The internet has given us unprecedented access to information and each other, but that can come at a cost. Despite the widespread use of end-to-end encryption, which is one of the most effective ways to send secure messages, it still isn’t guaranteed that a text sent via an encrypted messaging app will stay private.
In early September of this year, the nonprofit newsroom ProPublica released a report about how Facebook could potentially view the private messages of 2 billion WhatsApp users, despite having end-to-end encryption built into the application. One of the most secure systems of communication, end-to-end encryption scrambles messages that are “unlocked” by cryptographic keys that only the sender and recipient have. This ensures that the messages are not read or modified by an unauthorized person.
On the consumer side, one of the biggest appeals of messaging apps with end-to-end encryption, like WhatsApp and its competitors Signal and Telegram, is the promise of privacy. Although many people would prefer that their messages stay private, in some cases, end-to-end encryption might be necessary for someone’s safety, such as journalists, law enforcement officers, and other high-profile targets.
Privacy Is No Guarantee
But that’s the thing about internet privacy: it’s impossible to guarantee it. The issue with Facebook isn’t that it violates its own commitment to end-to-end encryption, but that people other than the sender and recipients can read a message at all. In their report, ProPublica explains that WhatsApp employs over 1,000 moderators who review messages flagged by users as possibly abusive, which are automatically reported to the company. The moderation team also monitors messages for spam, disinformation, hate speech, potential terrorist threats, child sexual abuse material (CSAM), blackmail, and “sexually oriented businesses.”
Once these messages are up for review, WhatsApp then gains access to more than just the one reported message, including information that isn’t encrypted, like data about the sender and their account. Although these monitoring procedures are an integral part of any successful messaging platform, it goes to show that end-to-end encryption still does not guarantee true privacy.
Free Apps Are Not Free
But we’ve seen the recent events with WhatsApp before. A free app might not cost you money to download, but it’s usually never truly free. For example, Facebook and many other social media platforms are free to use, but they make money by collecting data about its users and selling it to companies which then use the data to learn more about consumers and create targeted products and marketing campaigns.
We can go back even further with the beginning of Google in the late ‘90s, when it was an advertising and data company. Google spent years indexing the internet to make it easy to search, which gave it access to its own users. With this information, Google could accurately predict where and how a product or service would sell, getting more accurate with every search query. This is what enables companies to learn about consumer behavior to target potential customers, “retarget” existing ones, and predict future sales trends. These targeted paid ads can be as subtle as changing the order of your search results or as obvious as a paid ad banner on your screen.
Convenience Over Privacy
As with so many other breaking news about privacy on social media, the issue isn’t that total online privacy is impossible to reach. It’s that the average user, whether a business or a consumer, prefers convenience over privacy. Google might collect every single possible point of data about you, but it can also provide personalized shopping recommendations and notify you when it’s time to drive to an appointment.
That’s not to say that an online user like you or me should stop using mainstream platforms like WhatsApp, Facebook, or Google. Instead, what’s important is to be aware of why these services are free to use. Social media platforms require users to agree to their terms of service, which typically cover “loopholes” like flagged messages and content moderation. For users who are looking for more secure messaging apps with end-to-end encryption, some popular options include Signal, which is fully open source (meaning it can be examined for vulnerabilities by security researchers), and Telegram, which has a secret chat option that encrypts messages and bypasses cloud backup.
When it comes to sharing information online, whether it’s in a public social media post or a secured message sent with end-to-end encryption, there will always be at least some risk. This is not unique to the recent report about WhatsApp’s content moderation protocol, and as we continue to figure out how to balance user privacy with consumer demand for convenience, we can expect some obstacles along the way.