Recently I wrote in a blog post “When The Privacy Advocate Becomes An Apologist For The Opponent” about the main stream media sponsored spat that had @Moxie from @WhisperSystems siding with @WhatsApp and @Facebook in a face off against @Guardian and their contributor @tobiasboelter (Security and Crypto at UC Berkeley) in a “man in the middle” versus “design” versus “vulnerability” versus “backdoor” versus “privacy” versus “convenience” versus “user experience” tit for tat.
1. Is Moxie Still An Anarchist?
I said of Moxie Marlinspike that:
“When the advocates become apologists for the mainstream then they longer deserve to be called advocates in the purest sense of the word. And Moxie does consider himself “pure”. He is not. In July 2016 Wired wrote “Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us” but being an “anarchist” and an ally of Zuckerberg are incompatible ideological stances.”
The blog post drew some comment on Peerlyst and elsewhere that took the debate in a number of different directions that I think are worthy of note. My personal belief is that WhatsApp is a more inferior app than most people will accept and that Moxie’s stance also leads me to doubt the once unassailable position of Signal as a trustworthy option.
“Your assertion that Moxie fundamentally is no longer an anarchist when he sides with Zuck holds. And you’re right it matters that they made this design choice, and yes it can be a threat if you have Governments in your threat model. I cannot argue with you at all. My only point, and thanks for the mention, was that it wasn’t, as such, a backdoor.”
Conclusion: Moxie is not an anarchist
2. Are Farcebook Deliberately Hobbling WhatsApp?
This comment led me to ask:
“I agree with you Peter and my post is only expressing my view from the lens of being one of those “crypto geeks” that you and Dave Howe were discussing on the original thread. I accept all of the points that you both make about barriers to entry / usage and cost factors for “average” users in adopting escalating levels of security. But would you agree with the statement that:
“WhatsApp have made a design choice that can be exploited as a backdoor – the rest is semantics”?
Boelter in his articles laments the fact that Farcebook, after being notified of the weakness in the “design-choices” that they had made for WhatsApp, still refused to take action.
This to me betrays an unwillingness to properly secure the platform for whatever reason and while I accept that a legitimate interim position between releases of a product is to state “it is good enough – for now – but lets see if we can make it even better” that does not seem to be what the Farcebook approach is to ongoing WhatsApp app hardening.
I really liked what Dave Howe had to say in reply to my original comment:
“I can agree totally on the first part of that. WhatsApp have made a design choice that can be exploited as a backdoor.
In fact, I would go further; WhatsApp have made a series of poor design choices which impact severely the security of the solution.
The first is that mail will be retransmitted without an option to block if a new device is added.
The second is that a new device can be added and, by default, this will be silently accepted by the system, and
The third is that the account holder has no reliable way to know a new device was added unless WhatsApp notify them – which of course for a TLA “listening tap” will not happen.
However, “the rest is semantics” I disagree with.
The impact of these poor choices is severe, but the solution is still better than it was before the protocol was added, and more importantly, now WhatsApp is aware of the mistake, it is in a position to fix it.
The detail is therefore important, and while a lot of crypto purists would class anything not a provable success as an abject failure, a more pragmatic security enthusiast will take any improvement as an improvement, and work to build on that platform.
Similarly, to a purist, a system is broken if, given a compute cube the size of the moon, you could break a message on average every thousand years or so – while a pragmatist would say “it’s good enough – for now – but lets see if we can make it even better”
We need to push them to get better. If nothing else, this “backdoor” publicity put this in the public eye (only for Brexit and Trump to push it back under cover of course).
I have to wonder if there is some sort of instruction preventing them from doing so – I know they can insist on that in the UK now, but I wasn’t aware this was true in the US yet (See my blog post Silencing the Canary & The Key Powers & Reach of The IPA)
Solution is obvious though – increase user choice, and make it so they can turn that *off* if they want to, not off by default.
New device added? Have confirmation of new devices as an option.
Until confirmed, new messages will *not* be encoded to the new key, so you can email the old keyset asking if they really have added a new device.
Options can have “auto accept” “ask” and “deny” with the default set to “ask”.
Unacknowledged messages? Have that only resend if the new device is confirmed, and not until; that takes care of that problem too.
If users then choose to disable the “annoying popup” then that’s their choice, not something imposed on them by Farcebook.”
Aside from the poor “design choices” that are covered in “When The Privacy Advocate Becomes An Apologist For The Opponent” and above by Dave here are a few more “design choices” WhatsApp chose not to include from the SIGNAL protocol:
Ability To Password Protect The WhatsApp App
WhatsApp does not have any password system built into the app. WhatsApp say there are many apps in the Google Play store that provide that functionality so just tag on a third party app to make it even weaker
“Disappearing Messages” Option in WhatsApp
There is no “disappearing messages” option in WhatsApp.
Conclusion: Yes Farcebook are deliberately hobbling WhatsApp IMHO. Their reasons? I do not know but I do not accept “user experience” as a justification.
3. Does SIGNAL Leak?
Would anyone care to comment on this statement regarding the signal app and “leakage”:
“Note that Open Whisper Systems, the makers of Signal, use other companies’ infrastructure to send its users alerts when they receive a new message. It uses Google on Android, and Apple on iPhone. That means information about who is receiving messages and when they were received may leak to these companies.”
Found at on a post on ELECTRONIC FRONTIER FOUNDATION Surveillance Self-Defense.
Conclusion: I don’t know