Tux ICT

ABJ photography & video

Conversations XMPP client

Finally I found a messenger that I really like : Conversations, it uses the XMMP (formerly known as Jabber) protocol. It has not only encryption but it respects my privacy, I don’t need a phone number or e-mail adress to register an account at a XMPP server*. Encryption is done by OMEO, OTR (Off The Record) or OpenPGP.

Conversations is an Android app, you can download it in the PlayStore, but then you have to pay. If you install the F-droid app on your Android device you can download it legally for free
You can find more clients here

* Signal and WhatsApp have good encryption, but you need your phone number to register AND you have to give your number to people otherwise they can’t call or send you messages. An other problem of WhatsApp is the spying by Facebook.
Telegram needs a phonenumber to register, but you can use a nickname so your number stays private.
Wire don’t need a phonenumber, it uses only a nickname.

7 February 2017 Posted by | Android, Conversations IM, Encryption, FOSS, Messaging, OMEMO, OpenPGP, OpenSource, OTR, Personal, Privacy, Signal, Telegram, WhatsApp, Wire, XMPP | Leave a comment

WhatsApp, safe or not

The Guardian published an article about a vulnerability that allows snooping on encrypted messages.

Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.

The security loophole was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. He told the Guardian: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

The vulnerability is not inherent to the Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.

Comments from Open Whisper Systems :

Background

Today, the Guardian published a story falsely claiming that WhatsApp’s end to end encryption contains a “backdoor.”

WhatsApp’s encryption uses Signal Protocol, as detailed in their technical whitepaper. In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair composed of a public key and a private key. The public key is advertised publicly, through the server, while the private key remains private on the user’s device.

This identity key pair is bound into the encrypted channel that’s established between two parties when they exchange messages, and is exposed through the “safety number” (aka “security code” in WhatsApp) that participants can check to verify the privacy of their communication.

The issue

One fact of life in real world cryptography is that these keys will change under normal circumstances. Every time someone gets a new device, or even just reinstalls the app, their identity key pair will change. This is something any public key cryptography system has to deal with. WhatsApp gives users the option to be notified when those changes occur.

Resume

It is great that the Guardian thinks privacy is something their readers should be concerned about. However, running a story like this without taking the time to carefully evaluate claims of a “backdoor” will ultimately only hurt their readers. It has the potential to drive them away from a well engineered and carefully considered system to much more dangerous products that make truly false claims. Since the story has been published, we have repeatedly reached out to the author and the editors at the Guardian, but have received no response.

Sources :
The Guardian
Open Whisper Systems

Albeit that WhatsApp is safe, it’s sharing your data with Facebook, so I still recommend Signal and / or Telegram for secure communication.

14 January 2017 Posted by | Communication, Encryption, Facebook, Messaging, Open Whisper Systems, Privacy, Security, Signal, Telegram, WhatsApp | Leave a comment

WhatsApp on your Android tablet

Although it’s not officially suported, it is possible to install WhatsApp on your Android tablet without a SIM-card.

1 Download WhatsApp from the WhatsApp site.
2 Install the .apk file.
3 During setup fill in the number of your phone for SMS verification.
4 You will now receive a verification code on your phone.
5 Enter the code in WhatsApp or go to the url provided in the verification message.
6 Add your contacts and you’re good to go 😉

20 February 2016 Posted by | Android, Howto, Tablet, WhatsApp | Leave a comment

   

%d bloggers like this: