1. 20

TLDR: WhatsApp will automatically send messages, even if a key changes, potentially revealing them to a MITM, and there’s nothing users can do about it.

Now Moxie is saying this behavior is coming to Signal. I.e. it will let you know that a key changed, but you won’t be able to prevent message delivery.


  2. 3

    It’s become clear to me by watching the permissions of Signal increase and a few other comments re design choices (i.e., centralization) that Moxie/OWS has shifted from “hardcore secure” to “likely secure”. This is, IMO, the correct choice for adoption. But I’m very glad I’m not trying to hide my communications from serious operators with Signal.

    As a note: this reveals the subtle flaw in “open” systems with centralized infrastructure that are being operated by a central dictatorship. It’s not actually open, it’s under lock and key control by root@signal-operators.whatever. It is, however, open for some level of inspection and relatively transparent. Here is the strength of GPG: it is actually open, and does not require the operations of some trusted third party (GPG is, of course, a lousy system in many ways, but not this way).

    1. 5

      Too bad about that shift. I guess adoption is paramount, but it sounds like we’ll miss out on the safety in numbers thing. You know, if everybody uses hardcore security by default, journalists etc can blend in just by being normal.

      If journalists have to change a setting or use a different service, they can get flagged. Sorry, I mean “could get flagged, hypothetically, in some kind of dystopian future”. :)

    2. 3

      Someone uses Silence and it’s a nice fork that maintains SMS transport. I can see it becoming more popular if Signal will change like Moxie claims.

      1. 2

        Sadly it won’t work on iOS which reduces it’s usability. And that someone you are thinking of is CopperheadOS.

      2. 2

        The only reason I’ve had failed received messages are because the sender had to purchase a new phone.

        It would have been very convenient for me if it showed me the messages along with a notification to re-verify the contact.

        What are the risks of having a notification as opposed to .. just not receiving the messages at all? Maybe I don’t understand.

        1. 11

          What are the risks of having a notification as opposed to .. just not receiving the messages at all? Maybe I don’t understand.

          So, it currently already shows you a notification. It just doesn’t, as well, send your message. In other words, say I’m having a private conversation with you and a MITM steps in. Currently, when I send a message, that message is not sent to the MITM. Instead, a notification is shown telling me that your identity has changed and that I should first verify it. This is not what happens in WhatsApp, apparently. In WhatsApp, it simply sends my message to the MITM as though nothing were wrong, revealing information that was meant for you to someone else, and (maybe depending on whether or not you’ve checked some box somewhere), says something like, “Oh by the way, we just revealed your message to what might be a new phone! Carry on!”

          1. 5

            If you’re discussing something that would result in your government imprisoning you, it’s a pretty big fail.

          2. 2

            This shouldn’t be marked as “via” because @itistoday published the linked tweet

            1. 1

              Fixed, thanks.

            2. 1

              Wish I could stop using WhatsApp. I can’t because I use it for work.