Right to privacy — Can online communication be private?

Photo by Volodymyr Hryshchenko on Unsplash

Today in the age of smartphones and internet, communication has taken various new forms, we don’t need to be physically close to communicate our thoughts and feelings. We communicate a lot more than we ever did and share our thoughts and opinions all the time.

You may say I don’t need privacy, I have nothing to hide. I find this quote from Edward Snowden’s book Permanent Record very apt for this argument:

Ultimately, saying that you don’t care about privacy because you have nothing to hide is no different from saying you don’t care about freedom of speech because you have nothing to say. Or that you don’t care about freedom of the press because you don’t like to read. Or that you don’t care about freedom of religion because you don’t believe in God. Or that you don’t care about the freedom to peaceably assemble because you’re a lazy, antisocial agoraphobe.

WhatsApp, Telegram and iMessage are among the most popular apps for online communication. They offer text messaging as well as voice and video calls. But are these platforms capable of providing private communication? Before getting started with the analysis of these platforms, I would like to make it clear something that is often mixed up with privacy i.e. anonymity.

Privacy in communication means that the identities of the sender and receiver is not hidden while the contents of their conversation is hidden. Anonymity on the other hand means that even the identities of the sender and receiver is hidden along with their conversation.

WhatsApp — Owned by Facebook Inc.

Photo by Mika Baumeister on Unsplash

One of the most popular platforms for communication, WhatsApp claims to provide end-to-end encryption messages, voice and video calls. Although WhatsApp offers a good level of privacy for the average person, there are some major problems associated with the platform:

  1. Centralized architecture : WhatsApp has a centralized client-server architecture, what it means is, all your private messages go through a server and then are delivered to the people you intended to send it. Though WhatsApp claims that they can’t read this data, there have been incidents that indicate that there are serious security issues in the platform. Also, since every message goes through a server and sometimes retained for over 30 days, there will always be a risk of your private conversations getting leaked and used against you.
  2. Proprietary code : This is another issue which further takes away the confidence from WhatsApp. All of its platform’s code is closed source or proprietary i.e. no body other than WhatsApp can view the code of its application. Platform that is not closed source and is available to public is called Open Source Software (OSS). Open source software provides confidence and credibility in the platform. It also allows the platform to be audited for its security and claims independently. With proprietary code, the security flaws are fixed when WhatsApp gets the knowledge of their existence.
  3. US-based service : WhatsApp is US-based and that in itself poses a major issue. US has various surveillance programs and can make use of National Security Letters (NSLs) with combination of gag orders which forbids the owner(s) of the company to speak about the request. This results in complete government control of the company and its data. An example of it is Lavabit. US is also in the list of countries that have key disclosure laws which require individuals to turn over encryption keys to law enforcement agencies. If that does not make you feel good, US is also part of the Five Eyes alliance which aims at global mass surveillance.
  4. Unencrypted Backups : Although the chats are end-to-end encrypted, the backup functionality on the platform is unencrypted. This backup is stored on the Google Drive and can be viewed and accessed by Google according to its content policy.

Adding to the problems, WhatsApp’s parent company Facebook has been in a number of controversies over its privacy practices and sharing of data with 3rd parties.

iMessage and Facetime — Owned by Apple Inc.

Photo by William Hook on Unsplash

iMessage and Facetime are both provided by Apple in its range of products. It also offers end-to-end encryption on text messages if the sender and receiver both use iMessage. Apple also offers Facetime for voice and video calling also end-to-end encrypted. Although Apple always markets itself as privacy first company, its software implementation does not sits well with its claims and has the same if not more problems compared to WhatsApp

  1. Centralized architecture
  2. Proprietary code
  3. US-based service
  4. Monopolistic attitude : iMessage and Facetime are both exclusive to Apple products. If the user at the other end is using a non-apple device, messages on iMessage won’t be end-to-end encrypted.

Given Apple’s proprietary nature, Apple often encounters security issues that have been present in their code for months. Even with its problems, Apple can still be considered better than WhatsApp given its stand on privacy and controversies with law enforcement agencies to not unlock its hardware devices for investigation.

Telegram Messenger — Owned by Telegram LLP/LLC

Photo by Christian Wiediger on Unsplash

If you thought Telegram is secure or private, you have been fooled by its false press. Telegram is popular because of its unique features and capabilities. It is reminiscent of the Internet Relay Chat (IRC) but is far from it. Telegram has some grave issues that many of its users are not aware of.

  1. Centralized architecture
  2. No end-to-end encryption by default : That’s right, Telegram has end-to-end encryption but it is turned off by default. It is only available for one to one conversation on its mobile client in the form of Secret Chats. There is no support for Secret Chats in its desktop and web client.
  3. Partially proprietary code : Telegram has its client side applications open source but its server side code where the actual problem lies is still closed source software.
  4. Unreliable encryption scheme : Many cryptography experts have criticized Telegram for using an encryption scheme that is not an industry standard.

Telegram has a Russian origin but it has been on a move ever since, from the most recent reports it is currently based in Dubai, UAE. It has been in a lot of controversies but has kept improving over the time. Telegram also promises to make its code completely open source eventually.

If you are still with me, you may have realized that there are a lot of issues with the platforms that most people are using today. If you are wondering if there is any single alternative that offers the best in class privacy and security features, I am sorry to inform you — there are none. Choosing a messaging client is like voting for election candidates, you vote for the least evil.

Signal —Created by Signal Foundation

A snapshot of Signal’s website

Signal has gained a lot of traction in the recent years because of its claim of privacy and superior encryption. It offers end-to-end encryption by default on all text messages and calls, it is completely open source and has been audited independently. Signal also encrypts all of the information associated with your account like profile picture, name etc. Signal Foundation gets its revenue from donations and claims to be nonprofit. Although Signal has a lot of benefits there are some issues.

  1. Centralized architecture
  2. US-based service

Apart from these issues, Signal has often been accused of moving more things to its server which it earlier kept locally on the client’s device. It is also criticized for asking phone numbers for identification but I don’t feel that is a very valid argument because it is a platform designed for privacy, not anonymity.

Briar Project

Snapshot of Briar’s website

Briar Project not just provides privacy, it is meant for anonymous communication. When properly set up it can hide the details of sender and receiver. Briar checks more boxes for privacy than any of the above messengers. It is peer-to-peer which means that there is no central server and users connect directly with each other. It is free and open source software and has been audited. In addition to this Briar can work over Bluetooth and WiFi too.

Given what it offers, the usability of Briar takes a hit. It currently has no media exchange feature, no voice or video calls. It is just pure text messages. It has some additional features like forms, blogs and ability to add RSS feeds.

Warning — It is recommend to route Briar’s traffic through Orbot to anonymize the metadata produced by the application.

With advent of Internet of Things (IoT), it is not too far to ask is physical communication private? Smartphones, speaker assistants, fitness bands, camera etc are all around us, listening to us and even watching us. There have been cases of employees listening to private conversations recorded by these smart devices. I wrote a dystopian story which will give you the sense of data that these smart assistants collect and misuse.

Free thought is empowered by privacy and that’s why I believe it is important to protect privacy of the people. Free thought is the fuel to democracy, it allows the people to make decisions without fear of someone listening or watching them.

Want to claim back your privacy? Start here with my tutorial which gives quick steps to minimize google’s tracking on android phones.