Cloudflare Helps Secure the World’s Most Popular Messaging Applications
Cloudflare (NYSE: NET) has announced a new service to verify the integrity of public keys in end-to-end encryption (E2EE) messaging applications. This service, called Plexi, acts as an auditor for Key Transparency infrastructure, ensuring the authenticity of encryption keys used in E2EE messaging. WhatsApp is the first to implement this new auditing process, strengthening users' trust in the application.
Cloudflare's Plexi verifies that the logs of these keys are constructed correctly and provides an audit signature that messaging apps can pass on to users. This process helps build trust that E2EE messages are delivered to the intended recipients without manual verification by security-conscious users.
The company is interested in auditing the integrity of all types of E2EE infrastructure and invites organizations to reach out for audits. Cloudflare will showcase demos and product announcements at their first Builder Day Live Stream on September 26 at 11am PT.
Cloudflare (NYSE: NET) ha annunciato un nuovo servizio per verificare l'integrità delle chiavi pubbliche nelle applicazioni di messaggistica con crittografia end-to-end (E2EE). Questo servizio, denominato Plexi, funge da revisore per l'infrastruttura di Key Transparency, assicurando l'autenticità delle chiavi di crittografia utilizzate nella messaggistica E2EE. WhatsApp è il primo a implementare questo nuovo processo di auditing, rafforzando la fiducia degli utenti nell'applicazione.
Il Plexi di Cloudflare verifica che i log di queste chiavi siano costruiti correttamente e fornisce una firma di audit che le app di messaggistica possono comunicare agli utenti. Questo processo contribuisce a costruire fiducia sul fatto che i messaggi E2EE vengano consegnati ai destinatari previsti senza necessità di verifica manuale da parte degli utenti attenti alla sicurezza.
L'azienda è interessata ad auditing dell'integrità di tutti i tipi di infrastruttura E2EE e invita le organizzazioni a contattarla per audit. Cloudflare presenterà dimostrazioni e annunci di prodotto durante il suo primo Builder Day Live Stream il 26 settembre alle 11:00 PT.
Cloudflare (NYSE: NET) ha anunciado un nuevo servicio para verificar la integridad de las claves públicas en aplicaciones de mensajería con cifrado de extremo a extremo (E2EE). Este servicio, llamado Plexi, actúa como auditor para la infraestructura de Transparencia de Claves, asegurando la autenticidad de las claves de cifrado utilizadas en la mensajería E2EE. WhatsApp es la primera en implementar este nuevo proceso de auditoría, fortaleciendo la confianza de los usuarios en la aplicación.
El Plexi de Cloudflare verifica que los registros de estas claves estén construidos correctamente y proporciona una firma de auditoría que las aplicaciones de mensajería pueden transmitir a los usuarios. Este proceso ayuda a generar confianza en que los mensajes E2EE se entregan a los destinatarios previstos sin la necesidad de verificación manual por parte de los usuarios conscientes de la seguridad.
La empresa está interesada en auditar la integridad de todo tipo de infraestructura E2EE e invita a las organizaciones a ponerse en contacto para auditorías. Cloudflare mostrará demostraciones y anuncios de productos en su primer Builder Day Live Stream el 26 de septiembre a las 11 a.m. PT.
클라우드플레어(뉴욕증권거래소: NET)가 엔드투엔드 암호화(E2EE) 메시징 애플리케이션에서 공개 키의 무결성을 검증하는 새로운 서비스를 발표했습니다. 이 서비스는 Plexi라고 불리며, E2EE 메시징에 사용되는 암호화 키의 진정성을 보장하는 키 투명성 인프라의 감사자로 작동합니다. WhatsApp이 이 새로운 감사 프로세스를 처음으로 구현하여 사용자에 대한 애플리케이션의 신뢰를 강화하고 있습니다.
클라우드플레어의 Plexi는 이러한 키의 로그가 올바르게 구성되었는지 확인하고 메시징 앱이 사용자에게 전달할 수 있는 감사 서명을 제공합니다. 이 프로세스는 E2EE 메시지가 보안에 신경 쓰는 사용자의 수동 검증 없이도 의도된 수신자에게 전달된다는 신뢰를 쌓는 데 도움을 줍니다.
회사는 모든 유형의 E2EE 인프라의 무결성 감사에 관심이 있으며, 감사 요청을 위해 조직이 연락해 주기를 초대합니다. 클라우드플레어는 9월 26일 오전 11시 PT에 첫 번째 Builder Day 라이브 스트림에서 데모 및 제품 발표를 진행할 예정입니다.
Cloudflare (NYSE: NET) a annoncé un nouveau service pour vérifier l'intégrité des clés publiques dans les applications de messagerie chiffrée de bout en bout (E2EE). Ce service, appelé Plexi, agit comme un auditeur pour l'infrastructure de transparence des clés, garantissant l'authenticité des clés de chiffrement utilisées dans la messagerie E2EE. WhatsApp est le premier à mettre en œuvre ce nouveau processus d'audit, renforçant la confiance des utilisateurs dans l'application.
Le Plexi de Cloudflare vérifie que les journaux de ces clés sont correctement construits et fournit une signature d'audit que les applications de messagerie peuvent transmettre aux utilisateurs. Ce processus contribue à établir la confiance que les messages E2EE sont livrés aux destinataires prévus sans vérification manuelle de la part des utilisateurs soucieux de la sécurité.
L'entreprise est intéressée par l'audit de l'intégrité de tous les types d'infrastructure E2EE et invite les organisations à les contacter pour des audits. Cloudflare présentera des démonstrations et des annonces de produits lors de leur premier Builder Day en direct le 26 septembre à 11h PT.
Cloudflare (NYSE: NET) hat einen neuen Service angekündigt, um die Integrität von öffentlichen Schlüsseln in End-to-End-Verschlüsselungs (E2EE) Messaging-Anwendungen zu überprüfen. Dieser Service, genannt Plexi, fungiert als Auditor für die Key Transparency-Infrastruktur und stellt die Authentizität der in E2EE-Messaging verwendeten Verschlüsselungsschlüssel sicher. WhatsApp ist die erste, die diesen neuen Prüfprozess implementiert, was das Vertrauen der Nutzer in die Anwendung stärkt.
Cloudflares Plexi überprüft, dass die Protokolle dieser Schlüssel korrekt erstellt werden und liefert eine Prüfungsunterschrift, die Messaging-Apps an Nutzer weitergeben können. Dieser Prozess hilft, Vertrauen zu schaffen, dass E2EE-Nachrichten ohne manuelle Verifizierung durch sicherheitsbewusste Nutzer an die vorgesehenen Empfänger geliefert werden.
Das Unternehmen ist daran interessiert, die Integrität aller Arten von E2EE-Infrastrukturen zu auditieren und lädt Organisationen ein, sich für Audits zu melden. Cloudflare wird bei ihrem ersten Builder Day Live Stream am 26. September um 11 Uhr PT Demos und Produktankündigungen präsentieren.
- Partnership with WhatsApp to audit their open-sourced Auditable Key Directory (AKD)
- Introduction of Plexi, an auditor for Key Transparency infrastructure
- Potential for partnerships with other messaging apps to improve security
- None.
Insights
Cloudflare's introduction of Plexi, an auditor for Key Transparency infrastructure, is a significant advancement in securing end-to-end encrypted messaging. This technology addresses a critical vulnerability in E2EE systems by automating the verification of public keys, which previously relied on manual checks by users.
The partnership with WhatsApp to implement this auditing process is particularly noteworthy. As one of the world's most popular messaging apps, WhatsApp's adoption of Plexi sets a new industry standard for security. This move could potentially influence other messaging platforms to follow suit, raising the overall security bar for digital communications.
For investors, this development positions Cloudflare as a leader in cybersecurity innovation, potentially opening up new revenue streams in the rapidly growing secure communications market. The company's expansion into auditing E2EE infrastructure aligns well with its existing security services, potentially increasing its value proposition to both current and prospective clients.
Cloudflare's new service could significantly impact the $3.5 billion global secure messaging market, which is projected to grow at a CAGR of
The partnership with WhatsApp, which boasts over 2 billion users worldwide, provides Cloudflare with immediate scale and visibility. This could lead to increased adoption of Cloudflare's services across other messaging platforms and potentially drive revenue growth in the company's security segment.
For investors, this move signals Cloudflare's commitment to innovation and its ability to identify and capitalize on emerging market needs. The company's expansion into this niche but critical area of cybersecurity could contribute to long-term growth and market share gains in the broader cybersecurity industry.
Cloudflare and WhatsApp partner to pioneer a third-party security audit on Key Transparency technology
End-to-end encryption (E2EE) is a type of encryption that keeps messages private from everyone, including the actual messaging service itself. With end-to-end encryption, messages are only visible to the sender and the intended recipient. When someone sends a message, it is encrypted on their device before it is transmitted over the Internet. This means that the message is scrambled so that only the recipient's device can decode it. Because the message is encrypted, even WhatsApp cannot read its contents. When the message arrives on the recipient’s device with a matching public key, it is decrypted back into its original form so that the recipient can read it. Many services offer a security key verification, which helps ensure users are indeed chatting with the intended recipient.
While verification of E2EE messaging infrastructure is most salient for security-conscious users like journalists, activists, and human rights defenders, it is recommended for everyone. Security-conscious users can manually verify the security of their conversation by checking a contact’s QR code via an alternative communication method. This verification should be done regularly, whenever a contact gets a new device, or to verify that the messaging app itself did not change or alter the keys.
Introducing Plexi, an auditor for Key Transparency infrastructure
Cloudflare has now introduced Plexi, an auditor for Key Transparency infrastructure. Key Transparency is an emerging standard designed to ensure the authenticity of encryption keys used in end-to-end messaging. It helps verify that the keys on both ends of the communication are legitimate, enabling secure message reception and reading. Cloudflare can now act as an auditor to this technology, by verifying that the logs of these keys are constructed correctly, and providing an audit signature that the messaging app can then pass on to users to improve trust in the system. Cloudflare is proud to partner with WhatsApp to serve as an auditor to their open-sourced Auditable Key Directory (AKD).
“At-risk organizations, journalists, and activists regularly rely on Cloudflare to secure their websites, emails, and traffic. We’re already trusted by millions of organizations and customers, and being an external auditor to end-to-end encrypted messaging apps is a natural extension of those values and our technology,” said Matthew Prince, co-founder and CEO, Cloudflare. “Establishing this verification process with WhatsApp sets a high bar for other messaging apps to follow suit.”
“We’re excited to partner with Cloudflare to further strengthen Key Transparency on WhatsApp and help reaffirm for users that their encrypted session is secure,” said Nitin Gupta, Head of Engineering, WhatsApp. “This partnership with Cloudflare will make it even easier for users to verify the authenticity of their chats.”
Independent researchers and security experts can read the technical blog at https://blog.cloudflare.com/key-transparency for a deeper understanding on how the verification system is built, and review the results of the proof verification published at https://dash.key-transparency.cloudflare.com. Cloudflare is interested in helping audit the integrity of all types of end-to-end encrypted infrastructure; companies or organizations interested in an audit can reach out at https://www.cloudflare.com/lp/privacy-edge/.
To learn more, please check out the resources below:
- Technical Blog: Cloudflare partners with WhatsApp to audit public key infrastructure
- Join us online for demos, product announcements, and more at our first Builder Day Live Stream on September 26 at 11am PT. Register at builderday.pages.dev.
About Cloudflare
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Plexi and its related features and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using Plexi and its related features and Cloudflare’s other products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on August 1, 2024, as well as other filings that Cloudflare may make from time to time with the SEC.
The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.
© 2024 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the
View source version on businesswire.com: https://www.businesswire.com/news/home/20240924561957/en/
Cloudflare, Inc.
Daniella Vallurupalli
Vice President, Head of Global Communications
press@cloudflare.com
Source: Cloudflare, Inc.
FAQ
What is Cloudflare's new service for verifying public keys in messaging apps?
How does Cloudflare's Plexi improve security for WhatsApp users?
When is Cloudflare's Builder Day Live Stream and what will it feature?
How can organizations request Cloudflare (NET) to audit their E2EE infrastructure?
