Messaging in 2021: Privacy v/s Security?
Should the user really have to choose between security and privacy to be able to communicate with friends and family?
What is the latest policy update?
It is fair for a company to ask you to accept the policies. Users are free not to accept the policies and not use the app. However, the challenge here is that WhatsApp already has millions of users. With the latest policy change, users are at the risk of losing their existing data including all the chats. This move effectively forces people to accept the policy and continue using WhatsApp.
If there is no major change in policy then why is it a big deal?
The underlying problem is that WhatsApp is capturing a lot more data from you than they would need to offer a simple messaging service. The data that is being collected includes location information, device information such as battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers. This information is then further shared with other “Facebook Companies” and third-parties. However, at this point, the collected information is not used to present ads to the users on WhatsApp.
Are there any alternatives and are they any better?
It depends. It entirely depends on what your expectations from a messaging app is. What is more important to you — privacy or security or both?
While security and privacy are closely related, it is important to acknowledge the difference. Security is all about protecting your data while Privacy is about protecting your identity and your rights to control how your data is used.
Server-Client Encryption(SC) v/s End-to-End Encryption(E2E)
Before meeting various alternatives to WhatsApp, it’s slightly important to understand the different security mechanisms behind these apps in simple words.
E2E encryption means that the encryption keys are stored on your device and not on any server. This essentially means that the chats can only be read by the sender and recipient.
The keys in SC encryption are stored on the company servers, which means that chats can be accessed by anyone who has access to those servers.
The app has been in the news for various reasons — good and bad. In many ways, Telegram can be considered at par with WhatsApp. Telegram offers two types of chats — “normal/private chats” and “secret chats”. Normal/Private chats are encrypted using server-to-client encryption, whereas secret chats use end-to-end encryption. Telegram has implemented its variant of both encryption mechanisms called MTProto. There has been significant backlash from the community about Telegram’s MTProto mobile protocols, and it’s security.
A very simple service with all necessary features of a messaging app, yet security and privacy-preserving. Signal uses the open-source Signal protocol to provide end-to-end encryption. WhatsApp uses the very same protocol in its encryption. Signal protocol is open-source, has undergone significant security audits by researchers, and has been found to be cryptographically robust.
Signal collects bare minimum information from the user — their mobile number to provide the services. This information is shared with the third party to send verification codes.
Security v/s Privacy
As technology evolves, it should make lives easier and not difficult. Users shouldn’t have to worry about their privacy constantly. Neither should they compromise on the security of their data. One cannot simply switch to using another service when all their friends and family continue using other services.
However, with awareness, users can make informed decisions about what’s best for them and change the trend. I believe users should have enough power to make decisions for themselves — informed decisions — rather than companies making it for them.