in

Security, privacy and anonymity, aspects to consider in online messaging apps

Key facts:

The applications were analyzed under 3 premises given by a main contributor to Status.

Status, Threema and Matrix are the messaging applications with the highest privacy and security.

Status, the application that integrates secure communication services, wallet and Web3 browser, published on February 2 an article in the blog of the same company, where it compares the security, privacy and anonymity aspects of different online messaging applications.

The article written by James Baker, one of its main contributors and social media manager, compares low three premises the aspects of security privacy and anonymity of the applications of: Status, Signal, Telegram, Whatsapp, Matrix and Threema. The comparison premises are as follows:

What can the application see?: Referring to encryption end-to end or end-to-end, which encrypts messages so that only communicating users can read them. Here both the content of the message and the metadata (connection time, profile photos, group names etc).Anonymity: In this criterion, anonymity is evaluated before the messaging app, that is, if they ask us for some type of personal information to be able to use it, (telephone, mail, IP, etc.).Is it easy to turn off the application ?: This premise refers to the decentralization of the application and those who could eliminate it.

Next, the conclusion of each application is exposed, thrown after analyzing them with each premise:

Signal

This application has been widely used lately as a messaging alternative after the new policies that WhatsApp announced at the beginning of the year. Founded by Mathew Rosenfeld (aka: Moxie Marlispike), security specialist, the application, as reported by CriptoNoticias, was supported by the CEO of Tesla Motors, Elon musk; the technology consultant Edward Snowden; and Andreas Antonopoulos, preacher and evangelist of bitcoin.

In Signal all messages, both content and metadata are encrypted low end-to-end (encryption system), so in theory the only people who can see this information are the sender and the receiver. However, for the application server it is possible to infer who you are talking to. Also, since Signal’s servers are hosted on the Amazon Web Service, Jeff Bezos, CEO of the company, he and his employees may have access to this information.

Signal must be provided with a phone number in order to use it, which according to Baker “in many parts of the world is synonymous with issuing a government-issued identity card.” The application can facilitate your IP (the network identifier of your device) to your contacts, and even relate it to your Signal account. That is why, according to Baker’s second premise, this application is not considered anonymous.

For the last premise, the answer is yes. Signal is easy to close, as it does not have a peer-to-peer architecture like Bitcoin, so the application can close itself. If, for example, the United States government, where the application operates, decides to close it for legal reasons, it could do so because the application is fully centralized.

Telegram

This application was founded by the computer scientist Pável Dúrov, and has been gaining fame due to the drops of WhatsApp and the announcement of its new policies. In fact, by January of this year, as CriptoNoticias reported, Telegram already had around 500 million users.

Telegram can see everything, your group messages, your individual conversations (unless they are in secret mode), your contacts, your profile picture, who you talk to, and even when you talk to people. According to Baker:

This may sound completely contrary to what Telegram says. The reason is that Telegram operates with a different trust model. They assume you trust Telegram but not the government.

James Baker, Status Senior Contributor and Social Media Manager.

On the other hand, the answer to whether Telegram is anonymous or not is: it can be. Again, if you trust Telegram, yes, it also gives you the option to hide your phone number and your name, but if you don’t trust it, then no. To use it you need to provide a phone number that will provide the server with your IP.

So that Telegram does not see your messages you must activate the private conversation mode available in the application. Source: Thomas Ulrich / pixabay.com

Contrary to Signal, Telegram is not so easy to close. If the country from which you operate would like to pay it, the application server has the ability to quickly move to another. Of course, as its structure is centralized, Telegram can close itself.

WhatsApp

Although it was founded by Jam Koum and Brian Acton, former employees of the Yahoo browsing platform, it is currently owned by Mark Zuckerberg, founder of Facebook. Although WhatsApp is the most downloaded messaging service in the world, with the announcement of its new privacy policies, it has given much to talk about, prompting some users to try other messaging applications.

In the case of WhatsApp, it can only see your metadata, that is, things like the time you reply to your messages, your profile picture, the name of your groups, who are the administrators of a group, etc; but they cannot see the content as such of the message (this also includes images and attachments) as it is encrypted with end-to-end. However, lately there have been problems with Backups what the application does on Google and iCloud; so there is information that could be leaking on that side. On this Baker states that:

Although these backups are technically optional, they are repeatedly suggested to the user through a coercive interface. Even if you don’t enable these backups, there’s a good chance that the other party will, compromising the integrity of the end-to-end encryption for both of you.

James Baker, Status Senior Contributor and Social Media Manager

WhatsApp is not anonymous, to use it you have to provide the application with a phone number, which causes your IP to be registered in it, associating it directly with your chat identity. It’s not easy to turn off either, due to its association with Facebook.

WhatsApp difficult to turn off due to its association with Facebook. Source: antonbe / pixabay.com

MATRIX

Matrix is ​​a federated service for secure communication and decentralized that works with Open SourceIn other words, its source code is freely available to anyone, and can be reused or adapted to other digital services, without problem. As founders, the app has, on the one hand, Matthew Hogdson and Amandine Le Pape, who worked together at UC Amdocs, a communication solutions service. On the other hand, it has Jutta Steiner, who is co-founder and CEO of Parity Technologies, a company dedicated to building technology for blockchain.

Matrix can only see metadata. The content of the messages you send and receive is protected by end-to-end encryption. Regarding anonymity, this depends on the home server you are connected to, as it could reveal your IP.

Finally, it is almost impossible for the Matrix to disappear, although problems can occur if the matrix.org home servers or the ICAAN domains where the application operates were closed, this could be easily solved thanks to the peer-to-peer structure (networks peer-to-peer) used by the app.

Threema

Of Swiss origin, it was founded in 2012 by Manuel Kasper. Like Matrix, Threema is a messaging service that works with open source, but it differs from other applications by being paid.

The Swiss application cannot see anything of the content of the messages, because as in other applications these are protected with end-to-end encryption; but you can see some aspects of the metadata such as with whom, and when you speak, and which groups you belong to. Regarding the anonymity of this application Baker writes:

Depends. If you trust that Threema will not reveal your IP address, you are anonymous. If not, you are not anonymous as Threema has the ability to directly associate the identity of your chat with your IP (but probably not).

James Baker, Status Senior Contributor and Social Media Manager

Threema. Unlike the Matrix, it does not work with a peer-to-peer architecture, so Threema itself can shut itself down. Despite this, Baker says that if you trust the Swiss government, it is easy to shut down, but if you trust Threema it is not. It all depends on whether the application is legally committed to shutting down its servers.

STATUS

As said at the beginning of the article, this application is not only for messaging, but it also offers cutting-edge Web3 browser and wallet service. Like the two previous applications, it works with open source. Its founders are Jarrad Hope and Carl Bennets, whom CriptoNoticias spoke about last year for having an open lawsuit in the United States.

Status cannot see anything at all: neither the content of the messages, nor the metadata; both aspects are end-to-end encrypted and the application is very strict regarding privacy, security, and resistance to censorship.

The anonymity within Status has no problems either, to use it you do not need to provide phone numbers, emails, or any other personal information. Also, according to what Baker says, it is impossible for the application to associate your IP address with the identity of the chat.

Finally, regarding the ease of shutting down the application, the answer is: no. Neither the government can turn it off, nor can the Status itself, because for that it would need to have all the nodes through which it operates, and although it has the majority, it is missing some. The application is working so that clients using Status on their computers can run a full node, and with this finish decentralize the application.

In conclusion:

According to Baker’s article, the three best messaging applications in terms of security, privacy and anonymity, are the same Status, Threema and Matrix; On the other hand, Telegram points according to the analysis to be the worst.

Likewise, to the evaluation criteria examined in this article, others could be added, such as if they work with Open Source, which Threema, Matrix and Status do, but WhatsApp and Telegram do not, or if they allow a backup and how necessary it is, since as seen in the case of WhatsApp this can cause problems. Finally, it would be good to evaluate if the profile in the application remains private both for strangers and for our own contacts.