Private messengers: what can they really see?

in hive-108451 •  4 years ago 

This article aims to provide a fair and thorough comparison of the current private messaging apps in terms of their privacy, security, and anonymity. However, it must be abundantly clear that this post is written by me . I strongly encourage you to read, do your own due diligence, and correct me if I am wrong.

For the purposes of simplicity for the average reader, anonymity will be defined as a complete dissociation of one's chat identity and their true identity.

Telegram
What can Telegram servers see?

Basically everything. They can see every message you've ever sent in a group chat, most of your 1:1 conversations (not secret chats), all your contacts, your profile picture and your bio. They know who you talk to, and at what time (even if it's a secret chat!). They know the members, name, and icon of every single group (including private ones) .

This may sound completely contrary to what Telegram says. The reason is that Telegram fundamentally operates on a different trust model. They assume that you trust Telegram, but not the government.

Telegram splits up their encryption keys and stores the separate pieces in several different jurisdictions. In theory, this means that all of the jurisdictions used by Telegram would have to cooperate in order to obtain any user data. They claim this has allowed them to not release a single byte of user data. These claims, by their very nature, are unverifiable, and require that you trust Telegram. If that's good enough for you, use Telegram.

WhatsApp
What can WhatsApp servers see?

All the metadata, but none of the content. They can see your profile picture, who you talk to, and when. They can see who is a member of a given private group, the group icon, the group name, and which members are the administrators of said group. But your messages, pictures, attachments, status updates and calls are all end-to-end encrypted.

However, it is very important to note that the end-to-end encryption of WhatsApp messages has been repeatedly compromised through unencrypted Google or iCloud backups. Although these backups are technically optionally, they are repeatedly suggested to the user with a coercive user interface. Even if you do not enable these backups, there is a good chance your conversation partner did, which compromises the integrity of the end-to-end encryption for both of you.

Is WhatsApp anonymous?
No. You are required to provide your phone number — which, in many parts of the world, is synonymous with providing your government-issued ID. In addition, WhatsApp logs your IP address and directly associates it with your chat identity.

Is WhatsApp easy to shut down?
Not really, given the scale of Facebook and the nature of public corporations. However, it is very likely that WhatsApp could be forced to include a backdoor into their clients. There would be no way around this, as the clients are all proprietary. With all other messaging apps in this list, one could simply download the code prior to the backdoor, build it, and run that version of the client which still correctly encrypts the messages. Decentralized messaging architectures such as Status or Matrix would be even more resilient against such coercion, as there would be no central servers to shut down.

Matrix
What can federated Matrix servers see?
All the metadata, but none of the content. They can see your profile picture, your private room aliases, your device names, who you talk to, and when. They can see who is a member of a given private room, the room icon, the room name, and which members are the administrators of said room. They can see who talks and when in private rooms. But your messages, pictures and files are all end-to-end encrypted by default.

Although some home Threema
What can Threema servers see?

Some of the metadata, and none of the content. They can see who you talk to, and when, and they can trivially infer group membership as their servers have access to sender/recipient metadata. But your messages, pictures, attachments, profile pictures and calls are all end-to-end encrypted. Server implementations have stopped storing this metadata by default, all home servers still have the technical ability to access it. Some of these metadata issues may be resolved with the latest developments in P2P Matrix, but it is unclear as to whether or not this will be effective in regards to room metadata such as membership or administrator privileges.

It should be noted that the relative ease of hosting your own Matrix server diminishes the value of any metadata leaks. If all of your contacts use a Matrix server that you trust (which could be one that you host), it doesn't matter if the server can see this metadata. However, in practice, most people just use someone else's server (such as the matrix.org one).

https://www.androidauthority.com/best-private-messenger-apps-android-874436/
Comparison-table-02.2021-3 (1).jpg

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!