I understand that everyone should be responsible with their privacy, and everyone should know how far should them take precautions to a point they feel is necessary and the risk of their decisions.
Don’t take me wrong, I my self don’t think that checking my friend’s fingerprint is such a big hassle, and privacy sure is worths it, but I can understand how other people I know feel this is inconvenience. I like kontlaks encryption philosophy I wouldn’t want it to change, but some times see some one use something else to whatsapp is already a win to me. Sure I can explain them why is important to check fingeprints and why they should care, but sometimes I feel that switching to kontalk is enough to ask them for.
In this post I will like to discus the really threats of not checking the fingerprints and try to understand more on the matter so that I can better explain my friends about it.
The two ways I can think someone could get advantage of you for not checking the initial fingerprint are the following:
1.- Some one could take your identity pretend it is you.
I think thought, that most of the time you will know if it’s your friend or not by analyzing the conversation you’ll have with them. Also, it will be very suspicious if someone you just added starts to ask you for private or personal information.
I know there are ways that smart people can get information about you and trick you, and maybe some other friend that knows you could want to get some info about your friend and you, but usually I don’t have long conversations on kontalk, and most of the time I pick up the conversation or arrange a meeting with friends in which case I will know it it wasn’t really them in the first place.
I suppose I could also ask them a question that only them will know. If I’m expecting some one to add me soon because I just talk about kontalk with them, what are the chances they will be an impostor?
Sure, you will be very cautious if your friend’s fingerprint is change from the first time, and I suppose, if you accepted the first fingerprint so blindly you could just do it again which would be a mistake.
2.- The second way I can think this can be exploit is that some one could be getting your message, reading them and then sending them back to the real destination.
This will mean that, the real receiver would be getting a different fingerprint than the one we have and we wouldn’t know about the trap unless we check our finger prints.
That made me think that maybe, sharing our finger print through kontalk wouldn’t be such a waste in that case. I suppose that spy could create an automatic fingerprint message detector that could read both from plain text and an image the finger print, change the message with their own and send it. I suppose a human interaction from the spy would be also feasible which will mean that sending a draw will also be detected. But then again if you are going to take the time to make a drawing of your fingerprint and send it why not just check the fingerprints already, but in the other side, would a spy also take the effort and time to be vigilance of a conversations just to read a conversation that may or may not have any relevance?
And I think that’s my final thought.
When I started using kontalk with my girl friend, there was no doubt we were going to check our fingerprints because our conversations were going to be very private. But when it comes to a really casual friend of mine, to which I don’t exchange any private words in kontalk from neither of both ways, is it really that harmful if I’m just happy the decided to use kontalk? at least for a while until i feel they are ready to listen to the whole story.
I know people should understand why is important not to use whatsapp, which is other than just convenience. And I believe they will be ready to listen if they see there are other options. I just don’t want to give them troubles so right away. i think some times you should be a little chill with things and be flexible. I’m attaching a very funny image one of my friends send me once xD
Anyway, I might be over simplifying the encryption process, but I will like to know if my supposing exploits are possible, and maybe hear some other ways the process might be abuse if the user doesn’t take the time to check fingerprints. I will like to also hear about your opinions about the matter.