mined (contacts at this point).

Are they claiming that contacts are metadata and not data? In that case in seems those framing the debate in terms of "metadata" have already reached the second phase:

1) Claim that no data is harvested, only unimportant metadata that you shouldn't be concerned about, so there is no need to worry!

2) Gradually expand the definition of "metadata" to include all desired data.

I've always understood timing, origin, and destination of a message to be metadata. I'm on the fence about the size of the message. Only the contents themselves are definitely data.

Of course, metadata sometimes contains even more information than the data itself, so framing it as "unimportant" is already incredibly dishonest.

I think the open question is how does Facebook make money and justify their expensive purchase of WhatsApp? It still seems to be an open question years after the acquisition.. i think it is fair to bring up that if Facebook wanted to maybe “parse and target” WhatsApp messages they could and also make the statement that they are encrypted end to end. It does make me chuckle a bit though that there is some debate about if zuck can be assumed to be forthright or not.. the frontline episode about Facebook definitely sort of makes you realize that Facebook and mark zuckerberg at least for a long time thought the world needed to catch up to their super smarter than everybody thinking and hey if there are consequences eh that’s the natural course of things..
News from a couple weeks ago was they will start showing adverts in the status feature.
I would think the dishonesty is in the assumption that data and metadata are disjoint. Metadata is simply a kind of data--but it's still data. It's just a kind of data that is particularly difficult to hide--but that obviously has no bearing whatsoever on whether it contains important information.
I'd be surprised if they're not logging the amount of data used (size of message), probably also it's type (voice or video call, or just text - possibly with some sort of attachment), not to mention location data for each participant, and whatever else they can glean - frequency of calls/messages between users for instance, and how that relates to other data FB know about - all sites visited that have social media buttons, as well as what anyone posts directly to their feed.
There are people actively analyzing the differences between binaries (they are able to characterize all sorts of things, not just whether there are changes, they do it for all apps in the big app stores).

That doesn't really help Joe User, but it's possible to do it.

Of course there is. Reading and understanding bytecode isn't hard. Lots of people do that for a living.
I think he was trying to architect a design in which WhatsApp itself wouldn't be exporting the data over the network, which could be spotted through metadata anlaysis. Lower-visibility to slipstream it in with some bulk data.

But yes it is an overly complicated mechanism for what would be a simple change by Facebook and one that people have raised here since the original announcement.

Regardless of whether or not WhatsApp could do that secretly, and my guess is it probably has for some governments and against specific individuals, I think the writing is on the wall for Facebook to announce that WhatsApp will drop default end-to-end encryption sometime next year. It's basically why the two WhatsApp co-founders left. Facebook is getting ready to better "monetize" WhatsApp, and they'll get more money by looking at people's messages.

So if you haven't already switched to Signal (or better), there's no point in waiting around. WhatsApp's loss of default end-to-end encryption is inevitable and it will come soon.

I'm currently living in south America and thanks to a lack of net neutrality it's very difficult to not use WhatsApp. For as little as $2 a month you can have unlimited use of WhatsApp, messenger and Waze. SMS and classic phone calls are expensive so individuals, businesses and even universities depend on WhatsApp.
That's the same I thought. I don't think I fully understand this article.
People make the same complaint against Signal.

I expect it's frequently the same people.

"End to End" needs defining. It's accurate, but disingenuous, to say "we're e2e between us and the clients". Most people would call that the MITM.
I think the point this atricle is trying to make is that WhatsApp and the Facebook app share the same shared container, meaning Facebook has access to that unencrypted database. So WhatsApp may be fine, but the Facebook app can access your plaintext conversations anytime too
He is saying data can be access by facebook on your phone since its simply using keychain to store your message and they have access to that keychain. They could theoretically send your entire chat history to facebook. End-to-end encryption does not entail they are not snooping on your phone, just that when the message is sent, it is encrypted.
I've never programmed for an app store -- what's the security measure that ensures the Signal version you install corresponds to some trusted state of the code base?
No such security measures exist in the iOS or Android app stores.

I’m not sure whether or not a publisher could opt into providing such assurances, either. You could imagine that with a deterministic build regime, something might be possible, at least if you had rooted your phone so you could directly inspect the install footprint.

Signal has reproducible builds, which means you can build it from source yourself and confirm that the result is exactly the same as what you got from the app store. Obviously not many people actually do that, but it means google can't start pushing bad versions without a significant risk of getting caught.
There's no need for theoretical chat history leaks, there's already a practical one in place. Online WhatsApp backups aren't encrypted with end-to-end encryption. [1][2] WhatsApp keeps being "helpful" and aggressively suggests users turn on online chat backup, without mentioning on the same screen that this means your chat history will be uploaded without end-to-end encryption. The history is encrypted with a key that is sent to WhatsApp servers. This is used to provide a passwordless backup restore function even when you lose your phone. You contact WhatsApp with your mobile number and WhatsApp sends you back a code that is used to derive the key that was used to encrypt the backup which was sent to Apple/Google.

All of this makes Zuckerberg's claims that law enforcement can't read the messages because Facebook can't pretty misleading. Law enforcement could get the backup from Apple/Google and the key from WhatsApp and have access to the whole chat history. There are apps already available to help you through this process. [3]

--

[1] Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in iCloud. https://faq.whatsapp.com/en/iphone/20888066/

[2] Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive. https://faq.whatsapp.com/en/android/20887921/

[3] Elcomsoft Explorer for WhatsApp 2.30 can now download and decrypt Android user’s encrypted WhatsApp communication histories https://blog.elcomsoft.com/2018/01/extract-and-decrypt-whats...

Even though I also find it very suspicious that WhatsApp keeps proactively badgering me about turning backup on, I don’t see how this could be exploited by Facebook as the messages are stored in iCloud and Google Drive which it can’t access.
Whatapps needs a Google Drive API token to write that backup, don't they? If so, surely they can read it using the same token?
Would there be any way for a user to see if/when the token has been reused? Doubtful but perhaps Google provides (or could provide) some kind of log similar to how Facebook lets you view Active Sign Ins and Sign In history.
Once it has been used, it is too late. This insight would therefore not be a solution to the problem.
My assumption was that the data gets handed off to Google/Apple functions on your phone that handle backups. Could anyone confirm?
The most telling evidence for me was that Signal was banned in Russia because the government couldn't read their messages, while whatsapp was just fine.
Wrong signal thou, the right one is that WhatsApp haven't been banned while being the most popular in a country.
You can just disable cloud backups, no?
Not exactly, as the other side could just back it up instead. You also need to make sure that the people you communicate with never misclick OK on the constant backup advisory popups.
There is another, even more direct route that works regardless of backup settings: WhatsApp already includes a backdoor that allows it to decrypt all messages and send them to Facebook servers, conditioned on a single UI authorization from the user, specifically scanning a QR code on https://web.whatsapp.com/

Once the terminal is authorized, the backdoor channel is opened in perpetuity and there is no more interaction with the user, it could happen at any time on your phone and you have no way of knowing short of complex reverse engineering of the app or network stream.

And there is absolutely nothing stopping Facebook from inserting code into WhatsApp to skip the UI prompt when initially setting up the back channel, it would be a few lines of code. With Google or Apple's collaboration, a suspect's terminal could be surreptitiously updated to a vulnerable version that could open the channel, then updated again to the stock version, all in a matter of minutes, allowing law enforcement perpetual access to the stream of decrypted data. It's likely NSA has sufficient private key material to orchestrate something like this without any collaboration.

The (not) news here is that any end-to-end encryption scheme is just a way to thwart packet sniffing hackers and telcos, and it has no effects on the providers themselves, you still need to trust their binaries. Open source and audited open repositories were never more relevant.

Asking as a layman unfamiliar with security jargon, do you mean to say that if I ever log in on Whatsapp's web interface, even once, then my Whatsapp app and the messages are backdoored?
Technically the key should never leave the web UI (and be discarded once you close the page); but since they control the domain & what they serve, they could serve a malicious version of it that silently exfiltrates that key back to them which they can use later on even after you close the page.
> it would take a good iOS developer just a few days to put in place code in both the Facebook and WhatsApp apps that could discretely copy this database from one app to the other, via their shared container.

Weird article. If modifying the WhatsApp app is on the table, there are trivial ways to send decrypted messages elsewhere.

(comment deleted)
I think the encryption thing was more about Facebook not being able to intercept your messages, read/store them, and remain unnoticed. Of course they can "still" read your messages as they could rewrite the app in a few subtle ways to achieve that easily, but that's nothing new.

I guess that if the app starts looking for the chats within the devices, it would be much easier to spot than it would if the messages were just analyzed as they went through WhatsApp's servers (so that's what the encryption is for).

Title is a bit misleading in my opinion. If you back up your chats to Google Drive, they obviously won't be E2E encrypted.
Messages may be sent encrypted, but I bet they are analysed before being encrypted. Without an external independent audit I'm not sure I'd trust Zuck.
I have also noticed seeing ads related to my voice calls and images shared over WhatsApp. Has anyone else noticed the same?
Facebook treats our Whatsapp message content just like it's feed.

Here is what happened few weeks ago : I exchanged whatsapp messages with a well known founder. Lo and behold - news about him and his startup are all over my facebook feed. Some which was published years ago.

We live in echo chambers.

End-to-end encryption like these shouldn't be considered private as long as no one else than yourself control the private key.

It's not as convenient, but misplacing trust into corporation that has no interest in your privacy is dangerous.

Common sense says that since FB owns WhatsApp no one should trust it. It's no different than if China owned WhatsApp. I mean WeChat. Just common sense.
and os companies can install key loggers on your device/machine. and chipset manufacturers can backdoor the system. and so on.

no piece of hardware or software is safe from evil deeds of people building them.