What do you think about Whatsapp new road map!

[beshoo]

I have read on the internet that WhatsApp will change the way it works. It will be possible to run WhatsApp Web without the need for the phone to be connected to the Internet. For example As telegram appreciation. Do you think that this amendment will affect the work of this library "go-whatsapp" in particular?

[Ased2235]

Hmm as far as I know, no. Or that's what i think, cuz they're changing from phone side & there's lot of people who uese web so whatsapp won't remove that at least. But ye it'll effect this library at some point as they'll change few things but it won't be completely removed

[beshoo]

Let us think about this There is no connection between the phone and the WhatsApp web, there is a man in the middle here, which is the WhatsApp server. When you send a message to someone, you send it to WhatsApp, then WhatsApp sends it to the phone then the phone sends it to WhatsApp then WhatsApp sends it to the second party.

If WhatsApp wants to eliminate the phone form the game. it still the same for the API!

Whatsapp Chrome sends to the WhatsApp server, Here Whatsapp server will not send to the PHONE but send it directly to the second party.

What do you think

[x00b]

Based on the E2E cryptography of Whatsapp, that architecture of removing the phone is impossible considering that if the message can be send from one place as plain text and synced at another device as plain text, there would be no e2e crypto.

As you said beshoo, Telegram is one example, normal chats work like this but encrypted chat is a device storage logic(like Whatsapp) because of the cryptography. There can be no two point of output and a sync of devices if the system uses E2E, like Whatsapp does and most probably wont remove it.

So i think that this change, if not official, is probably hoax. But it can happen if cryptography is removed.

[beshoo]

Based on the E2E cryptography of Whatsapp, that architecture of removing the phone is impossible considering that if the message can be send from one place as plain text and synced at another device as plain text, there would be no e2e crypto.

As you said beshoo, Telegram is one example, normal chats work like this but encrypted chat is a device storage logic(like Whatsapp) because of the cryptography. There can be no two point of output and a sync of devices if the system uses E2E, like Whatsapp does and most probably wont remove it.

So i think that this change, if not official, is probably a hoax. But it can happen if cryptography is removed.

Do you think WhatsApp can not read the enc keys which stored in the device? I still do not believe in the e2e story.

[x00b]

Whether you believe it or not if it's secure doesn't matter, Whatsapp has an E2E encryption; otherwise they would have the cloud system like Telegram and Whatsapp Web would be made to work as Telegram Web(its easier this way), but the way it works now is to fit in the encryption system.

And if they ever try to do remove encryption(which is unlikely) or even think about it the whole system architecture will have to be remade, and that's is VERY hard to do.

[beshoo]

@x00b What about Facebook messenger And you can use messenger without the phone!

[x00b]

"Each of the device will have its own device keys.", this makes impossible to read a message send from one device in another one(like Signal, which uses the same principles as Whatsapp).

I can not say for sure if Messenger is E2E asymmetric but if it is it shouldn't be able to read messages send from device 1 in device 2, if its possible than the whole cryptography has no point. But again, Whatsapp is way more seriously about it than Messenger(it was even recommended by activists couple years ago), I say this because here in Brazil there been a lot of times that government blocked Whatsapp for not been able to read its messages because of the crypto.

Please read more about OpenPGP which is the standard of Whatsapp e2e cryptography than you will understand that if the system is really in use by theses apps, it shouldn't be able to read messages outside the device that stores the keys.

And again, if it is or not secure, doesn't matter, it has cryptography principles and by business it should be respected, if they don't than there's nothing we can do...

[beshoo]

All argument is about if we will be able to use this Lib or not if WhatsApp decides to change it to something like Messenger ... >>I can not say for sure if Messenger is E2E asymmetric Well, they said that as you can see. I think they will store the key on the mobile device and the chrome but they will not send the message to the mobile device to be sent from it.

[x00b]

Yes, exchanging the keys would be the way to do it but it has no logic since the whole point of e2e that Whatsapp always made so important, is to keep the key secure.

About the lib, i think it would definitely change a lot, but if(big if) the websockets schema remains the same(it is possible), we can adapt, otherwise Houston, we got a problem.

But this is a unlike scenario until official statement from Whatsapp/Facebook. Let's wait and see.