Illusions of security

Recently, organizers of the dissemination of information in Russia were obliged to collect and transmit information about users. The list of required information includes: User ID; Date and time of registration (in case service agreement was signed — date and time when this agreement was signed); Alias; Last name, first name, patronymic; Date of birth; Residence address specified by the user; Passport data and data of any other identity documents; The list of languages the user is proficient in; The list of relatives, specified by the user; Information about accounts in other services; Date and time of authorisation and logout from the server; IP-address; Contact data (phone number and e-mail address); Application, which is used by this user; Text messages; Records of audio and video calls; Transferred files; Data on made payments; Location.

We, the ELEET developers team, are the supporters of private communication and free exchange of information. Personal privacy and the right to personal correspondence are an indefeasible right of every person — this principle is the foundation of the development of our application. The data listed in the direction above will never be transferred to a third party. First of all, this is unacceptable. Secondly, the collection of such information is completely unimplementable and impossible from the programmable side of ELEET.

What is going on?

In recent years, the development of messengers has been moving at a very rapid pace — not all trends can be considered positive. Almost any modern messenger emphasizes “security” and “anonymity” in its marketing strategy. This is totally natural: such issues seriously aroused common people since the known story of Edward Snowden.

But does the development of messengers, in fact, at the same time expands access to private communication, increases infosecurity of users? I wish I could say yes, but … let’s discuss this issue in more detail.

Discourse about privacy

In response to politicians speaking about the dangers of anonymity on the Internet and the need to control information flows over the network (in particular over messengers), almost all IT companies tend to advertise themselves through promises to keep privacy.

Often they deliberately come into conflict with the authorities, when the State requires to provide access to the correspondence of users. Such stories are widely publicized in the media, and they are being debated everywhere … until the conflict is somehow cancelled out.

Now, when the problem of terrorism has become very intense worldwide, the prevailing discourse is particularly acute. Opponents of the right to privacy are shocked by the known facts: terrorists use popular messengers to plan and coordinate their activities.

The developers of these applications have a fair objection: law-abiding people should not be infringed upon due to the fact that someone can use freedom for criminal purposes. Moreover, terrorism existed long before even mobile phones, not to mention the wider Internet communication.

All this creates the public illusion: allegedly, most of the IT companies are really actively fighting for the right to privacy. Is it true in reality?

Unfortunately, no.

In fact, we do not live in a world of cyberpunk, where larger corporations are stronger than the State. In our reality, the opposite is true, and so most developers of software and gadgets only pretend that they are willing to protect the personal data of their users to the last. A comfortable business environment is a much higher priority for them than human rights.

Yes, many modern messengers use advanced encryption. Many IT companies are saying that they do not provide the authorities with any data passing through the systems they created.

But in practice, not only the State regularly gets access to the information it wants — this is often easy to accomplish even for a simple criminal. Remember the scandals with intimate photographs of celebrities, twice massively “leaking” from the popular cloud storage! Then the developer company, of course, blamed the victims themselves, but …

Let’s get real. If a certain messenger is positioned as completely trustworthy in terms of information security, but requires a mobile phone number for registration — can you treat the words of its creators seriously? Everyone knows how wide cellular tracking features are: it is easy to determine not only the identity of the SIM card owner, but even his exact location. The system, which promises full security, is originally built on its flagrant violation.

How do developers explain this? In a pretty funny way: they’re trying to convince users that authorization via a mobile phone is just an effective measure of protection against hacking! But this is a lie, at least because the cases of creating a duplicate SIM card to bypass SMS authorization are widely known, and are very common.

And the public discourse about privacy itself is gradually tilting towards that part of Overton window that has an opinion about the dangers of Internet-anonymity and encrypted communication. After each terrorist attack, we are inadvertently reported: by the way, the villains chatted through this application… alas, such manipulation of public opinion gives the desired effect.

And we’re not comfortable with that.

Eleet doesn’t recognise trade-offs

We are firmly convinced that privacy, the ability to be anonymous on the net is a completely natural, inalienable right of every human being. As you can see, Eleet Private Messenger begins to implement this paradigm from the time of your registration — no phone number is required.

We have also introduced a lot of other solutions that guarantee secure communication. For sure, many of the ELEET functions are displeased by the authorities — it will just suffice to mention a “PIN code to delete”, which allows to send a command to complete clean up all the information transmitted and received (and it looks like the user is entering a regular password).

We are not going to change our views, and we intend to pursue that course. Despite everything that has been described above, it is still possible to defend the full privacy of Internet communications, and the very existence of our application is the conclusive proof.

No compromises, no matter what.