Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?

J.M. Porup jm at
Sat Jan 17 09:00:56 PST 2015

Hash: SHA1

On 01/16/15 14:52, Cypher wrote:
> On 01/15/2015 11:29 AM, carlo von lynX wrote:
>> On Thu, Jan 15, 2015 at 08:49:31AM -0800, Steve Weis wrote:
>>> Note you said "users will never know" if e2e is being used,
>>> but as Moxie says "we'll be surfacing this into the UI" of
>>> upgraded clients.
>> There is a systemic legal problem by which neither Facebook, nor
>>  Whatsapp, nor Textsecure nor Moxie are in a position to
>> guarantee that whatever is surfaced into the UI actually means
>> what it says.
> I was under the impression that the government couldn't make you 
> actively lie to someone. For example, if I have a message on my
> page that says "we do not collect any user data" and the government
> makes me collect data on an existing user, that's acceptable. But
> they could not stop me from changing that sign and force me to lie.
> I'd assume that would be the case with WhatsApp. Once the visuals
> are surfaced, each new encrypted connection would be forcing the
> service to actively tell a lie, which, as I understand it, isn't
> legal. Of course, IINAL so I don't know.

I would like to give a concrete example of "commandeering." Something
that happened yesterday.

I've been saying for a while now that Twitter has been commandeered.
There's a great deal of circumstantial evidence pointing this way. I
documented my research last March, here:

Be sure to read the footnote about @Asher_Wolf.

Then yesterday, I logged into Twitter, posted a couple of tweets, and
realized that my outgoing tweets had been hacked to include a
*different* image than my profile image.

The image of a gun:

Now, you could argue that someone must have stolen my password and
replaced my profile image. But that never happened. My profile photo
never changed. Only my outgoing tweets contained a different profile
image. To the best of my knowledge, it is not possible for Twitter
users to maintain two different profile images at the same time.

Additionally, the only operating systems I use are Qubes and Tails.
That doesn't make my end points impregnable, but it makes
opportunistic hacks rather unlikely.

What does this mean?


1) I am a complete liar / fraud / charlatan making this up to annoy
everyone (because why?)


2) Something like this happened:

Remember? "Change their photos on social networking sites"

Now here's the rub: the Twitter API does not include an optional
"second profile image" parameter. At least not publicly. See:

Which means that, at the point of a court order / gun, Twitter has
been coerced into putting that parameter into their code, and giving
API keys to a thug who works for the FBI / CIA / NSA.

And the funny thing? If they were trying to scare me, they failed. All
they've done is make me angry.

Version: GnuPG v1


More information about the liberationtech mailing list