What to look for in a messenger

Because not all chat apps are made equal.

Hamish MacDonald
11 min readJul 27, 2020

Popular mainstream chat apps like Telegram, Facebook Messenger and Whatsapp claim privacy but what they’re perhaps best at is PR spin…

They hit key metrics in specific ways, letting people believe they are respecting their privacy, whilst continuing to fail their users in deliberate, technical ways.

It’s worth looking into the details, though it can be hard to know where to start. So I’d like to outline for you how other apps stack up against the Sylo Smart Wallet, to hopefully help you from falling for the others’ hype.

Choose a messenger that has:

#1: Proven end-to-end encryption by default

People act differently when they know they are being watched, or speak differently when they know their conversation is being listened to.
For real human-to-human authenticity online, we need privacy.
For privacy to exist, we need end-to-end encryption (E2EE).

Most popular applications don’t have end-to-end encryption at all, opting to ‘data mine’ — that is, to sell their users’ data as a way to make money.

Therefore, for real safety that you can trust and actual privacy — end-to-end encryption is absolutely required.

The first suggested rule to cryptography is — ‘Don’t roll your own crypto.’

This rule implies that instead of writing your own cryptographic protocols, developers should ‘use published, public, algorithms and protocols.

Cryptography is a very complex discipline and extremely important to implement correctly; one small error could open up a back door to exposing important private information.

The suggestion goes that new cryptography research projects are usually results of new requirements and built on learnings from a multitude of failures and fixes.

Telegram fails in this regard — by writing their own cryptography in-house from scratch, which is both unusual and suspicious when provably secure, audited, open-source options already exists.

Perhaps unexpectedly, Facebook’s Messenger and Facebook Whatsapp are actually relatively good examples of following the cryptography’s first rule, in that they have contracted the creators of Signal to integrate the secure Signal Protocol for messaging. The Signal Protocol is an open-source cryptographic protocol with end-to-end encryption.

However, the little phrase “…by default” is the tell-tale gotcha in their policies.

Facebook Messenger along with Telegram fail in this regard, having purposefully created insecure, un-encrypted chats by default and requiring users to specifically create a ‘secret’ chat in order to actually have privacy.

With Telegram, this secret chat function is further restricted to a single device for each participant, making it easier to accidentally use the un-encrypted default chat.

In contrast, the Sylo Smart Wallet app uses the Signal Protocol for chat messages and all communications are end-to-end encrypted in totality.

With the Sylo Smart Wallet, users control their own encryption key.

Sylo the company and Sylo employees cannot see your key, cannot read any of your messages, and will never ask for your key. You alone control your key and you need to keep it safe. All user data sent with Sylo is end-to-end encrypted with your key.

For a deeper look at our use of encryption at Sylo, keep reading here.

#2: Open-source to prove claims

A privacy-focused application needs to be open-source so that it can be verified that the creators are actually doing what they claim they are. It is not an expectation that every standard user of the app would verify the code for themselves. It is only important that professional developers and auditing companies are able to. Studies can be done, reports can be made and bugs can be reported before users are exploited.

As they are fully closed source and without intention to open, there is no way to check if Facebook is actually doing what they claim with their end-to-end encryption in Whatsapp and Facebook Messenger Secret Conversations.

Worse, specific app sandboxing permissions could allow full access between Facebook’s apps to your un-encrypted data.

There is no proof that they are doing anything malicious, but the ability is there and there isn’t a way to check if they are doing right by their users or not.

Given their misuse of user data in the past, the real question is, do you trust Facebook?

Sylo, being the highly experimental and ambitious project that we are, is currently closed source. However, we do have a plan and a path to becoming open-source.

When Sylo’s source is released, you’ll see that we are doing what we claim — we are decentralised and we take your privacy very seriously.

#3: No private data required

There is no reason a messenger needs to know your personal details.

A messenger’s business is getting your encrypted data from A to B, they don’t need to know the where, who or what.

iMessage is an example of a messenger who ticks many boxes, but… with the amount of personal information they verifiably know about most Apple users, there is a multitude of incredibly high-quality metadata to be collected about their users, even if everything was perfect with their close source, end-to-end encryption.

Even Signal, one of the most trusted encrypted messengers, still requires a phone number in order to be used. This ties your safe account to a verified public and verifiable deanonymising data point and gatherable metadata to your and your contacts identities.

A recent surprise Signal update required users to “set a pin” in order to access their messages and contacts — upon doing so, without any explanation, their contact list was uploaded to Signal’s centralised servers.

Let me give you an example of the real world implications of this.

For the Chinese government, Telegram enabled the brute-force cross-referencing of searchable accounts’ required phone number’s in order to deanonymise Hong Kong protestors.

In just this single example, the requirement of personal data for every Telegram account enabled a reported 900 inhumane arrests as a result.

Whatsapp similarly requires a phone number > deanonymising accounts. Along with the fact that the company and app are owned by Facebook, it’s undoubtable that they will be doing everything they can to tie shadow accounts or real accounts to mass collection of metadata about their users.

In contrast, Sylo does not require (or want!) any personal information at all to create an account. Not your phone number, not your email, not your real name.

We don’t have any use for your personal data, and neither does any other messenger.

#4: Easy to use

Just like the photography quote, ‘The best camera is the one that’s with you’, the best security tools are the ones that you actually use.

It doesn’t matter if you have the most unbreakable, perfectly secure communication tool, if it is so cumbersome to use that you never actually use it.

To make a security-focused tool easy to use, it must have a simple user experience and understandable UI.

A messenger shouldn’t misrepresent its capabilities, or have pitfalls where a user feels safe while exposing private data — that is, either by a user’s accident or by it’s creators design.

With end-to-end encryption the “…by default” is definitely the real ‘gotcha’. If security is not ‘by default’ but rather ‘opt-in’, then most will not use it.

Worse are the deliberate hurdles set in place to cause people not to bother or to make users believe that default chats are private when actually, they are data-mined.

Making encryption opt-in-only is one of the worst ways to keep people safe while still claiming to offer security and privacy. I would argue that this practice is actively malicious.

The proof of this is plain to see in the mainstream market — Telegram and Facebook Messenger both make great PR and advertising claims about how their end-to-end encrypted offerings prioritise their users’ privacy and safety… then make it annoying to use, hard to find and with various hoops to jump through to get there.

Here are a few examples below:

  • ‘Facebook Messenger Secret Conversation’ and ‘Telegram Secret Chat’ both create duplicate separate chats that only support one-to-one messaging. You must then remember to keep using that special ‘secret’ chat, rather than the default, not-encrypted chat with that contact.
  • Telegram secret chats are locked to your specific device that created it or that replied to it first.
  • Facebook Messenger secret conversations and Telegram secret chats are not supported on their desktop versions.
  • The secure chat is a duplicate, making it easy to pick the non-encrypted one by mistake.
  • Facebook Messenger secret conversations and Telegram secret chats are limited to one other participant only.

These all make it easier to fall back to using their default, not-encrypted conversation channel, where they can continue mining your data. That is, if you even remember about the secure option.

#5: Clear communication when data policy is changed or user data is acquired

I mentioned it above already but a recent surprise Signal update required users to “set a pin” in order to access their messages and contacts — then upon doing so, without any explanation, users’ contact lists were uploaded to Signal’s centralised servers.

This is unacceptable and sparked a round of “outrage driven development” where due to user complaints, Signal then promised to make this ^ step optional… after assumably having already converted most of their users’ accounts.

Similar apps like Facebook Messenger and Telegram have already centralised your contact list on their servers by default. They will also upload all of your phonebook’s contact data if you give them permission, and if you don’t, they will repetitively nag you for access. (That is, if they even let you continue to use their app without that invasive unnecessary access.)

Facebook has a long history of covert and invasive user data collection. It’s how they make money, after all. They simply cannot be trusted with your privacy and safety.

Here are a few examples to jog your memory:

#6: Decentralised & Peer-to-Peer

Using decentralised and peer-to-peer technology means avoiding using central servers for passing messages and data.

Most mainstream services use central servers today, which over time increases a temptation to exploit the ever-growing pool of user data (whether by the owner or an attacker) that runs through the central point. By using decentralised and peer-to-peer services, this possibility is eliminated.

When one company controls the server code, all server hardware and the app code, they can make any changes to any account(s), at any point — no matter the security they claim to provide.

You want a company building a privacy-focused communication tool to be physically and technically unable to vacuum up your data, not just promise that they won’t.

Enabling anyone, including users themselves, to run their own infrastructure contributing servers like Sylo does is a major step to de-risking and reducing trust requirements.

Here’s a recent example of why decentralisation is important — the recent social-engineering Twitter hack.

Hackers convinced a Twitter employee to use internal centralised account administration tools which allow employees to take over accounts, read messages and fully control the account. The hackers were able to post Bitcoin scam tweets from famous people and companies such as Barack Obama, Elon Musk, Kanye West, Bill Gates, Mike Bloomberg, Coinbase, and Gemini.

You want more examples? Sure, okay…

Facebook employees using their privilege access to user data to stalk women…

Snapchat workers had a tool called Snaplion that provides information on users…

And MySpace employees abused a tool called “Overlord” to spy on users during the site’s heyday.

In contrast, Sylo is fully decentralised. Using the Sylo Smart Wallet, your end-to-end encrypted data is routed through third-party nodes, not servers run by one company.

Bonus — You will soon be able to get involved and contribute to the strength and privacy of the network by running your own Sylo Node.

#7: Encrypted temporary storage

You can have all the end-to-end delivery security perfect and still be spied upon via your chat history back-ups, like with iCloud backups of iMessage history. Apple’s tools are closed-source, where you do not hold your encryption keys, they do.

I’ve mentioned it already in this article but owner grouped app sandboxing permissions technically allow full access between the Facebook apps.

What does that mean?

It means the Facebook app, Facebook Messenger app, Instagram app, and the Whatsapp app all have access to your un-encrypted chat data.

Ideally once a message is securely delivered, it no longer needs to exist on any cloud server. If a user wants this data backed up, it needs to be encrypted by the user, with keys that only they control, and stored safely — ideally, encrypted again, by the storage provider.

Hopefully this has shed some light on what is best to look for in a messenger. I encourage you to choose carefully. If you have any questions, please submit them to us on social, we always love to hear from you.

Experience the Sylo Smart Wallet now by downloading from the Google Play or Apple App stores.

For emerging announcements, follow us on Twitter, Telegram or visit www.sylo.io

--

--