Saudi lifting ban on Skype, WhatsApp calls, but will monitor them
reuters.com> It was unclear how the authorities can monitor apps such as WhatsApp, which says its messages are supported by end-to-end encryption, meaning the company cannot read customers’ messages even if approached by law enforcement agencies.
I'm both fascinated and perplexed too.
Any ideas/theories?
Does anyone know if you're governmentally required to install an SSL cert on your device, for example?
Possibly some mobile telecoms route outgoing VOIP calls (regardless of originating application) via their own network? I haven't looked deeply into this, but I've noticed when I call someone on FB messenger, the call shows up in Phone.app with a long "social profile" address beginning with IBTU. Not sure if this address is internal to iOS or global.
Also, is it even confirmed whatsapp encrypts voice calls in addition to texts?
While WhatsApp (texts, anyway) are reportedly secure in terms of content - how about meta-data? Could they maybe trace texts, and see eg pairs of named Saudi nationals and recipients at Amnesty International - and could that be difficult without cooperation from WhatsApp (access to plaintext meta-data/routing information)?
With suspicion, I suppose message content is only a handful of plied fingernails or threats against close family away?
Messages are e2e, was under the impression that calls aren't yet.
According to https://blog.whatsapp.com/10000618/end-to-end-encryption, they are. Not sure who is wrong or lying. Or perhaps the"latest version" of WhatsApp will be prohibited.
I stand corrected.
Someone is obviously in the wrong here, have doubts whatsapp would ruin their business for a single country.
Perhaps the government only cares about who is calling who and for how long?
Aren't the whatsapp messages sent over the net? I.e. wouldn't it be the case that the government could only see the outgoing IP address? I guess if they were very well organized and working with the telecoms, they could then maybe see the outgoing IP and assuming that IP were on a telecom network they also controlled they could turn that into a person. This is all assuming that they could even figure out which encrypted outgoing packets correspond to calls (maybe this isn't too bad considering call streams would maybe have a fairly standard packet rate, etc.?).
Either way seems pretty hard without direct help from whatsapp.
It's Facebook that has access to this metadata.
> While the metadata is encrypted during transit, phone numbers, timestamps, connection duration, connection frequency, as well as user location are being stored on the company’s servers [0]
Just because they say that they can in a press release doesn't mean they really can. But what an average Saudi take a chance and risk jail or beheading b using Whatsapp to plan overthrowing the Saudi regime?
They will probably just record who you’re talking to. It is also possible to do a man-in-the-middle attack on WhatsApp but it is difficult.
Unless they struck a deal with Whatsapp for people's private keys somehow, i think it's a huge bluff.
The article mentions several reasons for blocking IP-based voice and text chat programs. This type of confusion is common in other countries in the region. Lovely part of the world here (posting from Jordan, where Skype reliably, consistently drops after one minute or less)!
> regulations aimed to protect users’ personal information and block content that violated the kingdom’s laws.
Censoring content.
> Saudi Arabia began blocking them from 2013, wary that such services could be used by activists.
Blocking political dissent.
> The decision to lift the blocks could negatively impact Saudi Arabia’s three main telecoms operators - Saudi Telecom Co (STC), Etihad Etisalat (Mobily) and Zain Saudi
Protecting business revenues of traditional telecom companies.
Very poor headline. No evidence of any deal to MITM WhatsApp encryption. What deal? With who?
I'm not sure this is at all accurate. Source: I'm in Saudi, and it's not working at the moment- unlike the other apps.
There's been a big deal made out of the lifting of the voip ban since it's been a pain in the ass for users for years, but they specifically stated that whatsapp and Viber are excluded (though Telegram is present somehow...). CITC, our local FCC equivalent, said that the the requirements laid out in the unblocking decision are 1: having a "clear mechanism for contact and cooperation in emergencies" (I'm guessing this is partially euphemism for intercept court orders and similar as well), 2: being open to removing illegal content, 3: having a clear and robust data protection system in place for users, and 4: making it possible to call emergency numbers [1, Arabic].
Obviously a lot of these can be technically impossible like the one about being able to call emergency numbers, and for those with e2e encryption a lot of the content requirements are impossible too. But hey, baby steps I guess- the telecoms are livid about the lost revenue stream, and people no longer have to use VPNs for friggin' Facetime to work.
[1] https://sabq.org/%D8%B1%D9%81%D8%B9-%D8%A7%D9%84%D8%AD%D8%AC...
>تطبيقات المكالمات منتصف الليل
this is hysterical. they actually call these apps "midnight-call apps".
Bernays would be proud.
Hah, while that would be hilarious it's not what it means in context; it refers to the apps block being lifted at midnight this past Wednesday.
yeah this makes more sense
TBH, This is the lead:
> The decision to lift the blocks could negatively impact Saudi Arabia’s three main telecoms operators - Saudi Telecom Co (STC), Etihad Etisalat (Mobily) and Zain Saudi - which earn the bulk of their revenue from international phone calls made by the millions of expatriates living in the kingdom.
> Zain Saudi’s CEO, Peter Kaliaropoulos, told Reuters some lost income could be recouped through expansion of its own data services.
> “The Saudi market has a strong appetite for faster data throughput and higher data use packages,” he said in an email. “The opportunity to monetize the extra data usage will partially offset voice revenue losses”.
End to end encryption, yo.
Utter bullshit when relying on a 3rd party.
I apologize for cursing.
...removing the main reason to use WhatsApp.