Security vs. Privacy — Why should you have to choose on messaging apps?
By Gina Mantica
Secure messaging platforms aren’t necessarily private. Though the messages’ contents might be encrypted, or protected from unauthorized users, the apps can still collect other private information about the platform’s users and communications.
This collection of information about users’ data, known as metadata, is what sparked the historic Federal Trade Commission (FTC) penalty on Facebook in 2019. Now, Facebook is once again at the center of online privacy concerns. WhatsApp, acquired by Facebook in 2014, recently revealed that the app collects private information on its users including (but not limited to) their location information, purchase history, and contact lists. And, that information is being shared with Facebook.
We asked two cybersecurity experts at the Hariri Institute about the privacy of “secure” messaging platforms like WhatsApp, and what messaging platforms they would recommend.
2. Is WhatsApp a secure and private communications platform? Why or why not?
Scheffler: It’s certainly fair to say WhatsApp is secure. WhatsApp is certainly more private than chat apps that don’t have any end-to-end encryption at all (most of them), and it’s a heck of a lot more private than Facebook’s other chat app, Messenger. But at the end of the day, and especially with its recent changes, it’s moving farther and farther from privacy, keeping only the actual message content secret and tracking pretty much everything else.
Trachtenberg: WhatsApp has recently decided to collect and share information with its parent company, Facebook. This is clearly very important to their business model, because they have threatened to stop service to the many users who disagree with this new policy. Reading through their privacy policies, one can see that they automatically collect information about user activity and device information, and they also may get information about you from third parties. This means that, even if your messages are encrypted, they may be able to track your activity (even outside of the app).
3. What should people look for when choosing a communications platform or app?
Scheffler: The actual functionality of all these messaging apps is pretty much identical. So if that’s the case, why not go with one that maximizes your privacy? It seems prudent to keep what feels like a private conversation actually private. And that’s not even getting into actual threats people might face from not using private chat apps.
Trachtenberg: I feel that the most important question to ask is “how is this platform or app making its money?” Platforms are costly, requiring the dedicated work of many engineers, and it is important for users to understand just who is paying for those engineers and how. Only in this manner can they make a more informed decision about the risks of participation.
4. Are there any communications apps that you’d recommend? Any that you’d warn against?
Scheffler: Signal is great. For video, Jitsi (though it has compatibility issues with Firefox, so I don’t personally use it often).
Trachtenberg: Since the WhatsApp privacy decision, I have discontinued the use of WhatsApp and moved toward Signal, a privacy-oriented app. I have also stopped using Facebook and moved to MeWe, whose terms of service appear to be very privacy focused.
Interview has been edited and condensed for clarity.
Originally published on Boston University Hariri Institute News site here.
For additional commentary by Boston University experts, follow us on Twitter at @BUexperts. For research updates from the Boston University Hariri Institute for Computing follow @BU_Computing. Follow Sarah Scheffler on Twitter at @SelfAndMirrors.
Originally published at https://www.bu.edu on January 12, 2021.