Minding people snooping over your shoulder on the train is bad enough. (Ketut Subiyanto / Pexels/)
Starting on May 15, WhatsApp will begin sharing some of its users’ data with its parent company, Facebook to “connect your WhatsApp experiences with other Facebook Company products.” The news has some cybersecurity experts and privacy activists sounding the alarm, as this decision means a less-secure service for WhatsApp’s 2 billion users.
And if you think metadata doesn’t matter, think again—someone following you around, noting what time you left your home, what train you took, and who you visited is still creepy even if they cannot see what you’re carrying in your bag.
Should you leave WhatsApp behind?
The platforms you trust and how much you value your data is ultimately up to you, but it’s definitely worth more than you might think—and you should protect it. In the physical world, there’s no such thing as a free lunch, and that’s also true on the internet. Most of the services that make their way into our day-to-day also come with a price tag—we pay in dollars or data.
If you think the service you’re getting is worth letting a multinational company snoop around in your life, you’re welcome to let them. But if you feel uncomfortable when companies change the rules to potentially access more than what you’re willing to give them, know that it’s possible to walk away.
“It’s easy to succumb to security and privacy nihilism and feel like the choices you make don’t matter,” says Gennie Gebhart, acting activism director at the Electronic Frontier Foundation. “That’s what the surveillance giants of today—not just Facebook, but also Google, Amazon, and countless shadowy data brokers—want you to think. Don’t buy it.”
The web is wide and diverse, and there are plenty of platforms that will satisfy your messaging needs without asking you to disclose everything about yourself. It’s just a matter of looking.
The golden standard of secure messaging apps, Signal is a stripped-down platform designed to put privacy and security first. In fact, the app’s Open Whisper Signal protocol is also embedded within the code of competitors such as Telegram, Viber, and Skype.
Signal is free, open-source, and operated by The Signal Foundation—a non-profit with a mission to “develop open-source privacy technology.” Brian Acton, one of WhatsApp’s founders, left Facebook (reportedly on bad terms) after the company acquired his platform and donated $50 million to create the foundation. It’s one of the main reasons users trust the app, as there’s no big tech company behind it.
The platform supports texting, video and voice calls, and file-sharing. Privacy-wise, you can set your messages to self-destruct at any time from 5 seconds after they’re read to a week after you send them. E2E encryption protects everything you share through Signal by default, and the foundation says it doesn’t keep any backups on its servers. The US government subpoenaed user data in 2016, but authorities only got their hands on the dates accounts were created, dates of last connections, and phone numbers.
Handing over a phone number to create an account—and automatically sharing it with anybody who might find you through the app—defeats the purpose of anonymity. Signal’s developers say they’re thinking of a way around it, but as of writing there’s no date or specific project in the works to resolve this.
Another downside to Signal is that you won’t find the levels of customization you may be used to as a WhatsApp user. That means no chat wallpapers or quoting stickers on replies, for example. Still, Signal does its job well, and as more people get on board, it’ll be easier to keep in touch with your loved ones without anybody snooping around.
Signal is free for iOS, Android, Mac, Windows, and Linux.
Immediately after WhatsApp’s announcement, Telegram’s user base started growing, and the app reached 25 million users in mid-January. Such quick growth is logical, as the app is one of the most well-known secure messaging platforms, and at the time of writing it was the most-downloaded free app on both Apple’s App Store and Google Play.
The app supports texting, voice and video calls, public channels, and file-sharing, with an interface highly similar to WhatsApp’s iOS appearance, so switching over should be seamless.
The platform also uses E2E encryption, but not by default. Only Secret Chats, which are one-to-one, are protected by this protocol. These chats leave no trace: Telegram’s servers erase the encrypted messages once they’ve been delivered, and you can have sent-messages self-destruct after a specific time. Secret Chats cannot be forwarded, and users can’t take screenshots of them. This is great from a privacy standpoint, but it also means that all other communications (group chats, channels, and non-secret chats) are cloud-based and encryption protection ends when they hit the server.
The lack of widespread E2E encryption is meant to allow users instant access to backups, no matter when they joined a channel or group chat, or what device they’re using, Telegram says. It also argues that government agencies might target users using “niche apps” such as Signal, assuming that anyone opting for that high level of privacy has something to hide. Having less-secure encryption as the default, Telegram says, protects users from unwanted surveillance.
As opposed to WhatsApp, which uses third-party servers like iCloud or Google Drive to store backups—giving Apple and Google the ability to manage that information—Telegram’s backups live on its own servers around the world. It claims chats, no matter what type, are all secured the same way, but because the encryption key for regular chats is stored on the same server, Telegram technically also has access to it and can decrypt your messages.
“Telegram doesn’t have a great track record of responding to high-risk users,” she says. “My impression is that a lot of Telegram’s ‘secure’ reputation comes from its association with the Hong Kong protests, but the app was also useful in that environment for a lot of specific reasons, like no phone number requirement or the support for massive groups.”
This last feature, which allows users to create chats that can impressively host up to 200,000 members, is a major reason the platform has been criticized. These unmoderated public channels have also become fertile ground for the distribution of misinformation and illegal content, such as revenge and child pornography. WhatsApp had a similar problem, which is why they eventually limited message-forwarding and the size of group chats. Telegram has refused to do so.
Telegram is free for iOS, Android, Mac, Windows, Linux, and on the web.
Less popular than Signal or Telegram, Dust is a good option if you want to keep your content as secure as you can. The app works as an E2E encrypted messaging platform, a privacy-focused functionality that lets users hide their tracks online, and a monitoring system that will instantly alert you if any of your passwords are compromised as part of a data leak.
By default, messages (or “dusts”) disappear from the app’s servers right after they’re sent, and chat histories are automatically erased from your phone every 24 hours. On top of that, you (or your contact) can delete messages on both ends of the conversation with just one tap, and you can sign up by using only your phone number.
There’s a social aspect to Dust, in which you can gain followers and send out blasts, but you don’t have to engage with any of that if you’re only interested in using its messaging feature. The bad news is that the platform doesn’t currently support video or voice calls—only texting and file sharing—which may be a deal-breaker if you want a more comprehensive service.
Dust is free for iOS and Android.
All your messages and data are important. You should be able to trust the platform that manages them. (Chris Yang / Unsplash/)
This app is open-source, E2E encrypted, and—just like Dust and Signal—deletes messages from its servers right after they’re delivered. Threema doesn’t require a phone number or email to sign up, instead verifying users through QR codes, which allows them to be completely anonymous (unlike Signal).
Threema supports texting, voice and video calls, and the company’s headquarters and servers are located in Switzerland, which makes the platform completely compliant with the more strict European privacy regulations.
The app’s major drawback is that you have to pay for it, but this allows its developers to sustain the platform without ads or data-harvesting. This might also explain why it only had 8 million users worldwide as of January 2020.
Threema is $2.99 for iOS, Android, and on the web.
This app also protects your content (texts, voice calls, and video chats) with default E2E encryption, whether you’re engaging in one-on-one conversations or group interactions. Chat bots are the exception to this rule, but Viber does a nice job identifying these with a different icon.
If you choose this app, you’ll have to make sure you keep it up to date, as only versions 6.0 and later have E2E encrypted messaging. And you won’t only have to worry about what’s on your phone—if you’re chatting with someone using an older version of Viber, you can kiss E2E encryption bye-bye.
The platform has a smart way of flagging situations like this, though, using a color-coded system to let you know if there’s something you should be worried about. Red means there’s no E2E encryption; gray means chats are encrypted, but the app is unable to certify the other party as trusted, while green chats are nice and secure—your content is E2E encrypted and the user you’re talking to is trusted.
Just like Telegram, Viber also has public channels called Communities, and these messages are only SSL encrypted. This protects data in transit, but once it’s on the app’s servers, it’s readable by Viber or any other member of the community, which allows new members to access all backlogs.
Viber’s privacy features include the ability to set self-destructing timers for messages, edit and delete messages on all devices with a tap, and get notifications if a user takes a screenshot of a chat you’re in. You can also archive chats and access them with a PIN whenever you want, and create safe chats, where your personal information (like your profile picture or phone number) won’t be displayed if you’re talking to someone who’s not on your contact list.
Viber is free for iOS, iPadOS, Android, Mac, Windows, and Linux.
If you’re an Apple user, you’re in luck, as you have access to the company’s built-in E2E encrypted messaging platform. Now, the catch is that iMessage only works with this security standard when you’re chatting with other Apple users—if one of your friends uses an Android device, the high-standard privacy pretty much goes out the window.
Because iMessage doesn’t play nice with other messaging apps, it immediately switches to the not-so-good-ol’ SMS message whenever it cannot use Apple’s protocol, turning chat bubbles from blue to green. This type of message is reliable, as it doesn’t require your device to have lots of bars to work, but it’s neither secure nor private—SMS messages can be traced, intercepted, and stored by your service provider, who can gladly hand them over to authorities, if asked politely.
This is also an issue for interactions between Apple users, though. By default, iMessage switches gears also when connectivity is low. The problem is that you won’t actually know if this has happened, as individual bubbles in your chats won’t change color to show how they were delivered.
The good news is that you can disable this feature—just go to the iMessage settings menu and turn off the toggle switch next to Send as SMS.
iMessage is built into Apple devices.
#secure #alternatives #WhatsApp