Blog piece submitted by The New Oil
WhatsApp is unarguably the most popular encrypted messaging app on the planet with over 2 billion worldwide users. The app is the de-facto communication method in many parts of the world like Latin America, India, and large parts of Europe and Africa. The app is also popular with international families – that is, families where members reside in different countries – because it allows real-time communication without needing an international phone plan.
WhatsApp’s encryption is, presumably, top-notch because it was built on Open Whisper System’s Signal Protocol, which is already regarded by experts as being one of the strongest encryption algorithms currently on the market. I use the word “presumably” because WhatsApp is not open source, which means we can’t verify these claims.
However, the Signal Protocol is, so that’s something. On the topic of encryption, it’s also important to note that WhatsApp popularized “end-to-end encryption,” which means that nobody has access to the actual content of the messages except for the people in the chat – not even Facebook.
Recently, WhatsApp announced ephemeral – or “disappearing” – messages as a new feature. This feature may be new to WhatsApp but many other encrypted messengers have offered it for years such as Wire, Wickr, Signal, and more. So now that WhatsApp has joined the club, is this finally a point in their favor?
In a word, yes, but not enough to matter. For starters, WhatsApp’s ephemeral messages only come with one choice of length: one week. That means your choices are “messages disappear after one week” or “messages don’t disappear.” That’s not a very impressive breadth of choices, especially when other platforms offer a range of options from one week to a few seconds. For another, there is no protection against someone screenshotting or copying your message. To WhatsApp’s defense, that’s true of any other messenger as well.
Additionally, WhatsApp’s clock begins as soon as you send the message. With most other messengers, the timer begins separately for each person as soon as they read the message. So in Signal, for example, if I send you a message that disappears in 24 hours, it will be gone from my device in 24 hours. If you don’t open that message for 6 hours, then it won’t disappear from your device until 30 hours after I sent it. With WhatsApp, the message is gone after 7 days whether you read it or not. That’s troublesome in some cases. But that’s not the biggest reason. The biggest reason you shouldn’t be using WhatsApp is because Facebook still records the metadata. If you’re not familiar with metadata, let me introduce you.
Suppose I call you. Metadata is “data about the data,” or basically everything except the content of the call. So it’s my phone number calling your phone number, the time and date, the duration of the call, maybe even the location of both of our phones, etc. That may not sound so bad, and honestly 90% of the time it really isn’t. The problem is that metadata doesn’t tell the full story. Imagine two people go into a room together for a couple hours. You could make any number of inferences, from sexual or drug activity all the way to napping or playing video games. One could argue that the solution here is more metadata to give more context, or even a lack of end-to-end encryption altogether to end the mystery once and for all. After all, “I’ve got nothing to hide.” But I disagree. The solution is less metadata.
Privacy is unarguably a human right. It was explicitly designated so in Article 12 of the United Nation’s 1948 Universal Declaration of Human Rights. That alone, in my opinion, should negate any additional discussions such as the US’s 4th Amendment, the potential abuse of data, or anything else. Furthermore, numerous studies have found no evidence to support the idea that mass surveillance actually helps prevent or solve crime. So the idea that giving up your privacy to help exonerate yourself is a solution is actually flawed, because giving up your privacy doesn’t help create a safer world in the first place. As such, the best solution is not to give up your privacy.
So yes, the addition of disappearing messages is a great step forward for WhatsApp. But the real issue that they need to address is the breadth of metadata they log. Don’t get me wrong, I welcome any improvement in privacy or security with any app, privacy-focused or not. And I suppose – if my back were against the wall – I would advocate WhatsApp over regular SMS. But our backs are not against the wall and we have many better options to choose from. If you currently use WhatsApp, I highly encourage you to find a better app to switch to such as Signal, Wire, Element, or even XMPP if your friends and family are tech-savvy enough. If you’re not using WhatsApp but are using SMS, I encourage you to check out one of those apps anyways.
And remember that while we should congratulate progress, we should always be sure to consider the bigger picture in deciding who to trust with our data.