Jump to content
Not connected, Your IP: 13.58.203.104
jeuia3e9x74uxu6wk0r2u9kdos

WhatsApp backdoor allows snooping on encrypted messages

Recommended Posts

Hello!

 

Thank you for sharing. Although I struggle to imagine how anyone could be surprised, given who's involved


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

This is an overhyped bug. Just a usability enhancement to still push the first message even if the keys are changed.

Without it users who have no idea of the key exchange concept will have hard time communicating.

This is why Signal is usually more recommended for security minded people, the defaults are stricter, that's all.

Definitely not a backdoor, anyone who calls it a backdoor lacks the understanding of this meaning.

Some credible sources who actually know about infosec, unlike the Guardian journalists:

 

https://slashcrypto.org/2017/01/13/WhatsApp_backdoor/

https://twitter.com/matthew_d_green/status/819910068325990400


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Maybe so, zhang. But I still wouldn't use it. Telegram..... ChatSecure..... Signal.


During times of universal deceit, telling the truth becomes a revolutionary act. —George Orwell

The further society drifts from truth the more it hates those who speak it. —George Orwell

A lie is as good as the truth when everyone believes.

No one ever lost a dime underestimating the intelligence of the amerikan public. {Generally attributed to H.L. Mencken}

THANK YOU: Russia Today; Edward Snowden; Julian Assange; John Kiriakou; Thomas Drake; William Binney; Ray McGovern; Kirk Wiebe; Matt Taibbi; Sputnik News

Share this post


Link to post

Maybe so, zhang. But I still wouldn't use it. Telegram..... ChatSecure..... Signal.

Telegram isn't much to shout about though.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

Alrighty then... what about ChatSecure and Signal?


During times of universal deceit, telling the truth becomes a revolutionary act. —George Orwell

The further society drifts from truth the more it hates those who speak it. —George Orwell

A lie is as good as the truth when everyone believes.

No one ever lost a dime underestimating the intelligence of the amerikan public. {Generally attributed to H.L. Mencken}

THANK YOU: Russia Today; Edward Snowden; Julian Assange; John Kiriakou; Thomas Drake; William Binney; Ray McGovern; Kirk Wiebe; Matt Taibbi; Sputnik News

Share this post


Link to post

Signal is fine.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

With a smarphone (android or ios) you willl never be secure.

Why so?

 

What about Conversations (Jabber/XMPP)? Is it a good private/secure IM app for Android?


During times of universal deceit, telling the truth becomes a revolutionary act. —George Orwell

The further society drifts from truth the more it hates those who speak it. —George Orwell

A lie is as good as the truth when everyone believes.

No one ever lost a dime underestimating the intelligence of the amerikan public. {Generally attributed to H.L. Mencken}

THANK YOU: Russia Today; Edward Snowden; Julian Assange; John Kiriakou; Thomas Drake; William Binney; Ray McGovern; Kirk Wiebe; Matt Taibbi; Sputnik News

Share this post


Link to post

Using them will expose you to a host of monitoring protocols and you will not be protected from the device itself, and they are not 100% opensource. If you only want to change your IP address then it's fine, but if you are looking for privacy then avoid them. Find out by yourself.

Share this post


Link to post

I recommend Wire, open source fully encrypted, and has fantastic features.

 

https://wire.com/

 

route

https://crysp.uwaterloo.ca/opinion/wire/

 

The problems listed above weaken the security of Wire relative to competitors like Signal, but the problems are not insurmountable. The chat features offered by Wire have a very modern aesthetic that is very popular with users, and this makes Wire a very interesting offering. Users should be aware of these concerns before choosing to use Wire. While these problems are unaddressed, users should avoid using Wire audio/video calls for secure conversations, assume that Wire passwords could be silently compromised, treat the Wire application like a constantly updating web service rather than a semi-stable desktop application, and consider sandboxing Wire on sensitive systems.

Share this post


Link to post

I'm researching serveral messaging apps for my Android tablet (version 6.0.1). Thoughts/opinions on these? Conversations (Jabber/XMPP); Threema; Wickr; Pryvate.

Are there others I've overlooked? Surprisingly, Signal is NOT compatible with my tablet. Go figure....

Thanks very, very much for your input.


During times of universal deceit, telling the truth becomes a revolutionary act. —George Orwell

The further society drifts from truth the more it hates those who speak it. —George Orwell

A lie is as good as the truth when everyone believes.

No one ever lost a dime underestimating the intelligence of the amerikan public. {Generally attributed to H.L. Mencken}

THANK YOU: Russia Today; Edward Snowden; Julian Assange; John Kiriakou; Thomas Drake; William Binney; Ray McGovern; Kirk Wiebe; Matt Taibbi; Sputnik News

Share this post


Link to post

Often times the application is not the problem. The servers themselves can be compromised even if the application is totally secure. With that in mind, I suggest only using XMPP via AirVPN.

 

AirVPN actually does care about your privacy and security. If you can login to these forums, then you already have an account setup to use the XMPP server(s) AirVPN is providing free of charge to the world.

 

On the PC, I strongly suggest Pidgin. https://airvpn.org/topic/12159-pidgin/

https://www.pidgin.im/

 

But since most of this thread seems oriented towards Android, I suggest Xabber. https://airvpn.org/topic/12158-xabber/

http://www.xabber.org/

 

I am sure others have different ideas, and some are good, but why reinvent the wheel when you have a good wheel that rolls just fine already?


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

So what to make of this ?

"British interior minister Amber Rudd said on Sunday end-to-end encryption of messages offered by services like Whatsapp are "completely unacceptable"'

http://www.reuters.com/article/us-britain-security-rudd-idUSKBN16X0BE

 

It is hard to believe that an interior minister with responsibilities for anti-terror measures would be so poorly briefed and ignorant and incompetent. So what are the broader hidden agendas and disinformation ?

 

As well as any criminal or terrorist cell or network being able to quickly move between multiple secure messaging products in various jurisdictions, as a software developer / programmer / coder (we are hordes, in India, Africa, anywhere, ...) it is only a days work to build an application for android/windows/linux/apple/java/python that uses crypto libraries to link members of the Secret Society of Cat Worshippers for the terrorist War on Dogs using tcp sockets without any third party "service" that could be monitored.

And back in the last hundreds of years there are various methods of disguised messaging for anyone with serious stuff.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...