LightBlog

mardi 5 avril 2016

WhatsApp’s End-to-End Encryption is Now Going Live

whatsappcomplete2

Security is all the hype these days. After years of being data mined and being a sitting duck for MITM attacks, the world has finally woken up and realized that not everyone needs to know everything. Some conversations are best kept private, and restricted only to the parties involved.

With that thought in mind, Facebook’s WhatsApp has finally started rolling out end-to-end user encryption to all users. This update is rolling out server side, as there is no new apk (although you do need to be on the latest Play Store release to see it). When you are communicating with a party which also has encryption active, your message conversation will have a notification banner announcing to you of the same. The end-to-end encryption benefit also extends from text conversations to voice calls.

whatsapp-e2e-notice whatsapp-e2e-profile

Now, there are and will be a lot of concerns that arise out of this. And the concerns themselves would be justified, given that WhatsApp’s parent company, Facebook, depends heavily on data mining and had to pay $22 Billion for WhatsApp. WhatsApp has promised that there is end-to-end encryption, but since the app is closed source (and almost certainly will continue to be), there is no way to verify and audit the code to find the existence of an intentional backdoor.

Open Whisper System does back WhatsApp thanks to their current partnership, which was aimed at integrating the Signal protocol into WhatsApp and enabling end-to-end encryption by default for all users. WhatsApp has promised that it does not store any messages once they are delivered, and even they can’t read the messages thanks to the end-to-end encryption. As of now, you have to blindly trust both Open Whisper System and WhatsApp to believe that their promises of encryption on WhatsApp are as much of action as they are of word.

You can read more about WhatsApp’s move towards end-to-end encryption over at the WhatsApp website, or at the Open Whisper System Blog. Additionally, you can also download and view the security whitepaper from here.



from xda-developers http://ift.tt/1MQLINC
via IFTTT

Aucun commentaire:

Enregistrer un commentaire