Over the last 3 weeks we've covered various aspects of what we have called Orwell’s Blueprint. Just to refresh your memory, when you leave your house you're carrying an ankle monitor with you, of your own freewill, your cellphone. And that problem doesn't start or end with the phone or the manufacturer, but also lies with cellphone towers, ISPs, Google, Apple, and of course, all the preinstalled apps.
On top of the bloatware which comes with your phone Google and Apple use location services to track you regardless of if you have them turned on or off.
The situation develops further as data is submitted about every move you make, every keystroke you perform, every website you visit, it is all collected, then sold to and/or shared with third parties and used, of course, by Apple and Google themselves. If you believe you are on the safe site because you use an iOS device, think again. We have, however, covered this and given you options for both Android and Apple devices to make them a bit less privacy invasive.
Let’s point this out again, the cellphone is a device that collects metadata on you 24/7, so even with the tweaks, you are not totally private. If you want to be private, do not use a cellphone at all.
The next issue is Facebook, which is installed, not just as an app, but with services on many devices including Samsung, OnePlus etc. We had a guide last week on how to remove these via ADB.
However, a surprisingly good option comes from Google itself, with the Pixel phone. You can install CalyxOS or GrapheneOS on those devices and be ahead of the curve vs iOS or any Android device which comes with Google Services pre-installed.
Finally, if you consider Calyx or GrapheneOS consider your threat model and what you really need. Calyx will offer MircoG which allows you to receive push notifications and allows you to use apps, just like you would if you had Google Services installed. It is a great mix between privacy and usability. GrapheneOS on the other hand is more hardened and my personal choice when it comes to privacy and security on a phone.
The next issue is your communication with many people using WhatsApp, Facebook, Instagram, and the like. The first three are owned by Facebook, and they are as privacy invasive as they can get. On top of that, they've had hacks, on top of leaks and more fuckups (excuse my French) than you can shake a wand at!!!…
It is really worth taking the time to read our research on Facebook.
WhatsApp/Facebook also collects your telephone number, submits all contacts from your address book (including non-Facebook or WhatsApp users) to their servers, as well as your IP address, cellphone model, OS, your battery status(!), your cellphone provider, your location, access to your pictures and lots more.
Now you need to understand Facebook also has shadow profiles on people who do not use Facebook, which means thanks to people who have your contact information, they know a lot about you, even if you do not use Facebook products.
So today we want to talk about replacements and safer ways to communicate on your devices. Messaging apps!
Firstly, understand that not every replacement is equal, and not every threat model is equal. Let’s start with extreme measures.
Threat model - journalist or activist
If you are a Journalist or an activist, the first thing you should do before thinking of a messenger is switching to a Pixel Phone and get GrapheneOS. Then when it comes to messengers get Briar. This is the safest way to communicate, but probably is not every ones cup of tea.
Another option is Session which started as a fork of Signal, yet does not use a telephone number. We have a full review on Session coming up on decentralize.today
If you want to replace WhatsApp or use a secure messenger you have multiple options. The best option feature to look for when you want privacy is decentralization. Which means Briar, Status, Matrix (self-hosted) or XMPP with an app like Conversations. However, these are all not the easiest applications to get your grandmother, family members or even your friends to switch over to.
For regular users, you probably need apps which are encrypted, yet easy to convince others to download and use. Signal comes to mind, which is the gold standard when it comes to encryption. However, your telephone number is required, and even though you could get an online number it still doesn't go well with many. Combine that with AWS servers (Amazon) and Google as well as Microsoft servers, it's not my personal cup of tea. Signal claims it has little to no metadata which could be extracted, but considering these servers have your IP address, and know the time you communicate…it is still metadata, which can be linked to you.
This leaves you with Threema, which is Swiss-based but has a server side operation that is not 100% open-source.
In my books I would stay clear of Telegram which claims to be secure in the one-to-one secret chat, but collects much data in plain text. The E2EE is also not industry standard and as great as the messaging app is, it wouldn’t be my first choice when switching from WhatsApp/Facebook. It shouldn’t be yours ;)
The biggest problem switching from one messenger (like WhatsApp) to a more secure and private messenger is to convince your friends and family to move with you. If you are on iOS and your family is, it probably will be a harder sale to switch from the built-in iMessage to something like Session, Signal or Threema. However, you should still try, and it costs them seconds to download the new messenger.
I learned WhatsApp users are typically 'nothing to hide' users, who come with arguments that they already have WhatsApp, so they don't need to download another messenger. My typical response is then 'well if you don’t download another one, email me in the future. I sure don't download WhatsApp, or anything coming out of Facebook's labs.'
In the next few weeks we are covering cars that track you and the company that push’s evil to another level — Amazon. We will cover ways to use better products and stay safer and clear of Amazon, something that sometimes sounds easier said than done. The goal, however, doesn't need to be to get rid completely of Amazon, Apple, Google and Facebook, but remove parts of them, to use them more safely and, most of all, take some power away from these companies that they've been using to make money out of you.