Let’s answer the question asked at the end of the first post of this series: no, we do not want to transfer our personal data to the third party, whoever this third party might be. Let’s have a look at what instant messaging services can be trustworthy in this case.
For a start let’s define several basic criteria for evaluation: we must know precisely what the financing structure of the service we want to use is like: investments, raised funds, grants. As well as implementation of the declared protection (or ways of decryption) declared by the team. The evaluation of independent experts regarding the code and safety audit results might also be helpful.
Let’s have a look at the top famous brands.
The first one on our list is an exemplary and uncompromising messenger Signal which had a promotion from a ‘star’ expert at the very start and consequently – was very well mentioned in the press.
Signal is open sourced, and it functions on its own protocol which gained irrevocable recognition among the market leaders (the same protocol is used by Facebook Messenger, Google Allo, Skype, WhatsApp). The service exists due to funds from volunteers and grants from social organizations. Apart from that there are mentions about the support of the development team from some governmental institutions.
But, alas, here as well we are going to face disappointment: any attempts to find out what government structures and to what extent they were involved are to no avail. Developers of the messenger do not disclose any data about the size of financing or the conditions thereof.
Conclusion: either Signal is not as uncompromising as it wants to show. Or the team does not value its positive reputation which for the time being boasts abundance. We can say for sure that users’ speculations about Signal partnering with authorities have never been disproved by the team.
As we can see an open source code and good advertisement do not guarantee the protection of our data in case an interest from the government side arises. However, the opposite is true as well.
Another famous product – Skype messenger – which unlike Signal has a huge user base and technical support from the industry giant – everything seems to be clear here. The monetization model is well stabilized, the used protocol is well protected, the owner is well known. However even this success story has hard to notice but still critical failures.
Skype always says ‘yes’ when it comes to requests from authorities to disclose user data. At least we haven’t heard of a ‘no’ to such a partnership proposal. Besides the service has more than on one occasion transferred all the source codes of the program to the government security services letting them control practically all the transferred information.
A latest example: in the autumn of 2017 one of the security experts found a critical vulnerability in the desktop version of Skype which allows to get a full control over the computer under attack. As a response to the article the representatives of the messenger stated that the problem exists and they know about it but – attention! – they are not going to fix it ‘since too much of a code has to be rewritten’.
Let’s interpret into a human language: we are doing well, nothing prevents monetization.
The third is example is probably the most picturesque one. It is about the two giants of the industry, one of which is the world-famous WhatsApp. Jan Koum, the founder of the messenger has always declared a totally transparent model of monetization and guaranteed to its users absolute exemption from ads inside the app. All that the service wants to know is our phone number. Well, and a little bit more: access to our address book, access to our camera, access to the microphone…
WhatsApp and its team has won unconditional trust of users in every corner of our planet. It might have looked as – here it is, the perfect messenger. Until it came to the ‘transaction of the century’ when all our data instantaneously became available to the biggest social network in the world. And the most spammed one as well. Now Facebook regularly offers us to befriend strangers whom it considers our closest friends. And who in turn receive the same offers which eventually leads to the most unpredictable confusions.
Users’ attempts to protest and requests to the supervising authorities haven’t caused any drastic changes. Apart from the fact that Jan Koum has sold half of his shares to Facebook during the recent 12 months. And the WhatsApp’s public affairs office stated that ‘it cooperates with the authorities in charge of the information protection in order to answer all their questions.
Here are three examples of the products when we can see how easily a service can manipulate our trust and how unwilling they are to deal with our problems when it has no direct interest therein.
In our next post we are going to share some positive examples which are luckily available. They are fewer and there will be fewer of them but sometimes even one man in the field is a warrior.