Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients 29
An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.
Oh the irony (Score:5, Funny)
The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow.
With the previous story being 2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are
Re: (Score:3)
I mean come on now
OK (Score:3, Interesting)
Whatsapp is owned by Facebook, Facebook can not be trusted, Whispersystems is Moxie Marlinspikes gig, so has Moxie sold out? Possible but not probable so I'm going with "additional code" added to the package once the Facebook Balut's get their slimy claws on it.
What's a Balut?
https://en.wikipedia.org/wiki/... [wikipedia.org]
SubjectsInCommentsAreStupid (Score:2)
(please note: i do not have whatsapp).
Re: (Score:2, Interesting)
Messages to other users are simply not encrypted
Re: (Score:2)
At least not better encrypted than Whatsapp did before it started with this.
Did anyone analyse these implementations? Are they cryptographically sound?
Re: (Score:2)
Implemented only in Android? Then how do Android users communicate with everyone else? I'm missing something here...
WhisperSystems seems to confine its development efforts to the Android platform for some reason.
XMPP (Score:5, Insightful)
http://xmpp.org/rfcs/rfc3923.h... [xmpp.org]
Seriously, stop using proprietary carpware.
Its one thing when proprietary offers you some benefit, but when it comes to IM, using anything other than XMPP from someone who supports federation is just as retarded as using email from someone who doesn't do proper SMTP.
Re: (Score:1)
Then please try to persuade all my friends and family members that currently use WhatsApp on their Android/iOS phones.
Re: (Score:2)
Is that such a strange thing, that people who don't have a clue about how computers work don't know this?
Re: (Score:3)
show me a free xmpp server that supports all the necessary XEPs for reliable message delivery on mobile devices. you'll find exactly 0.
if i remember correctly, only ejabberd caters for mobile users and that is only free for up to 5 users. (the gpl only version does not support all needed extensions)
even if you manage to find one, try to find a free jabber client that supports those xeps. you'll find exactly 0 (well, you'll find 1 on fdroid, but in play store, it's paid for).
so you see, at the moment, xmpp i
Re: (Score:2)
Can you name which client in fdroid is the reliable one you're talking about?
Re: (Score:2)
"conversations" supports xep-198 and xep-280. those 2 are the minimum for a functional mobile client. however, when i tried this messenger (6+ months ago), i found the user interface pretty but less than intuitive.
"yaxim" gives you those xeps too, but only 1 xmpp account is supported and it looks like it's from the nineties.
Re: XMPP (Score:2)
User Hostile Service (Score:1)
It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.
Whatsapp has recently been banning users of a Third-Party Whatsapp client for SailfishOS, rather than take direct legal action at the app developers.