Is Peer-to-Peer Messaging Getting Worse at Protecting Your Privacy?9th May 2019
Peer-to-peer messaging has become the life force of communication, not just for individuals but for online businesses as well. With today’s social media being the main distribution platform, messaging in this environment is the ideal medium for user engagement. Even though it plays such a large role in our lives, concerns are being brought up:
- How well are they protecting our online privacy and freedom of expression?
- Are these platforms rewarding you as much as you deserve for your participation?
In most cases, the answers are disappointing. This could make you think that peer-to-peer messaging is getting worse, especially from a privacy standpoint. However, in this article, we’re going to prove you wrong. Blockchain technology answers both of these questions in one shot, by using default encryption and direct cryptocurrency rewards. Ghost Talk is one current project leveraging today’s latest blockchain technology. But before getting to understand why their solution could deliver true private communication, let’s examine the pros and cons of the messaging apps you’re currently using.
How did messaging apps become so important in our lives?
If you want to understand how young written text communication is, let me tell you that the very first text message was sent in 1992. It was sent to an Orbitel 901 phone by a Vodafone engineer, simply stating: MERRY CHRISTMAS.
Fast forward a few years and the first usable chat application was created in 1999, AOL Instant Messenger (AIM). How do you think people received it? In the same year, it reached 18 million simultaneous users. They loved it!
And this is when the security concerns of our private conversations were questioned, too. The team behind Microsoft’s MSN Messenger, the competition, was hacking AIM daily for weeks until AOL fixed its own security flaw and blocked Microsoft for good.
Google Talk (now known as Hangouts) launched in 2005 and WhatsApp came as a free mobile messaging app in 2013, overtaking the number of SMS messages sent every day, but the era of messaging started when devices powered by iOS and Android came into the market. By 2017 Apple was counting 6.3 trillion iMessages a day!
Believing that a messaging app built today can overtake any of the current leaders may seem impossible, but it can be done, especially if it directly addresses the flaws and issues that users have. Projects like Ghost Talk are here because confidentiality is critical for our communication and that’s simply a natural step in technological evolution.
Messaging apps are not even close to reaching their full potential. In China, WeChat already popularizes conversational commerce. You can book movie tickets or hail for taxis directly in your messenger. It even replaces waiters in some restaurants, but that’s something a bit unconventional.
As futuristic as it sounds, though, WeChat raises huge privacy concerns. When most of the companies behind the popular messaging apps stated that they will not build a “backdoor” enabling governments to access user’s encrypted messages, Tencent, the company who owns WeChat, was the only one who didn’t make a public statement supporting this position. Concerning, right?
The situation in the West is no different either. Amber Rudd, while she was the Home Secretary of the UK, called for technology companies to build such backdoors into their encrypted content for security services to use when they require access in the fight against terrorism. Did our current messaging apps stand in front of government pressure? Let’s have a look at those apps who brands themselves as secure messaging apps and take a strong stance on protecting users’ privacy and freedom of expression, including the previously mentioned Ghost Talk.
In privacy we (don’t) trust!
Signal Private Messenger is considered to be the pioneer of this whole secure messaging app sector. It came as an open-source platform where anyone can freely inspect the app’s code for any flaws in its security. This was a double-edged sword for them, however, because other companies just took their underlying protocol and implemented it in their solution; WhatsApp being one of them. Of course, Facebook’s implementation came with some vulnerabilities, but we’ll talk about these next. The major drawback for Signal is the fairly plain and basic appearance that other apps were able to address.
And that’s not all. Signal raised some concerns when a bug prevented the deletion of a set of messages users had designated to disappear. The team fixed the issue, but could it happen again?
The Telegram messaging app is known for having the best security. The “secret chat” function guarantees that messages would self-destruct automatically across all devices involved. 100 million users are trusting it with their private conversations. But how many of these are using a secret mode? Given that this functionality is not enabled by default, we can think that Telegram is not that honest in its doings either. Actually, the team never allowed an independent auditor to evaluate their cryptography, meaning it’s difficult to know how trustworthy they are. Should we believe their word when they claim that no sensitive user data is actually retained?
WhatsApp is one of the most popular and secure messaging apps, trusted by over 1.5 billion users. Having integrated Signal’s encrypted chat protocol, a great user interface, and coming with features like group chats granted it much success. The privacy concerns, however, were raised in 2014 when Facebook acquired it for $19 billion. Facebook is notorious for its data collection and intentions to target users with ads. They haven’t hidden the fact that they are planning to share WhatsApp user data with Facebook for ad targeting. As a user you can opt out, but does it really stop them from spying on you?
That’s not all. It seems that the application itself comes with vulnerabilities. Security researcher Tobias Boelter claimed that WhatsApp is able to create new encryption keys for offline users, unknown to the sender or recipient, meaning that the company could generate new keys with which it could read encrypted messages sent through their service. Sounds like the “backdoor” feature governments are asking for. Is it crazy to think that this vulnerability was left there intentionally?
Facebook is getting bigger and this year, in January 2019, its CEO, Mark Zuckerberg, revealed that it plans to integrate Whatsapp, Facebook Messenger, and the Instagram messaging service onto one unified technical infrastructure. This could go wrong in many ways.
Matthew Green, a cryptographer at Johns Hopkins University, explains that “Encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to, you’re screwed.”
The goal of end-to-end encryption is to transform the content of your messages into unintelligible chunks of data while it’s being sent. Along the way, the message is unreadable, but the person at the other end could show the chat to someone else, take screenshots, or retain the conversation on their device indefinitely. Paul Manafort, Trump’s former campaign chair, even found himself being prosecuted after the FBI obtained messages he sent over WhatsApp from the people who received them. Technically, your messages are safe, but most messaging apps are keeping a record of who you’re chatting with.
And how does this comply with the European General Data Protection Regulation (GDPR) which is essential for any enterprise to function legally in the European space? WhatsApp is not GDPR-compliant. When it’s uploading all contacts from its user’s address book it violates a law of data protection based on which an enterprise loses control over personal data, in this case, its own employees’ data.
A new privacy issue
This being said, the question changes from “Is my data being intercepted by any third-party services?” into “How can I communicate with the other party without giving it ownership of my data?”
Ghost Talk, a disruptive social media application with the goal of protecting users’ data, is coming with new security-minded features like automatic deletion of the messages which allows users to ensure that all messages disappear immediately upon being read by the receiving party.
Several other encrypted messaging apps are offering the same disappearing message feature to help ensure that neither you nor the person you’re chatting with keeps data around longer than necessary. However, Ghost Talk offers more than just private communication. It changes the way users are interacting with enterprises, small businesses, artists, and promoters: every user is rewarded for their participation.
Ghost Talk uses a decentralized payment platform to reward users of its social media messaging application using immutable smart contracts and cryptocurrency rewards. Any activity in the messaging app generates XSCC (Smart Coin token) rewards. Additionally, the level of interaction that we’ve seen in the WeChat app would bring those users quite an interesting profit if they would use the Ghost Talk messaging ecosystem instead.
What’s the catch then? There’s none. Ghost Talk reinvents the way platform’s participants are rewarded in a completely new model. A model that can address the current messaging apps like GDPR-compliance. Ghost Talk processes data only in accordance with data protection laws and based on pre-defined purposes, as well as taking comprehensive measures to protect personal data.
Ghost Talk addresses privacy issues in the most straightforward way, and its promise transcends toward a future where content creation and branding, the most important parts of any successful social media platform, are put into the hands of the users.
It’s true that our communications are under constant threat from unjustified spying by companies, hackers, or the authorities. However, the level of encryption is not necessarily a problem. We need an entirely new model in order to protect the most intimate details of our personal life, which many of us are sharing through these messaging apps.
Popular tech companies failed to take the basics steps needed to protect our rights and now they are failing to remain trustworthy. And when that last drop of trust will finally be consumed, we’ll have two choices: stop using text messages all together (hard to believe that’s possible) or support honest companies to build new models that are benefiting the users’ privacy. Ghost Talk proposes such a unique model. Could this be the future? Only time will tell. But either way, it sounds better than all the other popular messaging apps that are repeating the same features and functionalities and failing year after year!
Is Peer-to-Peer Messaging Getting Worse at Protecting Your Privacy? was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.