Press release from Pryvate CEO – Jonathan Parker-Bray
Current tabloid headlines citing Govt’s call for WhatsApp encrypted chat access could be argued, is a false marketing push for users to remain on WhatsApp .
Current tabloid headlines and governments cries for access to WhatsApp etc once more entrenches the false marketing message of WhatsApp as a secure app to the masses. In order the public remain on this and similar USA platforms. The call for such legislation would enable the government to mop up the real secure comes companies with the same legislation.
WhatsApp encrypted chat is not secure in the realms of Cyber Security. All chat content passes through their servers (Not really e2e encryption). And E2E encryption won’t stop the FBI as they can just try to pull off what failed with Apple, with WhatsApp (i.e. a malicious targeted software update) – SEJPM Apr 6 ’16 at 12:30. Group chat, keys remain on their servers until all messages in the group are delivered. This could be hours, especially if one member is on a flight, underground or otherwise without his device. Keys are pushed by the company’s servers to their users. Could be argued that it appears there is a security hole (or Govt back door) here with:
https://www.schneier.com/blog/archives/2017/01/whatsapp_securi.html “WhatsApp’s implementation automatically resend an undelivered message with a new key without warning the user in advance or giving them the ability to prevent it.” “This is because in many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.” LOL ! Yeah right ! Great excuse !
It’s like “it’s more important that the message get delivered, rather than to whom”
Further, certificates can be intercepted and changed with no notifications to users or recipients. So relatively easy to hack an account especially with prioritised commands that changes Certs and never notified. In fact, such notification is currently set by WhatsApp to, “no notice” by default ! Clearly a security breach imparted on their users on install. Such current headlines only serve to market the big USA brands and deceive the public, That they are secure ?!.