WhatsApp Now On the List of Massive Data Collectors

whatsapp2

TechViews News   …..

Remember when people told you to use WhatsApp because it was supposed to be secure? Yet people who actually knew a thing or two about security and privacy told you that was not true?

Well, the time has come to pay attention to those warnings.

It was announced last week that the final coding for the merger of WhatsApp, Facebook Messenger and Instagram had taken place. In case you weren’t aware, Facebook owns WhatsApp and Instagram and has been collecting their user data and their messaging contents all along.

The news that the purpose for the merger is to create a unified messaging platform quickly renewed the concerns about privacy and personal data collection. Mark Zuckerberg has stated that he wants the new platform that integrates WhatsApp, Facebook and Instagram messaging to be almost seamless. That means that all the problems that Facebook is having with its legal issues regarding violations of personal privacy will now be passed on to Instagram and WhatsApp.

Of the three messaging services, only WhatsApp currently claims to support end-to-end encryption. Tests have shown that’s not necessarily true, but then Mr. Zuckerberg has made many claims about personal privacy that have shown to be totally false.

Facebook Messenger users need to switch the ‘secret conversations’ feature on and Instagram users get no such option at all. Even then, you must be logged in to the ‘mother-app’ to use the messaging service.

Here’s the thing then: what happens if, for example, an Instagram user (or a Facebook Messenger user with secret conversations toggled off) messages a WhatsApp user? Will there be an expectation from the WhatsApp user that all their messages are encrypted across the entire communication process? Remember, Instagram messages aren’t encrypted. Will the new unified platform attempt to claim end-to-end encryption for all users regardless of which service they are actually using?

As of now, the technology allows security only between users of the same application. That means if you want security, a WhatsApp user can only communicate with another WhatsApp user. Nothing outside that loop can be secure. And when three different systems become able to communicate with each other via the same back-end platform, will WhatsApp users lose security if you message an Instagram or Facebook Messenger user?

Secure messaging for the user will be much harder to achieve, at least in a way that could be thought of as being secure. Or at least it will be unless the plan is to completely re-engineer all three messaging services from the ground up.

This is not just a case of bolting the Signal protocol (the most complete and secure messaging protocol) onto Instagram and Facebook Messenger. All three implementations of the Signal protocol would need to be identical to ensure seamless and secure end-to-end encrypted messages. That can only be achieved if all three messaging systems are re-engineered from scratch to replace existing systems.

Why is this so problematical? You only have to look at the car-crash that security of Internet of Things devices is for the answer: security that is bolted on as an afterthought is notoriously flakey and will never be as solid as that which is built in by design. OK, so the answer is adding end-to-end encryption to both Facebook Messenger and Instagram by default which would make securely delivering a unified communications platform much easier, right? Well, not necessarily.

It’s certainly the most logical step, but far from being straightforward. I’m pretty sure that the software engineering team working on the cross-platform integration would be able to address the technical issues but the bigger roadblock might be in the corporate boardroom.

Facebook CEO, Mark Zuckerberg, wrote an op-ed for the Wall Street Journal last Thursday which defended Facebook’s data collection reasoning. “People consistently tell us that if they’re going to see ads, they want them to be relevant” Zuckerberg insisted, before adding that when users were asked for permission to collect data to improve the relevancy of adverts as part of the EU General Data Protection Regulation (GDPR) compliance process “the vast majority want to be able to refuse Facebook’s data collection practices.”

What has this got to do with end-to-end encryption and the planned unified messaging platform?

Only everything, that’s all.

Be Safe – Backup Your Data Regularly!

**********

And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.

Advertisements