Google, Facebook, WhatsApp and Others To Beef Up Encryption (thestack.com) 86
An anonymous reader writes: Tech giants including Google, Facebook, Whatsapp and Snapchat are looking to increase the privacy of user data by expanding their encryption features. The recent reports mark growing industry support for Apple in its fight to not allow authorities backdoor access into users' devices. Facebook has suggested that it is increasing privacy of its Messenger service, while its instant messaging app Whatsapp also confirmed that it would be extending its encryption offering to secure voice calls. Others reportedly joining the industry shift include Snapchat, which is working on securing its messaging service, and search heavyweight Google, which is currently developing an encrypted email project. From The Guardian's substantially similar story from which the above-linked article draws:
WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the service's messages. The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: "Our freedom and our liberty are at stake."
His efforts to go further still are striking as the app is in open confrontation with governments. Brazil authorities arrested a Facebook executive on 1 March after WhatsApp told investigators it lacked the technical ability to provide the messages of drug traffickers. Facebook called the arrest "extreme and disproportionate."
The sooner, the better on this front: as TechDirt points out, WhatsApp may be next on the list of communication tools to which the U.S. government would like to give the Apple Treatment.
As Bruce Schneier observed... (Score:1)
Everybody wants to have privacy from everyone except them.
Does this mean for a moment that Facebook won't harvest your personal data for their advertisers, and Google won't track your behavior around the internet? No, it does not. It just means they don't want to share. Few to none of these companies want you to have actual privacy or anonymity online.
Re: (Score:2, Insightful)
End to end encrypted... how? In theory, even if the messages are stored encrypted in the client, FB, et. al. could be forced to push a patch to add an ADK, not encrypt, or other means.
The ideal is to have the encryption layer separate from any messaging layer. This is why I like PGP/gpg. It encrypts/decrypts, and doesn't really give a care about what protocol is uses.
Re: (Score:1)
Uhh by having the client handle encryption and decryption so that no decrypted data is ever in the hands of a third party. You know, just like many other programs and services are capable of doing.
Re: (Score:2)
I believe that FB and Google use https so they do have end to end encryption.
If you are trying to argue that nobody should be able to read FB or Google Hangout messages they you are kind of missing the point of FB and Hangouts.
If you don't want people to read FB and Hangout messages, don't post there.
Re: (Score:2)
A key part of the functionality of both Google and Facebook messengers is that the messages are archived on the server and available from any browser or client app that you log in with. This could not be done if the messages were encrypted end to end.
Re: (Score:2)
Neither Facebook or Google call their services "instant messaging". I think they qualify but if you don't and you are looking for something that does then they are not the right services for you.
What's up with WhatsApp? (Score:2)
I mean...with modern plans, txt messaging has been unlimited and free for quite awhile now...so, why bother with a 3rd party app. that I assume you have to have both parties using for it to work?
Txt messaging is pretty much universal if you have a cell phone...right?
I'd be interested in the newer encrypted services, voice would be quite interesting..but won
Re: (Score:2)
Whatsapp has been very popular outside the US for a while. I know America was very slow to pick up on SMS/IM in general, but the many benefits of data-based IM include: encryption, sent/read notification, photo message, video message, audio-clip message, all 'free' on Wifi and relatively inexpensive on a data plan, compared to MMS, and in particular when sending messages internationally, which I guess is a lot more common in Europe and Asia than it is in the U.S.
iMessage and BBmessage have the same adv
Re: (Score:2)
There are services that offer that functionality. These are not them. Choose the service that meets your requirements.
Re: (Score:2)
Who did say that they were? No one did, because they aren't. Did you have a point or are you just trying to look like an ass?
My point is that you are wrong in saying that they should because that would break how they work. If you want a service with end to end encryption and that doesn't keep your messages in a centralised location you simply need to look elsewhere. The services they are offering are completely different from what you want.
Re: (Score:2)
Please explain how conversations could be available from any browser you log in on if the messages are encrypted ended to end and the provider doesn't have access to the contents.
Calling me a shill doesn't magically make your idiocy right.
Re: (Score:2)
What moving goalpost? That's how Facebook and Google both work now, you idiot.
Re: (Score:1)
It just means they don't want to share.
Whatever they harvest and keep they will have to share if the government says so. And if they don't keep it, the government can order them to do that also, with a gag order. The only way out is for the company to dissolve so the government doesn't have a target to sanction or an executive to arrest.
Re: (Score:2)
Exactly. I hope these companies are forced to divulge all of my personal information and secrets. That will show them [wikipedia.org]. Hah!
Re: (Score:1)
Everybody wants to have privacy from everyone except them.
Does this mean for a moment that Facebook won't harvest your personal data for their advertisers, and Google won't track your behavior around the internet? No, it does not. It just means they don't want to share. Few to none of these companies want you to have actual privacy or anonymity online.
In a perverse way, this actually works:
1) it still gives you (the consumer) ultimate control over who gets your data (by choosing the product(s) you use, that is)... and in a way, you can even partially control what data they get (fake statistics, fake addresses, fake whatever...)
2) It still keeps fascistic governmental tendencies at bay.
Re: (Score:1)
Buy a $10 throwaway phone or SIM card and use that.
Corporate Oligarchy (Score:3, Insightful)
Let's not celebrate replacing a nominally democratic republic with a corporate oligarchy. Bad things will happen when large corporations are completely above the law.
Re: (Score:1)
You would have to be breaking the law in order to be above it.
Now, I grant you that Apple, and the newly-found et al. are doing things that fly in the face of a court order, however, they appear to be going through all the proper channels to invalidate that court order.
Re: (Score:3)
Hard to mine data that's encryped. (Score:1)
Re: (Score:2)
Don't think for a minute any one of these companies will do anything that inhibits their ability to mine your data.
Newsflash - the apps themselves do that without any need to compromise encryption on the device/computer/whatever.
Besides, even if $evilAppDataMiner was scouring your drives for every last bit of information, you'd want that datastream (to your servers) encrypted too, if only to prevent the competition from snagging your hard-earned data.
This is good news... (Score:3)
Dance like no one is watching, but encrypt like everyone is.
It's good to see industry actually doing the right thing for once. I just hope the US Supreme Court does the right thing and tosses this whole mess...
Re: (Score:2)
Fun thought: perhaps the US government is using reverse psychology in a clever scheme to secure American technologies. Think of it - if the government had mandated the use of strong encryption to protect citizen's data you would expect tech companies to complain about burdensome regulations and the onerous cost of implemention. By actually demonstrating the existential threat tech devices pose to privacy, they've got companies voluntarily scrambling to incorporate strong encryption into their products. Bri
Re: (Score:2)
The government does not want communications to be encrypted, it goes against everything they've worked towards for decades.
Because of blatant overreaching (Score:5, Insightful)
This is happening not just in support of Apple, but because the US has announced they will be using their surveillance infrastructure for law enforcement, not just antiterrorism.
https://www.washingtonpost.com... [washingtonpost.com]
Re: (Score:2)
This is happening not just in support of Apple, but because the US has announced they will be using their surveillance infrastructure for law enforcement, not just antiterrorism.
This kind of thing won't happen when Obama^h^h^h^h^h Sanders is president!
Re: (Score:2)
As compared to Hitler? Cause, you know, you can trust HIM right?
I'll assume you're talking about Trump. No, I don't trust him either, and I'm not voting for him if he becomes the GOP nominee (or any of the others). I'll end up voting for someone who isn't going to win instead of the lesser of two evils. I'm just pointing out the Pollyanna-ish beliefs people hold about politicians are foolish.
Re: (Score:1)
Law enforcement IS terrorism. Yes, I live in Yakima, WA.
Er... sure, sometimes bad law enforcement is terrorism--using terror to accomplish political objectives.
Good law enforcement wrestles with the questions of when it is best to punish people and when it is best to warn them for violating the law, wrestles with questions about when you need to prosecute someone to discourage bad behavior in the community, wrestles with questions like where the boundary should be between the needs of law enforcement to legitimately deter and detect crime and the individual sphe
Cops are neither demons nor perfect (Score:1)
Er... sure, sometimes bad law enforcement is terrorism--using terror to accomplish political objectives.
Good law enforcement wrestles with the questions of when it is best to punish people and when it is best to warn them for violating the law, wrestles with questions about when you need to prosecute someone to discourage bad behavior in the community, wrestles with questions like where the boundary should be between the needs of law enforcement to legitimately deter and detect crime and the individual sphere of privacy that defends individuals against government intrusion.
That is truly informative.
I would really appreciate my local LEO's if they were to struggle with these complicated issues.
However I can state that *NOWHERE* in this country does such a struggle take place.
If you truly believe it does then you a just another dumb running around deaf, dumb and blind.
It doesn't happen with every case, but it certainly happens.
1. Punish v. Warn: this one happens all the time, on the beat. Cops decide to write a ticket for violating a city's open container law or to ignore it; they decide whether to give you a warning for going over the speed limit or to write you a ticket; they decide whether to give you a ticket or to arrest you and tow your car; they decide whether to make twenty-year-old throw out his beer or whether to arrest him for it.
2. When you need to prosecut
Futile. (Score:3, Insightful)
From both sides now (Score:5, Interesting)
Re: (Score:3)
Re: (Score:1)
It doesn't matter if you have one. If your friends have one and enter your contact info into it, then you don't have to directly participate in order for the damage to still be done.
And ever more that might include things like audio clips of conversations you have with friends in front of the device.
You can't escape the issue by sticking your head in the sand.
Re: (Score:2)
Re: (Score:2)
You should study those reports in more detail. It's not like people are just reaching out and grabbing data from random people's phones. The security model on Android and iOS is actually pretty good, and so far no mass exploits have happened. Occasionally there are some trojans for either OS, but you can't prevent user stupidity and presumably you are not that stupid.
Maybe the iCloud leaks put you off, which is a fair point. Google supports 2 factor auth, and I think Apple does too now. There seems to be th
Re: (Score:2)
Re: (Score:2)
It's not speculation. Recent history suggests that phones are actually rather secure. As I pointed out, there have been no incidents of mass hacking of handsets that were not down to user stupidity (installing dodgy apps from dodgy sources).
The onus is on you to show that they are insecure. The way the OS is built on phones, with defence in depth, makes them likely more secure than the average desktop PC. How many PCs are encrypted by default?
You should be more worried about your utility companies or hospit
Re: (Score:1)
The vendors do not have the power that the government has. The government can jail you or even execute you. Vendors cannot.
Miss-information in a vendor data base can ruin your credit rating, but miss-information in a government data base can have you hanged.
Re: (Score:2)
Re: (Score:2)
Hmm.
There is a minor difference.
One of them you can choose not to install and / or use. The other is forced upon you without your knowledge or consent.
Usually, I'll consider an app right up to the point where it tells me what it will have access to if I install it. Once I see how
over-reaching the apps permissions are, I'll change my mind and that's that.
What is the same is that, in both cases, the lack of public acceptance will force a change. If the app builder wants to continue
selling their product, th
Re: (Score:2)
Re: (Score:2)
Should app vendors get to scan our address book, read our messages, tap our mic, and collect our position 24/7?
no of course not.
that just a few of the things we have already lost.
those are just a few of things people have forfeit in the name of convenience. sure, i don't have the latest whizbang bullshit but i still have my privacy.
Governor Tarkin, I recognized your foul stench... (Score:2)
The more you tighten your grip, the more star systems will slip through your fingers.
pendulum swinging (Score:4, Insightful)
For the last couple of decades, law enforcement / intelligence agencies have had the benefit of all this data and metadata simplifying their detection and solving of crimes. They were able to use all this technology to their advantage because they had access to everyone's communications, and everyone was putting more and more of their communications online or using centralized tools that the FBI could listen to.
As a result of that, the FBI got used to that capability, and thought that being able to solve a crime with only 2 guys tapping a phone should be the norm. Instead of say, having to put 5 guys undercover, inside a crime organization, or have more law enforcement officers on the corners of streets. When was the last time you saw a policeman "walking his beat"? Not any more.
And now the pendulum has swung the other way. Now that people have the tools to safeguard their communications, the FBI is finding that the levels of staffing or intelligence resources are not matching the capability of individuals to counter it.
Yet the FBI is not helpless. They did solve crimes before wiretaps and modern technology. Do you remember that? They are just unhappy that their outdated tools now are making them expend more effort to gather similar information that would help them solve crimes. It just has to be more manual.
No one said things would stay the same forever. And none of their arguments are highly principled -- they just want crime prevention and solving to be easier and cheaper. They have not said that they would never have foiled crime without technology. If that were true, why are there even field agents? Technology doesn't make it impossible, just like it wasn't impossible before the cell phone. It is totally within reason for people to adopt technology that makes some things easier to do their job, and other things harder for others to do their job - that's what technology is all about.
Re: (Score:1)
Of course, if we'd stop prosecuting victimless crimes like drug use, or stop literally manufacturing criminals like every FBI terrorism 'sting' operation ever, they'd save a whole lot of money and resources for going after people who actually cause harm to others. The FBI is more concerned with people who cause harm to the state and to the rich than they are about anything else, and it's time they get their easy data mining turned off because of it.
Users need 100% user-controlled encryption option (Score:3)
Re: (Score:2)
What we need is some kind of portable version of Apple's secure enclave protected by a pin and a self destruct mechanism. A Yubikey NEO on steroids.
Re: (Score:2)
Google can't decrypt the data without your password...
Which is why Google, Facebook, or any of these other "free" services will never do something like that. The entire reason these services exist is to harvest that data. What needs to happen is for people to realize that these services cost something to provide and be ok with self-hosting or paying a marginal amount of real money for these services instead of paying with unfettered access to their data. (Paying for email service is dirt cheap, especially compared with what you're paying Google if you actually
Re: (Score:2)
You already have that option. It's called run-you-own-postfix-and-dovecot.
The idea that Gmail should be secure is laughable; go back a decade and look at all the debate over Gmail (or go back another to see people having the same discussions about Hotmail). What you'll find is that all the Gmail defenders were saying "I don't care." I am not making this up: that was the essence of all those peoples' insanity defense.
I understand why people are finally changing their minds, but don't blame Gmail. Webmail is
Lol at Facebook (Score:1)
Facebook securing your messenger chats is nothing about security at all. Facebook is the central server and has access to all messages whether they are encrypted or not. The only thing Facebook can achieve is to prevent third parties from eavesdropping. But they still have the content on their servers which can be handed over at will.
The encryption Apple is defending is the encryption of the data on the phone. It's not on the cloud, but simply on the phone. Facebook seems to be claiming security and privacy
Re: (Score:1)
An SlashAD! (Score:1)
it's personal (Score:1)
The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine.
- it should be personal for everybody, not just people who have come from parts of the world where in the not so distant past (and in the present) the government has been and is the main villain. It should be understood that any government at all, regardless of what you think of it today is capable of being a villain because it has the power to be the villain. An individual can be a villain and do some damage, a villain government can and does massive amounts of damage to many, sometimes to millions and
Doesn't mean a fucking thing ... (Score:2)
Since that potentially means any country, then that probably also means development distributed amongst multiple, mutually hostile nationalities. Which will go down like a lead balloon with La Trumpette and the people afraid of offshoring.