In April of last year WhatsApp presented its end-to-end encryption, an important measure to preserve the privacy and security of all messages sent through this messaging application. This security was compromised ten days ago when The Guardian claimed to have found a back door that made it easy to intercept and view the contents of encrypted messages.
A few hours later this information was quickly denied. There was no security hole, but it had not been understood how the system encryption worked. Now some of the world’s best cryptographers and researchers have signed a harsh open letter to The Guardian accusing them of irresponsibility by having decontextualized security-related issues.
In its article, The Guardian explained how WhatsApp could force a mobile service client to generate new encryption keys. This, they said, could lead to service interceptors intercepting these key exchanges, which in turn would allow them to intercept the post-change talks.
They described it as a backdoor, an easy-to-use vulnerability, and several security experts quickly came out to say the medium was wrong. Yes, there was an exploit that could violate the privacy of this type of encrypted messages, but it does not mean a danger so important that The Guardian advised against using the application, since it is a very difficult exploit to exploit in attacks or by the technicians themselves Facebook or WhatsApp.
The Open Letter to The Guardian
As an update to thread: an open letter to the Guardian signed by some of the world’s top cryptographers & researchers.
— zeynep tufekci (@zeynep) January 20, 2017
In its open letter, in response to the Guardian report, more than 60 cryptographers and security experts from all over the world launch a plea to this medium to report in a responsible and contextualized way about the safety of users. They say that saying there is a back door is like saying that vaccines kill people. Yes, some cases can be given, but they also save millions of lives.
The same thing happens according to the researchers with this cipher. Yes, it may be that an exploit is used to violate your security, but that does not mean that it is an insecure system that we do not have to rely on. “The behavior that stands out is a measured compromise that represents a remote threat in return for real benefits that help keep users safe,” they say in their open letter.
Experts also say that telling people to leave WhatsApp puts people in danger, especially those who depend on encryption when they are being watched by authorities, or there are entities trying to locate them to put them to different types of danger.
They therefore insist that they should never have published such a crucial article without consulting a wide range of experts. As they claim that the damage is already done, these experts ask The Guardian to retract what they said in the article and to publicly apologize.