> In a phone call with WIRED, a WhatsApp spokesperson confirmed the researchers' findings, but emphasized that no one can secretly add a new member to a group—a notification does go through that a new, unknown member has joined the group.
Yeah, that solves it. -_-;
@feld in no universe doe sthat solve anything.
1. as others pointed out there is nothing stopping WhatsApp to change that in the future;
2. I am part of about 20 Signal groups, am pretty savvy user, and got surprised by some new people on some of them multiple times.
It's not about key management, it's about WhatsApp being able to *modify group membership*. Let's not mix things.
@feld if you're in a sensitive E2E chat that gets a fair amount of traffic you are not going to notice the notification that somebody joined.
Notifying about this is not nearly enough.
When choosing tools to secure one's communication one has to take into account potential opsec failures. And a small notification about a potentially huge security problem (some random person just joined the group) simply does not cut it.
@feld plus, the bigger problem is that the *protocol* allows for this. This means that WhatsApp could remove the notification at any point in time and just add people as they see fit (or as the nice man in a trenchcoat asks them to) without notifying the members of the group.
You are basically asking me to trust WhatsApp not to do this. The whole *point* of E2E is to not have to trust the service provider.
"So Breaking News, People Still Miss The Point Of E2E Entirely", I guess? ;)
@feld how is a state actor asking WhatsApp "politely" to add a person to a group without notifying the group not something E2E should protect from?
Again, since the protocol allows for it, WhatApp can remove the notification whenever it wants.
@feld Three Letter Agency compromised all our brains, we're in the Matrix already, WAT NAO?
There is trust involved in all those things. I trust people I work with way more than WhatsApp. And for good reasons.
There are always ways in. I'd just rather minimize the number of them that affect me and my peers.
@feld also, this is the good old "can't be 100% secure, so why even try" argument.
Can't say it swept me off my feet the first time I head it, and that was a good decade ago. :)
@feld I beg to differ:
"End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages."
The whole point of E2E is not that "it's encrypted, somehow", but that it's encrypted *effectively*, so that only the intended users can read it in transit.
Your take on E2E would mean that rot13 + double-XOR would be enough of an "encryption" on the wire. It is very definitely not.
@feld the intended user in the case of a WhatsApp encrypted group chat is the user the Admin intended to read the messages.
A user added by WhatsApp is not the intended user. And it requires just a moment of lack of attention to miss that fact.
This is not acceptable.
@feld the human element is the only thing that is relevant.
I don't care what the protocol considers okay or not if a person that trusted me to select secure communication tools for them gets surveilled, attacked, or incarcerated.
@feld another one is Tox. Yet another is Briar. Not sure about Wire, but also a contender.
@feld also Ricochet.
@feld Pond used to be a thing. Plus, of course, anything supporting OTR or GPG (with the caveat that key management there is a PITA royale).
@feld agreed on GPG. The "plan for opsec failures" thing is why we are pushing people towards Signal instead. With GPG-encrypted e-mail it's simply too easy to fsck up.
@feld for the last time, WhatsApp can remove the notification whenever they want. This is not acceptable.
@feld and I am not saying it's Signal's fault. I don't care if it's Signal's fault, or WhatsApps implementation, or pixie dust from a galaxy far far away.
The point is, WhatsApp server admins can do this. This is utterly unacceptable.
@feld you have to trust someone anyway, but the fewer entities (people, corporations, etc) you have to trust, the better.
Yet again, I simply do not trust WhatsApp not to abuse this one way or another.
@feld that's why I do not use neither Android, nor iOS-based devices.
But again with the same "can't be 100% secure, so why even try" thing? You've used this one already. Come on, you can do better.
Others are on iOS and Android. And again, if I have to choose between trusting Google/Apple *and* WhatsApp, vs. trusting just Google/Apple, I choose the latter.
Not sure where you're going with this discussion though. You clearly thing it's fine if server admins can add people to an encrypted groupchat with just a notification, I clearly don't. You look at E2E on a protocol level, I look at it at whether or not it's actually effective in it's goal.
@feld I don't think we can convince each other, so I'll just proceed to drink some good tea and perhaps watch a movie. :)
@feld if I hear Signal server admins can do the same thing (add users to a groupchat with only a notification displayed), I will consider Signal just as unsafe.
@feld also, which company, pray tell! So that we can stay a far away as possible.
@feld well good luck with that.
On the other hand, I'll keep making sure people who need and depend on secure communication every day stay clear of WhatsApp.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!