Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Communications Facebook Government Privacy Social Networks Twitter United States

Google, Facebook, WhatsApp and Others To Beef Up Encryption (thestack.com) 86

An anonymous reader writes: Tech giants including Google, Facebook, Whatsapp and Snapchat are looking to increase the privacy of user data by expanding their encryption features. The recent reports mark growing industry support for Apple in its fight to not allow authorities backdoor access into users' devices. Facebook has suggested that it is increasing privacy of its Messenger service, while its instant messaging app Whatsapp also confirmed that it would be extending its encryption offering to secure voice calls. Others reportedly joining the industry shift include Snapchat, which is working on securing its messaging service, and search heavyweight Google, which is currently developing an encrypted email project. From The Guardian's substantially similar story from which the above-linked article draws: WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the service's messages. The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: "Our freedom and our liberty are at stake." His efforts to go further still are striking as the app is in open confrontation with governments. Brazil authorities arrested a Facebook executive on 1 March after WhatsApp told investigators it lacked the technical ability to provide the messages of drug traffickers. Facebook called the arrest "extreme and disproportionate." The sooner, the better on this front: as TechDirt points out, WhatsApp may be next on the list of communication tools to which the U.S. government would like to give the Apple Treatment.
This discussion has been archived. No new comments can be posted.

Google, Facebook, WhatsApp and Others To Beef Up Encryption

Comments Filter:
  • by Anonymous Coward

    Everybody wants to have privacy from everyone except them.

    Does this mean for a moment that Facebook won't harvest your personal data for their advertisers, and Google won't track your behavior around the internet? No, it does not. It just means they don't want to share. Few to none of these companies want you to have actual privacy or anonymity online.

    • It just means they don't want to share.

      Whatever they harvest and keep they will have to share if the government says so. And if they don't keep it, the government can order them to do that also, with a gag order. The only way out is for the company to dissolve so the government doesn't have a target to sanction or an executive to arrest.

    • by halivar ( 535827 )

      Exactly. I hope these companies are forced to divulge all of my personal information and secrets. That will show them [wikipedia.org]. Hah!

    • Everybody wants to have privacy from everyone except them.

      Does this mean for a moment that Facebook won't harvest your personal data for their advertisers, and Google won't track your behavior around the internet? No, it does not. It just means they don't want to share. Few to none of these companies want you to have actual privacy or anonymity online.

      In a perverse way, this actually works:

      1) it still gives you (the consumer) ultimate control over who gets your data (by choosing the product(s) you use, that is)... and in a way, you can even partially control what data they get (fake statistics, fake addresses, fake whatever...)

      2) It still keeps fascistic governmental tendencies at bay.

  • by Anonymous Coward on Monday March 14, 2016 @12:28PM (#51694609)

    Let's not celebrate replacing a nominally democratic republic with a corporate oligarchy. Bad things will happen when large corporations are completely above the law.

    • You would have to be breaking the law in order to be above it.

      Now, I grant you that Apple, and the newly-found et al. are doing things that fly in the face of a court order, however, they appear to be going through all the proper channels to invalidate that court order.

    • I see a real gap in the mindset of the public where app vendors get the WHOLE MAGILLA.. everything on your phone and the Govt is overreaching when it wants it in select cases. Keeping in mind the WaterGate plumbers union, we could have a documented process to cover all system compromises... secret, but recorded. Would our founding fathers want the state to protect itself from such endogenous and exogenous threats on a limited basis?
  • by Anonymous Coward
    Don't think for a minute any one of these companies will do anything that inhibits their ability to mine your data.
    • Don't think for a minute any one of these companies will do anything that inhibits their ability to mine your data.

      Newsflash - the apps themselves do that without any need to compromise encryption on the device/computer/whatever.

      Besides, even if $evilAppDataMiner was scouring your drives for every last bit of information, you'd want that datastream (to your servers) encrypted too, if only to prevent the competition from snagging your hard-earned data.

  • by Penguinisto ( 415985 ) on Monday March 14, 2016 @12:31PM (#51694631) Journal

    Dance like no one is watching, but encrypt like everyone is.

    It's good to see industry actually doing the right thing for once. I just hope the US Supreme Court does the right thing and tosses this whole mess...

    • Fun thought: perhaps the US government is using reverse psychology in a clever scheme to secure American technologies. Think of it - if the government had mandated the use of strong encryption to protect citizen's data you would expect tech companies to complain about burdensome regulations and the onerous cost of implemention. By actually demonstrating the existential threat tech devices pose to privacy, they've got companies voluntarily scrambling to incorporate strong encryption into their products. Bri

      • The government does not want communications to be encrypted, it goes against everything they've worked towards for decades.

  • by Etherwalk ( 681268 ) on Monday March 14, 2016 @12:34PM (#51694653)

    This is happening not just in support of Apple, but because the US has announced they will be using their surveillance infrastructure for law enforcement, not just antiterrorism.

    https://www.washingtonpost.com... [washingtonpost.com]

    • This is happening not just in support of Apple, but because the US has announced they will be using their surveillance infrastructure for law enforcement, not just antiterrorism.

      This kind of thing won't happen when Obama^h^h^h^h^h Sanders is president!

  • Futile. (Score:3, Insightful)

    by Fire_Wraith ( 1460385 ) on Monday March 14, 2016 @12:34PM (#51694655)
    All the US Government is going to do with this is force all of these companies to go overseas, or largely go out of business, because eventually the only ones left in the USA will be doing business only in the US.
  • From both sides now (Score:5, Interesting)

    by See Attached ( 1269764 ) on Monday March 14, 2016 @12:44PM (#51694713)
    Should app vendors get to scan our address book, read our messages, tap our mic, and collect our position 24/7? that just a few of the things we have already lost. Why should it be OK for app vendors to suck our lives dry but claim the High Ground (TM) when the government comes calling? its Big Time double speak. If we care more about the government peeking over our shoulder, why do we so easily surrender to the software vendors?
    • If these things concern you that much, then take example from me: I don't currently have, and do not wish to own, a smartphone of any sort. Seems like every single day I read some news story or other about precisely what you're talking about: some security breach on smartphones due to such-and-such app or exploit. Why would I subject myself to owning a device that's got all the integrity of a colander? Or is dealing with an unsecurable technology worth it for mere convenience?
      • by Anonymous Coward

        It doesn't matter if you have one. If your friends have one and enter your contact info into it, then you don't have to directly participate in order for the damage to still be done.

        And ever more that might include things like audio clips of conversations you have with friends in front of the device.

        You can't escape the issue by sticking your head in the sand.

        • I'm not 'sticking my head in the sand' you jackass. Why the hell would I get a goddamn smartphone then stand there tapping my feet impatiently demanding someone else make it 100% secure when I know damned well the only factor involved in that that is in my control is not owning one in the first place? Wireless companies only care if they're getting sued over it. App authors who write apps that steal data obviously don't give a crap. The government also doesn't care until some law is broken. The only control
      • by AmiMoJo ( 196126 )

        You should study those reports in more detail. It's not like people are just reaching out and grabbing data from random people's phones. The security model on Android and iOS is actually pretty good, and so far no mass exploits have happened. Occasionally there are some trojans for either OS, but you can't prevent user stupidity and presumably you are not that stupid.

        Maybe the iCloud leaks put you off, which is a fair point. Google supports 2 factor auth, and I think Apple does too now. There seems to be th

        • See, you're just speculating, because it's a total crap-shoot so far as what's secure and what isn't; nobody really knows, and it's not like I could pick only open-source apps (because there is no such thing) download only the source code (because there is none), examine it thoroughly, then compile it and install that binary on my phone (because you're not allowed to do that anyway, ironically enough for 'security' reasons, or so I believe it to be the case). I don't even feel they're secure enough for me t
          • by AmiMoJo ( 196126 )

            It's not speculation. Recent history suggests that phones are actually rather secure. As I pointed out, there have been no incidents of mass hacking of handsets that were not down to user stupidity (installing dodgy apps from dodgy sources).

            The onus is on you to show that they are insecure. The way the OS is built on phones, with defence in depth, makes them likely more secure than the average desktop PC. How many PCs are encrypted by default?

            You should be more worried about your utility companies or hospit

    • by Anonymous Coward

      The vendors do not have the power that the government has. The government can jail you or even execute you. Vendors cannot.

      Miss-information in a vendor data base can ruin your credit rating, but miss-information in a government data base can have you hanged.

      • Government has Immense power? Sounds like App Vendor is holding the cards. Maybe we need to use encryption from the user level and keep the app vendors out of the value stream.
    • Hmm.

      There is a minor difference.

      One of them you can choose not to install and / or use. The other is forced upon you without your knowledge or consent.
      Usually, I'll consider an app right up to the point where it tells me what it will have access to if I install it. Once I see how
      over-reaching the apps permissions are, I'll change my mind and that's that.

      What is the same is that, in both cases, the lack of public acceptance will force a change. If the app builder wants to continue
      selling their product, th

      • Thats why i didn't install the Facebook app on my phone. It reaches too far. Am with you on that. As far as privacy goes, I don't mind being watchable, but don't want to pay for every bit/byte to be reviewed by someone... unless there is a purpose. Would i rather have Google or Facebook or the Govt monitor my every moment? no, there is nothing in it for me. This whole apple privacy thing shows that Steve Cook wants to be more important than the government. We as a society should make the choice as to wh
    • Should app vendors get to scan our address book, read our messages, tap our mic, and collect our position 24/7?

      no of course not.

      that just a few of the things we have already lost.

      those are just a few of things people have forfeit in the name of convenience. sure, i don't have the latest whizbang bullshit but i still have my privacy.

  • The more you tighten your grip, the more star systems will slip through your fingers.

  • pendulum swinging (Score:4, Insightful)

    by supernova87a ( 532540 ) <kepler1@NoSpaM.hotmail.com> on Monday March 14, 2016 @12:55PM (#51694765)
    Here's what the real issue is: the amount of effort spy/law enforcement agencies want or have to spend to be able to detect and solve crimes. And the fact that now the pendulum is swinging to where they have to get back to spending real time and effort to solve and prevent crimes.

    For the last couple of decades, law enforcement / intelligence agencies have had the benefit of all this data and metadata simplifying their detection and solving of crimes. They were able to use all this technology to their advantage because they had access to everyone's communications, and everyone was putting more and more of their communications online or using centralized tools that the FBI could listen to.

    As a result of that, the FBI got used to that capability, and thought that being able to solve a crime with only 2 guys tapping a phone should be the norm. Instead of say, having to put 5 guys undercover, inside a crime organization, or have more law enforcement officers on the corners of streets. When was the last time you saw a policeman "walking his beat"? Not any more.

    And now the pendulum has swung the other way. Now that people have the tools to safeguard their communications, the FBI is finding that the levels of staffing or intelligence resources are not matching the capability of individuals to counter it.

    Yet the FBI is not helpless. They did solve crimes before wiretaps and modern technology. Do you remember that? They are just unhappy that their outdated tools now are making them expend more effort to gather similar information that would help them solve crimes. It just has to be more manual.

    No one said things would stay the same forever. And none of their arguments are highly principled -- they just want crime prevention and solving to be easier and cheaper. They have not said that they would never have foiled crime without technology. If that were true, why are there even field agents? Technology doesn't make it impossible, just like it wasn't impossible before the cell phone. It is totally within reason for people to adopt technology that makes some things easier to do their job, and other things harder for others to do their job - that's what technology is all about.
    • by Anonymous Coward

      Of course, if we'd stop prosecuting victimless crimes like drug use, or stop literally manufacturing criminals like every FBI terrorism 'sting' operation ever, they'd save a whole lot of money and resources for going after people who actually cause harm to others. The FBI is more concerned with people who cause harm to the state and to the rich than they are about anything else, and it's time they get their easy data mining turned off because of it.

  • In all these services, there should be an option that allows you to take 100% control of your data decryption. Gmail, for example, should have a choice where you can lock Gmail sort of like how an iPhone locks. The encryption key for the data is encrypted with your password like how LUKS does it. If you "password reset" you lose everything inside the account and start from scratch. Google can't decrypt the data without your password, so they can't hand it to the government either. I realize this isn't a perfect solution but it needs to happen for all major online services.
    • What we need is some kind of portable version of Apple's secure enclave protected by a pin and a self destruct mechanism. A Yubikey NEO on steroids.

    • by chihowa ( 366380 )

      Google can't decrypt the data without your password...

      Which is why Google, Facebook, or any of these other "free" services will never do something like that. The entire reason these services exist is to harvest that data. What needs to happen is for people to realize that these services cost something to provide and be ok with self-hosting or paying a marginal amount of real money for these services instead of paying with unfettered access to their data. (Paying for email service is dirt cheap, especially compared with what you're paying Google if you actually

    • by Sloppy ( 14984 )

      You already have that option. It's called run-you-own-postfix-and-dovecot.

      The idea that Gmail should be secure is laughable; go back a decade and look at all the debate over Gmail (or go back another to see people having the same discussions about Hotmail). What you'll find is that all the Gmail defenders were saying "I don't care." I am not making this up: that was the essence of all those peoples' insanity defense.

      I understand why people are finally changing their minds, but don't blame Gmail. Webmail is

  • by Anonymous Coward

    Facebook securing your messenger chats is nothing about security at all. Facebook is the central server and has access to all messages whether they are encrypted or not. The only thing Facebook can achieve is to prevent third parties from eavesdropping. But they still have the content on their servers which can be handed over at will.

    The encryption Apple is defending is the encryption of the data on the phone. It's not on the cloud, but simply on the phone. Facebook seems to be claiming security and privacy

  • again!
  • The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine.

    - it should be personal for everybody, not just people who have come from parts of the world where in the not so distant past (and in the present) the government has been and is the main villain. It should be understood that any government at all, regardless of what you think of it today is capable of being a villain because it has the power to be the villain. An individual can be a villain and do some damage, a villain government can and does massive amounts of damage to many, sometimes to millions and

  • ... if the developers and managers are citizens of a country that can (and will) force the silent installation of backdoors to the software.

    Since that potentially means any country, then that probably also means development distributed amongst multiple, mutually hostile nationalities. Which will go down like a lead balloon with La Trumpette and the people afraid of offshoring.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...