If you've not been living under a rock these past few months, you will have heard about the (now postponed) changes to WhatsApp's privacy policy. There are some problematic things about their privacy policy already, but I'll not be spending your precious time discussing legal and bureaucratic nonsense. Instead, I want to talk about and highlight some things that may or may not allow you to come to the (obviously correct) conclusion that you should be using an open-source messaging app like Telegram or Signal.
Disclaimer: I am not sponsored by, nor was this article commissioned by, Telegram, LLC or any other company. I just happen to really like open-source software and think that Telegram is a great app.
Now, as for why you shouldn't be using WhatsApp.
Proprietary software is hazardous at best.
In general, there are two types of software: proprietary and open-source. Proprietary being software where the underlying source code is not available to the end-user. Open-source software is a class of software in which the source code is available to the user, not only for seeing, but also to be modified. In general, directly modifying the source code of an application is not the best idea, unless you really know what you're doing, but the former idea of transparency is the main focus of open-source in any case.
Most messaging apps these days use some form of encryption (be it end-to-end or client-server) to ensure the privacy and freedom-of-speech of their users. I have talked about encryption before, but to summarise, encryption is a process whereby the data a user is sending or receiving is garbled in some way which includes some secret component which allows only the sender and intended recipient to read the message. Now, you might ask, "why do I even need encryption? I don't have anything to hide!" And, to be fair, that's probably true. However, the "nothing to hide, nothing to fear" argument is faulty at best. You may not think you regularly discuss incriminating topics, but do you really want the government, or for that matter anyone and his dog to be able to read everything you have ever said to anyone? The problem with unencrypted communication over the internet is that this is the implication. Your data and whatever you discuss with whomever you discuss it with is permanent. In theory, it would be possible to retrieve every single conversation you have ever had using WhatsApp or any other messaging app were they to not use encryption.
The problem with encryption and proprietary software.
When using encryption, it is very important for the end-user to be able to see and verify that they are using secure encryption and that said encryption is actually what is happening behind the scenes of their messaging app of choice. When it comes to software where the end-user can't see the underlying source code, the user has no guarantee that the software they are using actually uses encryption. This is because even though the company might claim to be using encryption, the user can't see the source code and to that effect, doesn't know anything about how the app works. So this is where the nails start hitting the coffin for software like WhatsApp. WhatsApp is proprietary software. It is conceivable that they could be using a broken encryption protocol or, better yet, they may even have some sort of backdoor into the encryption they are using, allowing them and any interested party to see every conversation you have ever had using their app. Furthermore, we know that in the past, the NSA and various other government organisations have approached WhatsApp to ask them to decrypt user messages. Now, to their credit, WhatsApp claims to have denied them access to this data on the grounds that it is impossible for them to decrypt user messages even if they wanted to, but the new privacy policy changes seem to imply that WhatsApp may be having a change of heart relating to the privacy of their users. Given that Facebook, the company that owns WhatsApp, has had some unpleasant run-ins with the law recently, they may be inclined to save their company, rather than their users. So next time the government comes knocking on their door, do you really think they will be putting their arse on the line to save yours?
Thank you for reading my article about WhatsApp and their problematic business model. I would like to stress that I don't think any company or government is out to get us. I merely think that giving people access to private information is not something I wake up every morning to celebrate. I thoroughly believe in what Tom Scott called "cockup before conspiracy." The idea that you should never attribute to malice what could be explained by simple incompetence. Tom has also made a video about why the government shouldn't add a backdoor for encryption which you can watch here.
So, yeah. I haven't posted anything in a while. But I'm back at it again now and hope to see you soon for the next article. There have been some, well, problematic things going on in my life and I haven't really had the time or motivation to post another article, but that's all sorted out now and I'll be back on the ball in the coming months. Thank you to everyone who reads my terrible writing and I hope to see you all with the next article!
ReplyDelete