WhatsApp

WhatsApp is a phone and messaging service for smart phones. It is also a freebie. This is curious given the the firm was bought by Facebook for some $19 billion. What is the value that Facebook bought? Knowledge, knowing who is talking to whom but not, hopefully the content of their contacts. Is Big Brother envious or sharing the results? The latter one assumes.

How do we know that the content is private? WhatsApp uses End-to-end encryption giving users privacy. It also has an option to enable Trust On First Use ex Wiki [ TOFU ]. This makes Signal, its encryption system more satisfactory or, at the very least more plausible. NB Signal is Open-Source, making its code checkable, another reason for confidence.

WhatsApp ex Wiki
WhatsApp Messenger
is a freeware and cross-platform instant messaging and Voice over IP (VoIP) service.[45] The application allows the sending of text messages and voice calls, as well as video calls, images and other media, documents, and user location.[46][47] The service uses standard cellular mobile numbers and the application runs from a mobile device, though it is also accessible from desktop computers. Originally users could only communicate with other users individually or in groups of individual users, but in September 2017 WhatsApp announced a forthcoming business platform which will enable companies to provide customer service to users at scale.[43] All data is end-to-end encrypted.

The client was created by WhatsApp Inc., based in Mountain View, California, which was acquired by Facebook in February 2014 for approximately US$19.3 billion.[48][49] By February 2016, WhatsApp had a user base of over one billion,[50][39] making it the most popular messaging application at the time.[39][51] It is the most popular messaging app in India and Pakistan, Russia, almost all of Latin America, most of Africa and the UK, Germany, Italy and Spain.[52]

 

End-to-end encryption
On November 18, 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the encryption protocol used in Signal into each WhatsApp client platform.[117] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android, and that support for other clients, group/media messages, and key verification would be coming soon after.[118] WhatsApp confirmed the partnership to reporters, but there was no announcement or documentation about the encryption feature on the official website, and further requests for comment were declined.[119] In April 2015, German magazine Heise Security used ARP spoofing to confirm that the protocol had been implemented for Android-to-Android messages, and that WhatsApp messages from or to iPhones running iOS were still not end-to-end encrypted.[120] They expressed the concern that regular WhatsApp users still could not tell the difference between end-to-end encrypted messages and regular messages.[120] On April 5, 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.[39][121] Users were also given the option to enable a trust on first use mechanism in order to be notified if a correspondent's key changes.[122] According to a white paper that was released along with the announcement, WhatsApp messages are encrypted with the Signal Protocol.[123] WhatsApp calls are encrypted with SRTP, and all client-server communications are "layered within a separate encrypted channel".[123] The Signal Protocol library used by WhatsApp is open-source and published under the GPLv3 license.[123][124]

Cade Metz, writing in Wired, said "WhatsApp, more than any company before it, has taken encryption to the masses."[45]

 

Trust On First Use ex Wiki
Trust on first use
(TOFU), or trust upon first use (TUFU), is a security model used by client software which needs to establish a trust relationship with an unknown or not-yet-trusted endpoint. In a TOFU model, the client will try to look up the identifier, usually some kind of public key, in its local trust database. If no identifier exists yet for the endpoint, the client software will either prompt the user to determine if the client should trust the identifier or it will simply trust the identifier which was given and record the trust relationship into its trust database. If a different identifier is received in subsequent connections to the endpoint the client software will consider it to be untrusted.

The TOFU approach can be used when connecting to arbitrary or unknown endpoints which do not have a trusted third party such as a certificate authority. For example, the SSH protocol is designed to issue a prompt the first time the client connects to an unknown or not-yet-trusted endpoint. Other implementations of TOFU can be found in HTTP Public Key Pinning in which browsers will always accept the first public key returned by the server and with HTTP Strict Transport Security in which browsers will obey the redirection rule for the duration of 'age' directive.

 

Brian Acton ex Wiki
Brian Acton
(born February 17, 1972) is an American computer programmer and Internet entrepreneur. He is the co-founder (with Jan Koum) of WhatsApp,[2] a mobile messaging application which was acquired by Facebook Inc. in February 2014 for US$19 billion. He was formerly employed at Yahoo Inc. According to CNBC report , In September 2017, Acton left the messaging service company.[3]

 

Jan Koum ex Wiki
Jan Koum
(Ukrainian: Ян Кум; born February 24, 1976) is a Ukrainian-American internet inventor[2] and computer programmer. He is the CEO and co-founder of WhatsApp, a mobile messaging application which was acquired by Facebook Inc. in February 2014 for US$19.3 billion.

In 2014, he entered the Forbes list of the 400 richest Americans at position 62, with an estimated worth of more than seven and half billion dollars. He was the highest-ranked newcomer to the list that year.[3]
Trust them? Not me.

 

Signal ex Wiki
Signal
is an encrypted communications application for Android and iOS. It uses the Internet to send one-to-one and group messages, which can include files, voice notes, images and videos, and make one-to-one voice and video calls.

Signal uses standard cellular mobile numbers as identifiers, and uses end-to-end encryption to secure all communications to other Signal users. The applications include mechanisms by which users can independently verify the identity of their messaging correspondents and the integrity of the data channel. In addition, a desktop client has been released that can link with a Signal mobile client.

Signal is developed by Open Whisper Systems. The clients are published as free and open-source software under the GPLv3 license. The server code is published under the AGPLv3 license.

 

Encryption protocols
Main article: Signal Protocol

Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the Double Ratchet Algorithm, prekeys, and a 3-DH handshake.[61] It uses Curve25519, AES-256, and HMAC-SHA256 as primitives.[62] The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity.[63] It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.[63]

The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption.[63] In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.[63]

In October 2014, researchers from Ruhr University Bochum published an analysis of the Signal Protocol.[62] Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure.[64] In October 2016, researchers from UK’s University of Oxford, Queensland University of Technology in Australia, and Canada’s McMaster University published a formal analysis of the protocol.[65][66] They concluded that the protocol was cryptographically sound.[65][66]

As of October 2016, the Signal Protocol has been implemented into WhatsApp, Facebook Messenger, and Google Allo, making it possible for the conversations of "more than a billion people worldwide" to be encrypted.[67] However, Google Allo and Facebook Messenger do not encrypt by default, nor notify users that default conversations are unencrypted; they only offer end-to-end encryption in an optional mode.[54][68]

Up until March 2017, Signal's voice calls were encrypted with SRTP and the ZRTP key-agreement protocol, which was developed by Phil Zimmermann.[1][69] As of March 2017, Signal's voice and video calling functionalities use the app's Signal Protocol channel for authentication instead of ZRTP.[70][44][46]

 

Facebook ex Wiki
Facebook
is an American for-profit corporation and an online social media and social networking service based in Menlo Park, California. The Facebook website was launched on February 4, 2004, by Mark Zuckerberg, along with fellow Harvard College students and roommates, Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and Chris Hughes.[5][6]

The founders had initially limited the website's membership to Harvard students; however, later they expanded it to higher education institutions in the Boston area, the Ivy League schools, and Stanford University. Facebook gradually added support for students at various other universities, and eventually to high school students as well. Since 2006, anyone who claims to be at least 13 years old has been allowed to become a registered user of Facebook, though variations exist in the minimum age requirement, depending on applicable local laws.[7] The Facebook name comes from the face book directories often given to United States university students.[8]

Facebook may be accessed by a large range of desktops, laptops, tablet computers, and smartphones over the Internet and mobile networks. After registering to use the site, users can create a user profile indicating their name, occupation, schools attended and so on. Users can add other users as "friends", exchange messages, post status updates and digital photos, share digital videos and links, use various software applications ("apps"), and receive notifications when others update their profiles or make posts. Additionally, users may join common-interest user groups organized by workplace, school, hobbies or other topics, and categorize their friends into lists such as "People From Work" or "Close Friends". In groups, editors can pin posts to top. Additionally, users can complain about or block unpleasant people. Because of the large volume of data that users submit to the service, Facebook has come under scrutiny for its privacy policies. Facebook makes most of its revenue from advertisements which appear onscreen, marketing access for its customers to its users and offering highly selective advertising opportunities.[9]

Facebook, Inc. held its initial public offering (IPO) in February 2012, and began selling stock to the public three months later, reaching an original peak market capitalization of $104 billion. On July 13, 2015, Facebook became the fastest company in the Standard & Poor's 500 Index to reach a market cap of $250 billion.[10] Facebook has more than 2 billion monthly active users as of June 2017.[11][12] As of April 2016, Facebook was the most popular social networking site in the world, based on the number of active user accounts.[13] Facebook classifies users from the ages of 13 to 18 as minors and therefore sets their profiles to share content with friends only.[14]

 

Open-Source ex Wiki
Open-source software
(OSS) is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose.[1] Open-source software may be developed in a collaborative public manner. According to scientists who studied it, open-source software is a prominent example of open collaboration.[2] The term is often written without a hyphen as "open source software".[3][4][5]

Open-source software development, or collaborative development from multiple independent sources, generates an increasingly more diverse scope of design perspective than any one company is capable of developing and sustaining long term. A 2008 report by the Standish Group states that adoption of open-source software models has resulted in savings of about $60 billion (£48 billion) per year to consumers.[6][7]

 


WhatsApp Breaches French Privacy Law By Feeding Data To Facebook
Facebook bought WhatsApp for $19 billion to get our data. It was not for love.