Popular online messaging service WhatsApp has made all sorts of security news in recent years.
One of WhatApp’s early cryptographic SNAFUs involved using non-secret information to
construct secret encryption keys, which is a bit like using your pet’s name as a login password.
The company went on to make
two-time use of a one-time pad, a no-no in cryptographic circles. (It isn’t called a
one-time pad for nothing.)
WhatsApp CEO Jan Koum subsequently asserted that “
[r]espect for your privacy is coded into our DNA” little more than a year after the company was censured by Canadian and Dutch privacy authorities for violating privacy rules in both countries.
And the app went through a period of
blurting out your location to eavesdroppers by communicating with Google Maps via unencrypted HTTP rather than using encrypted-and-authenticated HTTPS.
