You are hereBlogs / dlindorff's blog / The house with the built-in backdoor: The Whattsapp Scandal

The house with the built-in backdoor: The Whattsapp Scandal


By dlindorff - Posted on 17 January 2017

By Alfredo Lopez

 

Since adding the feature in April, 2016, the Whatsapp app (or really its parent, Facebook) has paraded its "end to end encryption" as the reason to use it above all other smartphone message applications. It can handle calls, messages, video, files and just about everything any computer can and, because it's encrypted end to end, nobody can read, see or hear any of it unless you want them to.

The pitch has worked; over a billion people now use the app and it is particularly prominent among people who need encryption -- the computer protocol that makes reading your message impossible for anyone but the person you're sending it to.

Activists, particularly, use Whatsapp to communicate everything from places for emergency demonstrations to important announcements to the latest information about their personal lives. Whatsapp is, in effect, a universe of communications for a billion people. It does everything and everything it does is encrypted. With Whatsapp, they've been saying, you are safe from intrusion and spying.

The problem is, you're not safe at all; the encryption can easily be broken. That news, first made public in the Guardian [2], has provoked a public gasp and a joust between developers and activists covered by journalists who, anxious to provide both "sides", cloud the issue more than clarify.

Unlike many other debates, there aren't two sides to this story. Whatsapp is not safe because its encryption has a huge exploit (or weakness): a product of what the company says is an attempt to make life a lot simpler for its users. Basically, it rewrites the keys used for encryption without telling you and that means a third party (like the government) can decrypt what you've written.

This takes a bit of explanation. First, the basics...

Encryption uses keys -- long, random strings of numbers and symbols and letters that make no sense and cannot be guessed. You get two: a public key and a private key. When you send me an encrypted message, the encryption program garbles it beyond comprehension using my public key, which your email client downloaded (and saved) before sending me your first message.

When I get the email, I use my private key to decrypt it. If I don't have the private key, the email from you is unreadable: the garble the program turned it into. I apply my key and your message to me is magically transformed to human language. Unlike my public key that is all over the place, my private key is on my computer (or phone) and nowhere else.

That's the security and that's how the keys work in encryption.

Whatsapp works the same way except for one thing...

 

For the rest of this article by ALFREDO LOPEZ in ThisCantBeHappening!, the uncompromised, collectively run, five-time Project Censored Award-winning online alternative news site, please go to: www.thiscantbehappening.net/node/3420

CHOOSE LANGUAGE

Support This Site

Donate.

Get free books and gear when you become a supporter.

 

Sponsors:

Speaking Truth to Empire

***

Families United

***

Ray McGovern

***

Julie Varughese

***

Financial supporters of this site can choose to be listed here.

 

Ads:

Ca-Dress Long Prom Dresses Canada
Ca Dress Long Prom Dresses on Ca-Dress.com

Buy Books

Get Gear

The log-in box below is only for bloggers. Nobody else will be able to log in because we have not figured out how to stop voluminous spam ruining the site. If you would like us to have the resources to figure that out please donate. If you would like to receive occasional emails please sign up. If you would like to be a blogger here please send your resume.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.