The problem is not the use of the word “backdoor”. The problem is WhatsApp having an intentional design that facilitates man-in-the-middle attacks.
Moxie is being ridiculous by claiming that all public key cryptography has the same problem. We all know how SSH screams at us when it detects a key change.
If WA lets you know the key changed, that’s not all different from SSH, or did I misunderstand?
It’s pretty much true that this is not the main point for moving to Signal, but the metadata is. Like what @fkooman said.
WhatsApp’s cryptic and benign-looking key change notification is disabled by default.
Prove it. Can I get the source, audit it, build my own client, and provide my own keys?
I’m also no big fan of Moxie’s semi dishonest style of replying to this, although he’s technically true of course (emphasis mine):
We believe that WhatsApp remains a great choice for users concerned with the privacy of their message content.
Of course, Facebook’s value (and NSA etc.) is (primarily) about the metadata anyway, so building your own client and having the source code wouldn’t solve that problem…
What annoys me a bit in this Guardian article is the focus on this relatively obscure problem, while there are more important things to worry about if you ask me.
What would that get you, exactly? Even if you could do all of those things, we’ve now reduced the problem to whether the version they’re distributing in the store is the same as the version they released the source code to.
On the other hand, you ought to be able to MITM yourself with the actual prod app and answers these questions with the exact version that’s in the store, which seems like it’d be fairly easy. (I don’t use/have WhatsApp, but I’ve done this in the past for other apps without too much issue just by installing custom certs and using a proxy.)
They did ask if they could build their own client, though :o
People who trust them can use the store build. People who don’t can build their own (unless you’re using a silly OS that doesn’t let you install your own apps, but don’t do that). That would be fine.
On the other hand, you ought to be able to MITM yourself with the actual prod app and answers these questions with the exact version that’s in the store
http://dilbert.com/strip/2001-10-25 . Encryption security almost always depends on random number generation, and it’s trivial for a subverted application - especially an application that’s already accessing crypto APIs - to generate numbers that look random but are actually known to an attacker.
[Comment removed by author]
The question is … how do we know it is really using the real signal protocol unmodified? The whole thing sounds like: “Trust me, I saw them implementing it, at the time.”. That’s why the open alternative is always preferable.
With this whole thing the trust was lost and people, from now on, will always have the doubt.
This helped to clarify the issue, but did not increase my confidence in Facebook at all.