Messaging Apps Vary Widely When It Comes to Privacy
September 26 2016 - 4:33PM
Dow Jones News
By Nathan Olivarez-Giles
When it comes to users' privacy, messaging apps can vary widely
-- a fact that came to a head when Alphabet Inc.'s Google released
its new Allo app. The messenger performs novel tricks like
suggesting what to say next, but it does it by analyzing the
contents of users' messages.
Edward Snowden, the former National Security Agency contractor,
called the app "Google Surveillance" in a tweet, and some security
experts recommended skipping the download, which was released last
week.
Messaging services that are considered the most private
exclusively use end-to-end encryption. That is, messages stay
encrypted as they move from sender to recipient. Even if they pass
through or are stored on a server, they are encrypted in a way that
the service provider can't read them. Facebook Inc.'s WhatsApp,
Apple Inc.'s iMessage and the Signal app by Open Whisper Systems
always use end-to-end encryption.
Some apps, like Facebook Messenger and Google Allo, offer
end-to-end encryption in special private messaging modes that users
must turn on -- something most people don't do.
"End-to-end encryption can prevent you from being snooped on,
and prevent your personal and private information from being stolen
as well, " said Christopher Soghoian, an online privacy expert at
the American Civil Liberties Union. "The reason why some companies
like Google and Facebook don't use this by default is they're
willing to sacrifice your privacy to build features like chatbots
and response predictions that aren't that useful."
Google analyzes unencrypted chats to perform a service, such as
suggest automatic replies or recommend restaurants and movies.
Facebook Messenger does something similar using auto-responding
bots. But that also means that, legally, the companies could be
ordered by a court to turn chat transcripts over to government
agencies.
"We've given users transparency and control over their data in
Google Allo," a Google spokeswoman said. "And our approach is
simple -- your chat history is saved for you until you choose to
delete it."
Facebook cited several reasons for not making end-to-end
encryption a default, including Messenger's multidevice presence,
its rich multimedia features and its prominence on desktop web
browsers.
"Many people accessing Facebook and Messenger in certain parts
of the world aren't able to run JavaScript on their devices. We
would not be able to support those people at all if we turned on
[end-to-end encrypted] secret conversations by default," said a
Facebook spokeswoman.
Other services, including Snapchat and WeChat, encrypt messages
as they are transmitted, so that hackers can't intercept them. But
they retain the encryption keys which can access the messages. They
too might be required to hand over the contents under court
order.
Still, even end-to-end encryption doesn't spell 100% guaranteed
privacy, say the experts.
"Encryption methods can be cracked," said Matthew Green, a
privacy and cryptography expert at Johns Hopkins University, "but
it's the best tool that we have in protecting ourselves in
smartphone messaging apps today."
Write to Nathan Olivarez-Giles at
Nathan.Olivarez-giles@wsj.com
(END) Dow Jones Newswires
September 26, 2016 16:18 ET (20:18 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Aug 2024 to Sep 2024
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Sep 2023 to Sep 2024