The company says that the new feature is already available in the Android version of the Facebook-owned messaging provider, but the developers promised to work on an iOS alternative, as well as on encrypted messaging for group chat and media messages.
As you know, systems using end-to-end encryption are protected from breach due to the fact that the key, which unscrambles communications, is only stored on users’ mobiles. However, before the introduction of this feature, those keys were also stored by servers along with users’ phones, in order to provide Facebook or WhatsApp administrators access to messages.
Security experts point out that TextSecure encryption protocol is especially strong, because it uses a kind of “forward secrecy”. This means that a new key is being created for every message sent. The only other comparable service deployed on such a massive scale is, of course, Apple’s iMessage. However, the latter features one notable weakness: many people allow the system to back up their messages to Apple’s iCloud service, where protection isn’t as perfect.
In the meantime, Open Whisper Systems will continue to develop its other products, including RedPhone for Android, which will allow encrypted voice communications, and iOS Signal applications, which make protected calls and messaging.
The idea of the security developers is to make encryption the default on all devices. They believe that WhatsApp’s new encryption feature may not tempt some users away from TextSecure and Signal to Facebook, particularly if they are concerned about the metadata from their messages. Metadata is information that does not include the content of the communication, but only the additional info: the time and sides of it.
Although the developers didn’t comment on WhatsApp’s use of metadata, and on the topic of whether TextSecure was more secure as it wouldn’t share such data, they did say that TextSecure would always remain an application that is focused first and foremost on simple-to-use private communication.
Still, the suspicions are that handing such strong encryption to hundreds of millions of users may irk law enforcement bodies. As usual, any moves to protect private communication and prevent government from spying on people makes law enforcement bodies to suggest that encryption efforts will only benefit terrorists and other criminals. In respond, security experts argue that serious criminals have their own encryption instruments, which are just hard to use. Large-scale surveillance hurts only innocent Internet users.
Post a Comment