The second founder, Jan Koum, of WhatsApp has left Facebook, apparently over differences in dealing with encryption and the sharing of data of WhatsApp. The other founder, Brian Acton, had already left Facebook last September, over similar issues. He donated $50 million to the non-profit Signal Foundation earlier this year, and stated he wanted to work on transparent, open-source development and uncompromising data protection. (Koum on the other hand said he was going to spend time on collecting Porsches….) Previously the European Union fined Facebook 110 million Euro for lying about matching up data of Whatsapp with Facebook profiles when Facebook acquired Whatsapp in 2014. Facebook at the time said it couldn’t match Whatsapp and Facebook accounts automatically, then 2 years later did precisely that, while the technology for it already existed in 2014 of which Facebook was aware. Facbeook says “errors made in its 2014 filings were not intentional” Another “we’re sorry, honestly” moment for Facebook in a 15 year long apology tour since even before its inception.
I have WhatsApp on my phone but never use it to initiate contact. Some in my network however don’t use any alternatives.
The gold standard for messaging apps is Signal by Open Whisper Systems. Other applications such as Whatsapp, FB Messenger or Skype have actually incorporated Signal’s encryption technology (it’s open after all), but in un-testable ways (they’re not open after all). Signal is available on your phone and as desktop app (paired with your phone). It does require you to disclose a phone number, which is a drawback. I prefer using Signal, but the uptake of Signal is slow in western countries.
Other possible apps using end-to-end encryption are:
Threema, a Switzerland based application, I also use but not with many contacts. Trust levels in the application are partly based on exchanging keys when meeting face to face, adding a non-tech layer. It also claims to not store metadata (anonymous use possible, no phone necessary, not logging who communicates with whom, contact lists and groups locally on your device etc). Yet, the app itself isn’t open for inspection.
Telegram (originating in Russia, but now banned for not handing over encryption keys to Russian authorities, and now also banned in Iran, where it has 40 million users, 25% of its global user population.) I don’t use Telegram, and don’t know many in my network who do.
Interestingly the rise in using encrypted messaging is very high in countries high on the corruption perception index. It also shows how slowly Signal is growing in other countries.
VPN tools will allow you to circumvent blocking of an app, by pretending to be in a different country. However VPN, which is a standard application in all businesses allowing remote access to employees, itself is banned in various countries (or only allowed from ‘approved’ VPN suppliers, basically meaning bans of a messaging app will still be enforced).
Want to message me? Use Signal. Use Threema if you don’t want to disclose a phone number.