back to article Can we speak in private? Chat app intros end-to-end crypto tech

Messaging app LINE has introduced end-to-end encryption, with secure chat messaging available on all version of the software, including the desktop version, and turned on by default on Android. LINE boasts that it has become the first messaging app to offer end-to-end encryption across multiple devices and platforms with the …

  1. Anonymous Coward
    Anonymous Coward

    oh noes

    I at times wish to communicate securely and privately. Terrorists also wish to communicate securely and privately. Oh dear what am I (besides another El Reg AC drone)?

    1. Anonymous Coward
      Anonymous Coward

      Re: oh noes

      you're under arrest, why?

    2. Mark 85 Silver badge

      Re: oh noes

      Just remember one thing you absolutely need to do on your way to Gitmo... establish a religion for better treatment. I suggest the 4B's: Beach, BBQ, Beer, and (cabana) Babes or (cabana) Boys.

      This will require them to provide you with extensive time on the beach, eating BBQ, drinking Beer and being serviced by the appropriate "B" person as practicing member of this religion. The added benefit is that whole Marine contingent will probably convert to the same religion post-haste.

      1. Gordon Stewart

        Re: oh noes

        Great - except they'd probably make you eat sand, shove a rack of BBQ ribs up your ass (sideways), waterboard you with the beer, and... well, let's not get into what they might do with the Babes/Boys

  2. Anonymous Coward
    Anonymous Coward

    Secure? On a phone?

    Peddling any form of privacy or security on a phone is recklessly disingenuous. If you don't know why, just ask a smurf.

    1. Anonymous Coward
      Anonymous Coward

      Re: Secure? On a phone?

      >Peddling any form of privacy or security on a phone is recklessly disingenuous

      So is the solution simply to have more loud speakers always blaring any phone conversations going on in the area?

      1. Anonymous Coward
        Anonymous Coward

        Re: Secure? On a phone?

        No, the solution is not to trust a phone with private communications.

  3. Cynic_999 Silver badge

    Re: oh noes

    Be careful because you may have other suspicious characteristics. The NSA has established that terrorists put on their trousers one leg at a time. How about you? Sharing just one trait may be coincidence, but two or more and it becomes very damning evidence - plenty sufficient to justify emptying a magazine of bullets into the back of your head as a restraining measure while further enquiries are carried out into your activities ...

    1. Anonymous Coward
      Anonymous Coward

      Re: oh noes

      "The NSA has established that terrorists put on their trousers one leg at a time".

      Hey! They stole my research topic for the next Ig award! Though mine involves a wider population who can wear both trousers and skirts :) Plus I can sell their person data to the highest bidder - they did read the the fine print on the contracts.

  4. moiety

    There's lots of (possibly) secure chat apps about; but the real problem is compatibility...you need someone at the other end who is 1) running the same kit as you and 2) competent enough to have all the right bits switched on. Conversely, the most popular apps are the least trustable: Microsoft's first act after buying Skype was to make it all run through a central server; *Facebook* paid *$19 Billion* for WhatsApp and so on.

    The closest to secure and universal (that I know about) is XMPP (Jabber-alikes) with OTR; but not enough people use it for it to be that useful in the real world. There are other options (ChatSecure and the like); but they're all trying to lock you into their ecosystem

    1. Anonymous Coward
      Anonymous Coward

      Good point (in general). Although, despite Reg referring to this as "proprietary," from a quick glance at the overview it looks like a perfectly ordinary RSA public key scheme. So you're still a twat

      ;D

      1. moiety

        While there may be some validity to your point of view and possibly many would agree; I feel moved to issue a rebuttal: Go fuck your hand, fatso.

        :D

        Yeah, you're right. RSA; but with proprietary code driving it; which would be the worrying part. Also another locked-in system that isn't compatible with anything else, I expect.

        1. Anonymous Coward
          Anonymous Coward

          Okie dokie. Will do.

          How do you know I'm fat BTW?

          1. moiety

            Reg Reader....playing the odds.

            Actually this is a worse system because it's the server's keys doing the encryption/decryption; rather than the user's keys. Apart from maybe stopping your ISP reading it; I fail to see the point; and it's definitely not end-to-end. Whoever owns (or pwns) the LINE server can read everything.

            1. Anonymous Coward
              Anonymous Coward

              No, that's just the "default" system for people who don't care enough to learn how to use PKI. Scroll further down that page for the grown-up stuff. (Twat)

              1. moiety

                Doesn't matter - all done through their server and using their (proprietary) software on the user's machines. They can relay what they like to each user.

                The only secure use of a central sever in an encrypted messaging system is addressing (ie, this is where this user is now...IP address or whatever). Anything else is suspect.

                1. Anonymous Coward
                  Mushroom

                  Even that use of a central sever is insecure for both end points. This is a perfect setup for CALEA. The central server simply points the end points to servers under its control and hands that servers public key and it works just like any other MITM unless you both inspect and validate each other's certificate. (And that is not totally secure. We just had some CA's issue bogus certificates again!)

                  First rule of cryptography: unless it's open source, freely examinable by anyone, it's almost certain to be Snake Oil. Even doing it 100% mathematically correct, the tiniest error in the algorithm means no security. 100% algorithmically correct, the tiniest hardware problem flaw means no security. And none of these need be true today, the cryptography could go TITSUP in the next five minutes, or be good for the next decade or so.

                  Crypto is hard.

                  Sorry running long but when I see a company trying to sell something like this where lives may literally be in the balance, ... I can't stand by and watch. When they open it up for inspection by professionals then I might buy in.

                  1. moiety

                    Thinking about it, AC, my rebuttal may have been a bit harsh. Insult volleys can be fun; but it's about 300% less funny (and less fun) if one of the participants are AC and the other isn't...double that if the volley jumps comment threads. I should have just said that, instead of reflexively replying with my favourite "get off my lawn" insult. Splendid insult though it is; is may just possibly be a smidgeon over the top in context, so apologies if I made your monocle fall out.

          2. Anonymous Coward
            Anonymous Coward

            Because AC....

            the camera on your phone said so....

  5. Bota

    Oh Noes!

    We may have to revert to actual police work!

    :(

  6. Kinetic

    Utterly pointless and probably counter productive.

    Wouldn't be surprised to find that this had been bankrolled by the security services. Even IF it's not back-doored (and that's a very big IF), they'll probably just take note of all the phones that do download this then treat them with much more interest than usual. Probably upto and including putting spyware on the phone and getting the conversation before it's encrypted. All you'd do by installing this is guarantee that MI6 will read it all.

  7. Charles Manning

    .... and who is going to audit the software?

    If you see and download an end-to-end encrypted chat app how do you know it is really E2E secure?

    Maybe it has man-in-the -middle built in.

    Maybe it is really just some vanilla chat app that runs right through an NSA filter.

    Maybe all the keys you type in just do nothing.

    The only way to know is to have the app audited. And who do you trust to do that?

  8. Anonymous Coward
    Anonymous Coward

    Liars

    All indications are this is not truly end to end. If it get's encrypted or needs any third piece of equipment, then encryption can be completely ignored by those that use the 3rd party equipment.

    1. Mike Bell

      Re: Liars

      You'd better don your tinfoil hat the next time you connect to a banking website, then, if that's the case.

  9. Anonymous Coward
    Anonymous Coward

    I so love these announcements..

    Yet another "solution". Yawn. Not interested until there has been an independent assessment.

    Oh, by the way, normally it is a condition of a telco license that you are able to provide intercept facilities. I'd be interested to hear from someone who could check if that is also the case in Japan.

  10. biomi.tortulla

    "[T]he first messaging app to offer end-to-end encryption across multiple devices and platforms"? Hardly. Others (e.g., Threema) have been offering this for quite some time now. Also, what's up with calling it "Letter Sealing"? If it really is end-to-end encryption, why not call it that?

  11. mattkillen

    Revolutionary!

    What have they done that no one else has? Given standard crypto a patronising shampoo science name, because you're worth it!

    1. Anonymous Coward
      Anonymous Coward

      If it really is end-to-end encryption, why not call it that?

      Marketing. Calling it something else obscures the fact that it's not new and thus doesn't warrant bucketloads of cash from VCs desperate to cash in anything that appears trendy.

  12. Guillermo Lo Coco

    TELEGRAM is far better and opensource.

    1. Anonymous Coward
      Coat

      Security of Comms

      For most people email and other electronic messaging is as open as a postcard to a technically competant peeper. Just do not say anything you would not the world and his dog to know.

      it would be nice to think commercial messaging would have some security but a lot does not.

      This has always been the case and is likely to remain so while encryption remains too difficult for the ordinary person (i.e., not IT literate).

      So why are the authorities blathering on about Security, gods knows - probably another distraction from the other civil liberties they are downgrading?

      mines the one with the enigma machine in the pocket

  13. noj

    Anyone use Signal - Private Messenger from OpenWhisper? I understand its open source and free, iOS and Android, voice and text.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019