Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well, they also published those papers you see now.

On the other side, there's an organization that by definition asks you to take them on their word that everything they good is for your own good...



They published the papers with a heavy dose of spin. Remember how the headline contained FUD about Signal and WhatsApp? The released documents have nothing about sidestepping Signal and WhatsApp. That was pure conjecture and editorializing.

Of course WikiLeaks wants ordinary people to be vaguely afraid of using Signal and WhatsApp. End-to-end encryption is very much counter to their goals.


Wasn't whatsapp all over the news for its "replace the encryption key transparently without notifying the user" feature ? Also facebook.

I don't trust signal, a centralized that requires a phone number while pretending to be secure and providing some anonymity is flawed by design and begging to be exploited.


The reporting you're talking about has been widely denounced by actual security experts, with 70 of them signing a letter asking the Guardian to retract its inaccurate story. Your position is about as responsible as saying "I don't trust vaccines, they kill people".

http://technosociology.org/?page_id=1687

Get off the FUD brigade.


It's not FUD: it's just a threat model WhatsApp and those experts do not care for, or alternatively think is a worthy the UI/UX trade-off.

FWIW, I strongly disagree with this stance: if the recipient's key changes while the message is in-flight, that message should never be resent/delivered without the sender's explicit approval. Imagine that Bob is a political activist planning a protest. Bob is wondering why his IMs to a co-conspirator Alice aren't being delivered; Bob's wonder turns to fear when he hears on the news that Alice has been detained. Fear turns into terror when Bob sees his messages subsequently get two blue ticks as WhatsApp happily delivers his IMs to a new phone belonging to the secret police. Only afterwards does WhatsApp notify Bob that Alice's key has changed


OWS never claim that Signal provides anonymity. The word they use is privacy which sometimes involves being anonymous, but not necessarily so.

> Wasn't whatsapp all over the news for its "replace the encryption key transparently without notifying the user" feature ? Also facebook.

Which was a conscious design decision. Not doing that (even for people that had turned on "notify on key changes"), would let whatsapp know which users could be securely MITM'd. Neither is a very good choice, but an understandable trade-off when it comes to security vs usability.


I haven't read overly deep into the documents, but if they have rootkits for the main devices (iPhone, android, linux, OSX, windows) that you are using E2E encryption on they can easily sit between the decryption layer and the user.


Yes, and they can also hypothetically send nude pictures of you to all your friends and family, but that wasn't the headline for some reason.

You can do lots of things when you've owned someone's phone. The big news is that they're targeting phones instead of services.

Given that, it's very peculiar to focus on the services WikiLeaks wants you to be afraid of anyway, when they're mentioned nowhere in the documents.


> End-to-end encryption is very much counter to their goals.

What would those goals be?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: