Sign in / up

back to article WhatsApp emits extension to detect tampering with desktop web apps

WhatsApp and Cloudflare have teamed up to provide desktop users of WhatsApp's web client with a browser extension called Code Verify that checks the integrity of the software running in their browser. WhatsApp offers end-to-end encryption that protects the user messages from being read by network intermediaries. But the Meta- …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Riiiight..

    So Cloudflare helped Meta build an extension to Whatsapp that totally does not steal your personal information, but totally coincidentally has to disable all of your other security extensions long enough for facebook to slurp up all the things those extensions were protecting?

    ...but don't worry they will totally lock the door back up on the way out after they have broken in and read all your mail.

    Besides, you know, Facebook, Instagram, and WhatsApp are totally separate right? Meta is just their creepy creepy uncle that lies to congress constantly.

    8 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Just wondering if any of this is true?....or reliable?

    Quote: "WhatsApp offers end-to-end encryption that protects the user messages from being read by network intermediaries."

    Is this a true statement? Has it been independently verified that a hack on the E2EE process does not exist? You know....absence of proof is not proof of absence!!!!

    Quote: "...Hansen and Silveira offer assurance that Code Verify does not have a secret agenda to gather user data..."

    Is this a true statement? Has it been independently verified that a hack does not exist? You know....absence of proof is not proof of absence!!!!

    Finally, even if the "Code Verify" tool compares two hashes and verifies that the executing code matches a known original, who is to say that the original code is "safe"? Thinking here about the SolarWinds fiasco!!

    (For details see: https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack?t=1646976993800)

    Another quote (William Burroughs): "The paranoid is a person who knows a little of what is going on."

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Just wondering if any of this is true?....or reliable?

      Any fool can criticise, the clever bit is to come up with a solution. So what should I use instead of whatsapp? Please don't tell me "Signal". It's open source, owned by a company (think of the anger unleashed when Audacity was acquired by some company or other) and as has been shown on this site a few times in the last couple of months, "many eyes" always seems to turn onto "someone else's eyes, indeed anyone's eyes except mine. "

      2 2 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Ad Hominem, Anyone?

        @Cynical_idiot_taxpayer_here

        Quote: "...Any fool can criticise..."

        So....attack the commentator....not the comment! Excellent!!

        Is WhatsApp actually secure? Are there people (in Fort Meade, or Cheltenham, or Russia, or China, or North Korea) or other bad actors (e.g. ransomware miscreants)....are any of these third parties reading WhatsApp messages?

        Ah.....Mr. Taxpayer does not care about these reasonable questions. That's fine with me.....I suppose that that makes for two AC examples of "any fool".....I'm retired.....I can cope....

        1 1 Reply
      2. unimaginative Bronze badge
        Reply Icon

        Re: Just wondering if any of this is true?....or reliable?

        Its open source so its verifiable that it does use end to end encryption, so it is a solution. It is the sort of thing that attracts

        My problem is hardly anyone else uses it.

        1 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          @unimaginative - Re: Just wondering if any of this is true?....or reliable?

          Do you have strong assurance that:

          1 - the binary code has been compiled from that exact source code they make available ?

          2 - you are the exclusive owner of the encryption key and that it is entirely under your control ?

          3 - there is absolutely no man in the middle ?

          0 1 Reply
      3. Anonymous Coward
        Reply Icon
        Anonymous Coward

        @Cynical idiot taxpayer here - Re: Just wondering if any of this is true?....or reliable?

        You want a solution ? Don't use any of these. Today we are at the point where no electronic media is to be trusted, no matter how loud they advertise E2E encryption or other privacy features. If your information is sensitive, use offline encryption and find a communication channel that will leak the least amount possible of metadata. Oh, and make sure you have some strong plausible deniability.

        With every minute that passes, privacy and anonymity are getting harder to preserve, and not only on the Internet.

        As for 'many eyes', you got it wrong. Nobody is excluding your eyes from being part of those many, you are free and welcome to audit every single line of open-source code you're using.

        1 0 Reply
    2. Dan 55 Silver badge
      Reply Icon

      Re: Just wondering if any of this is true?....or reliable?

      Quote: "WhatsApp offers end-to-end encryption that protects the user messages from being read by network intermediaries."

      Is this a true statement? Has it been independently verified that a hack on the E2EE process does not exist? You know....absence of proof is not proof of absence!!!!

      WhatsApp now allows multi-device pairing and doesn't need the mobile to be on with WhatsApp forwarding the messages, so I'm unconvinced there's now E2EE in WhatsApp, or if there is E2EE then it's fake E2EE with Facebook having one of the endpoint keys.

      To convince me otherwise, someone will have to cite a huge security white paper full of technobabble that I don't understand anyway.

      2 1 Reply
      1. unimaginative Bronze badge
        Reply Icon

        Re: Just wondering if any of this is true?....or reliable?

        Whatsapp web does require the mobile to be on.

        It just refused to let me send a message for that reason.

        1 0 Reply
        1. Dan 55 Silver badge
          Reply Icon

          Re: Just wondering if any of this is true?....or reliable?

          WhatsApp disagrees with you.

          0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    only fuckwits use anything facefuck/meta

    if someone is using anything facefuck/meta is involved with. you know they are a fuckwit

    1 6 Reply
    1. JDPower666
      Reply Icon

      Re: only fuckwits use anything facefuck/meta

      Unimaginative and predictable. Must try harder: Grade D-

      2 1 Reply
  4. nijam Silver badge

    > ... tested Code Verify with uBlock Origin and Privacy Badger active, among other extensions, and Code Verify presented an orange badge with the following warning...

    Hmmm... I wonder what Privacy Badger has to say about WhatsApp and Cloudflare. Because at the moment, I'd rather trust PB and UO than Cloudflare and WhatsApp.

    4 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like