You may not realize that this is a big deal but I assure you, it is.
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People
You may not realize that this is a big deal but I assure you, it is.
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People
Funny enough it seems that encryption is not much of a problem in terms of catching terrorists. In the last couple of terror attacks in Europe, and the Boston bombing, and to a great extent the San Bernadino shootings, the terrorists used unencrypted communications, and still weren't caught. It seems that the intelligence agencies, by putting priority upon users of encryption rather than people who post and consume content that should highlight them as a threat, have focused so much on cypherpunks and now everyday people that they've missed the terrorists.
If you send your buddy a PGP-encrypted Happy Birthday message you will light yourself up like a Vegas casino and your message will be saved for eternity. But if you post attack plans in lightly-coded language on Twitter (Boston bomber), or pledge allegiance to ISIS on Vkontakte (San Bernadino shooters), or even talk & text freely about committing terror attacks over common cell phones that aren't registered to your name at the telco (recent attacks in Europe) apparently nobody bats an eye.
And that's before even getting into how much attention the intelligence agencies put on peaceful protest groups, which is another problem.
Good. The phrase "none of your damn business" needs to be heard in government circles more often.
Is it only between client and server so you only need to worry about Facebook listening, reading and spying on you - or whomever leans on them? Because that is protecting them - not you.
Or did they encrypt the traffic all the way to your endpoint? I doubt they would do that - I mean - what is in it for them if they can't target ads to the content of your IMs?
From what I understand they've indeed put full, proper, end-to-end encryption in place.
BTW, it's now possible to eliminate the certificate authority system (a convenient one-stop-shop for all your MITMing needs, in the eyes of intelligence agencies) and at the same time have proper 3rd-party verification of key signatures - for HTTPS and just about anything else you like too. A few people have figured it out including myself, but the person who introduces it to the public is going to make themselves very "interesting" indeed.
GameboyRMH wrote: It seems that the intelligence agencies, by putting priority upon users of encryption rather than people who post and consume content that should highlight them as a threat, have focused so much on cypherpunks and now everyday people that they've missed the terrorists.
You're not supposed to notice that! At least I think you aren't.
The latest encryption is nothing new. Just a repackaging of the likes of the decades old Pretty good Privacy and similar email encryption. Which still works pretty durn well.
This is endpoint to endpont which is really good. As far as I know they threw away the keys as well so they cannot be forced to break there own encryption.
But you can still see all the metadata associate with whom is talking to whom and where they were in terms of tower location as that is inherent to the network and code. That is it is collected and is still subject to a warrant.
New bill would require companies to decrypt data on demand.
This bill is currently only aimed at handset manufacturers.
Not sure if What'sapp would be required?
http://www.theverge.com/2016/4/8/11203928/feinstein-burr-encryption-bill-required-to-unlock-data
You'll need to log in to post.
