The latest Privacy policies of Whatsapp giving us a Signal?
Well, the whole world is concerned about the privacy and security of their Whatsapp account overnight. Recently, Whatsapp started rolling out in-app notifications to Android and iOS users revealing an update in its Terms of Service and privacy policy. The notification informed users of an update in the way user data is handled by the platform, how businesses can use Facebook hosted services to store and manage, and the company partners with Facebook to offer integrations across the Facebook company product. It further alerted users that they need to agree to the new terms and policy by 8th Feb 2021 in order to continue using the application. Yes, it is concerning, Whatsapp will now share more data with parent company Facebook.
During this storm, Tesla and SpaceX CEO Elon Musk’s “Use Signal” tweet has led to landslide signup for the Signal app, which seems to be the most private messaging app and doesn’t collect user data, as per their privacy details. The Signal is widely used by security experts, privacy researchers, academics, and journalists around the world. The only personal data Signal stores is your phone number, and it makes no attempt to link that to your identity.
A Squandered Boon
Let us understand certain fundamentals here. End to end encryption on Whatsapp is available on every single mode of communication that the app enables. So all our messages, voice calls, photos, video calls, audio messages, and anything else we share are end-to-end encrypted on Whatsapp. What this means, is that the recipient and I are the only people who can read the messages we exchange. Whatsapp can’t decrypt the contents of our messages, calls, photos, videos, or documents ensuring our security and privacy.
Interestingly, Whatsapp uses the end-to-end protocol developed by Open Whisper Systems, which is the name behind the Signal messenger app. Signal protocol is an open-source piece, widely peer-reviewed, and is considered as one of the best end-to-end encryption protocol for messaging platforms.
While Whatsapp encrypts messages and calls which is enough for most of the end-users, Signal goes one step further and encrypts the metadata too. Signal crafted a new way to communicate between the sender and the recipient and it is called Sealed Sender. Fundamentally this means, no one will be able to know — not even Signal — who is messaging whom. Whatsapp and Signal shares certain common security features such as locking the app with passcode or biometrics, enabled with the feature of two-factor authentication. But Signal comes with little more distinct and attractive features such as an option to block screenshots within the app and recent screen, a feature to blur faces automatically before sending images, etc.
Whatsapp doesn’t encrypt backups (local and cloud). It doesn’t encrypt the metadata which is used to carry communication between two endpoints. Though our actual messages and files are encrypted, Whatsapp authorities can still know who messaged whom and for how long. (On a lighter note, it is something like if you chat about your relationships, dating details, intimate moments over WhatsApp, you may get advertisements and promotions in your Facebook about them. Or if you speak bad about your company on Whatsapp, you may receive new job suggestions in your Facebook tagging your current Manager :P )
The Candor
Moving on, we observe that many people are migrating to Signal which is an open-source run by a nonprofit foundation. One of the significant moves that made people start installing Signal is triggered by Elon Musk’s tweet. We agree this may be for good. However, it is noteworthy that global business operates differently. Brian Acton was the co-founder of Whatsapp who left the company 3 years after Facebook acquired it. Currently, Brian runs the Signal foundation along with Cryptographer Moxie Marlinspike. We never know how all these messenger platforms will turn out to be in the future. We never knew something like Whatsapp before it came into the picture and were completely fine with all the SMS and other applications that existed. Over a period, it so happened that we became too much dependent on Whatsapp and the company grew to new heights and recently got acquired by Facebook. Now we are compelled to agree with their Terms of Service and Privacy policies if we would like to continue using them.
Similarly, we also can’t predict what is the business motivation behind the Signal’s promotion. With one tweet from a giant businessman, millions of user registrations are achieved for the Signal app. What if this app also gets acquired by Tesla or some other big company and roll out similar forced acceptance of Privacy and Security policies to continue using it. Remember, the end user’s dependency would have already been created hugely by then. We have all the choices to select whichever app we need for our messaging requirements. But, at the end of the day, it is all fair in love, war, and BUSINESS.
Lastly, don’t confuse Privacy with Secrecy. I know what you do in the bathroom. But still you close the door. That’s because you want Privacy, not Secrecy.
Kindly remember, Privacy is an illusion in the Digital World 😊
