Not only is this huge by itself (600 million users with E2E encrypted messages by default), but I'm hoping this will put a big pressure on Google, Microsoft and others to adopt TextSecure's protocol (or something very similar), too.
This is how you deliver strong security to the masses. Not by convincing all your friends to adopt some weird and obscure chat app with the only benefit that it's "more secure" (most won't care), but by getting large service providers to adopt it and push it to hundreds of million of users without them even noticing.
Oh, and I assume that if Whatsapp adopted it, Facebook Chat isn't too far behind...right?
Since this doesn't seem to be ready to be fully announced yet, I checked last week and Open WhisperSystems is still looking for iOS developers to help. Moxie mentioned on twitter that security and crypto experience is not required, but they are looking for f/t devs not just p/t help.
Also they have a browser extension that could use some help from front-end devs:
https://github.com/WhisperSystems/TextSecure-Browser
It is still pretty early but the project has Bithub as well. From my understanding, this is their planned desktop version.
The Verge had an article about this, whatever "this" is: http://www.theverge.com/2014/11/18/7239221/whatsapp-rolls-ou...
But that's also 404 now, here's a cached copy: http://webcache.googleusercontent.com/search?q=cache:NAz9uOi...
And here's a copy of the article text: http://pastebin.com/Y5CUPqDJ
They talked to Moxie about it, so it doesn't look like a hoax. More like it wasn't supposed be announced yet.
It goes without saying that this would be a big deal. And it would explain a lot of the slow movement w.r.t. an iOS client. Although The Verge wasn't sure if and when the encryption would be available on iOS. And WhatsApp is closed source software, something that's unlikely to change, which really isn't what we want from a secure messenger. So I might keep Text Secure installed for the time being.
But still. OTR (and the enhanced/modified version of it TextSecure is using) is probably the easiest to use way to communicate in a reasonably secure fashion, and it'd would be fantastic to see it used by hundreds of millions of users all of a sudden -- even if it's sitting on top of insecure mobile operating systems and untrusted-yet-privileged hardware.
"[...] and our roadmap for our own products remains unchanged."
What is that roadmap? TextSecure for iOS is stalled...
Awesome for Moxie and team, his is huge news. But the world still needs a cross platform, open source, end-to-end encrypted platform... It's just too important to trust Facebook with.
Incidentally, the WhatsApp cofounder donated $1M to the FreeBSD foundation today.
The other link posted, theverge.com, is 404 as well, btw.
I don't suppose they will open source the WhatsApp client as part of this. Assuming so, that sounds like a compromise for Open Whisper Systems.
But wait... Didn't Facebook Inc; Buy whats app for 19 billion? So does this mean Whisper Systems is working with 'facebook' on this...? Maybe i'm wrong...
If this is true and has no strings (backdoors) attached this is huge. This means end-to-end encryption for messages from more than half a billion people and an incredible privacy win compared to SMS usage. Brought to you by facebook.
Why do all of these services insist on you giving them your mobile number? Even Telegram, which claims to be the all giving god of encryption and privacy, insists on having it no matter what. It's a massive barrier to entry which I'm not willing to cross, and I'm sure other people aren't either.
Great news, WhatsApp needs all the help it can get on security matters.
I recently tried WhatsApp alternatives that provided end-to-end encryption on Android (I use TextSecure, but only 1% of my contacts do). Wickr was the best, but a little too paranoid for daily use. WhatsApp has a better UI and sends messages faster. I would love to trust that their end-to-end encryption is legit, and WhisperSystems being involved helps, but.. seems I'm still skeptical.
I need convincing. Facebook can't monetize end-to-end encryption, and WhatsApp doesn't ask before uploading my contacts. Encryption from the client to the server is a start, but there's not enough here to make me use it.
can't find any official statement from WhatsApp anywhere. Most of the sources just cite Marlinspike.
This is so unbelievably awesome.
So, does this mean that users of the Android TextSecure app (and perhaps even Signal for iOS) will be able to communicate with WhatsApp users?
So how does the initial key exchange work here?
The submitted link (https://whispersystems.org/blog/whatsapp/) is 404. Also, at this time, the Whisper Systems blog doesn't actually show a blog entry referencing WhatsApp.
Also the article from The Verge went offline http://www.theverge.com/2014/11/18/7239221/whatsapp-rolls-ou...
This is a huge improvement and I'm very glad that WhatsApp is going this route.
However, from my point of view, TextSecure isn't there yet. The ideal solution should be decentralized, like XMPP. That makes gathering meta data so much harder.
This is going to backfire big time on WhatsApp and get them banned from many countries like India , Saudi Arabia etc.
...and once this is rolled out, they'll add auto-deleting messages, et voila! Snapchat destroyed over night!
First a million bucks to FreeBSD, now this? Keep it coming WhatsApp!
Amazing news!
can't find any official statement from WhatsApp anywhere. Most of the sources just cite Marlinspike.
I trust Moxie more than governments or companies, so this really makes me happy. If you've read things on his website (http://www.thoughtcrime.org) you'll know how important remaining secure from the government is to him. This is a huge step in the right direction. I'd also like to congratulate WhatsApp on their decision, I have a lot more respect for them now.
Congrats Moxie and team. You guys are doing a great thing for humanity.