At Open Whisper Systems, our goal is to make private communication simple. For the past three years, we’ve been developing a modern, open source, strong encryption protocol for asynchronous messaging systems, designed to make seamless end-to-end encrypted messaging possible.
Today we’re excited to publicly announce a partnership with WhatsApp, the most popular messaging app in the world, to incorporate the TextSecure protocol into their clients and provide end-to-end encryption for their users by default.
Good news for WhatsApp users.
Wow. Whatsapp will suddenly move from one of the worst to one of the best messaging app, privacy-wise. Moxie will certainly advise them on other aspects of their app – the protocol is only half the battle, one needs also to make sure the app does not leak or retain sensitive information (it could be as dumb as the notification manager retaining plain text snippets:
https://twitter.com/jbrooks_/status/530815507981926400
).
Moreover, they have enough manpower to deploy and maintain clients for phones such as blackberry, S40 and symbian which are in the hands of many users in most third-world countries – which happen to be the ones who most need encryption. Whispersystems could have never done that.
Which makes me realise that blackberry users will have a *truly* secure messaging platform soon
Only problem is they’re owned by Facebook, a company that lives off your info.
Radio,
And with this, it’s right on cue to be shut down along with Lavabit and Silent Circle
On a serious note, there are lots of providers that do this actually, but none have been popular enough to reach ordinary users.
https://telegram.org/blog/cryptocontest
End to end encryption is good, but people should understand that the Metadata is still available for data collection by agencies. Having Whatsapp accounts tethered to phone numbers means that even more strong correlation becomes possible than other secure communication services.
One of the challenges with end to end encryption is getting the encryption keys to both parties. With PGP the keys were typically exchanged in person, so no one else needed to be trusted. With online providers you’d usually have to trust someone to act as a kind of certificate authority. So while the end to end encryption can make the communications safe from content interception, the challenge is verifying that you’ve actually encrypted it for the right person to read. Of course you can trust your provider to do it, but that’s an inherent security weakness.
Anybody know what Whatsapp does?
I see Jan Koum CEO of WhatsApp donated $1 million to FreeBSD as a thank you!
http://freebsdfoundation.blogspot.co.uk/2014/11/freebsd-foundation-…
The world needs more encrypted communication applications.
neticspace,
They exist, people just need to start to actually use them.
Personally I’d like to see a decentralized federated solution win over something run by a single company. However this may be wishful thinking, industry trends are going the other way. Companies prefer having users who are dependent on them. Like how google disabled the federated portion of XMPP for Google Talk.
https://en.wikipedia.org/wiki/XMPP#History