The WhatsApp Cybersecurity debate
It really does have a lot of issues
Disclaimer: This post is written for those with no or limited Cybersecurity understanding.
We all use WhatsApp and it is one of the most utilised within our groups of families and friends. I introduced many of you to it about five years ago, but since Facebook took over the company in 2014 I have been hesitant with its privacy. Even Facebook are aware of this and recently announced they will never charge for the application.
WhatsApp has failed almost EVERY criteria in a scathing new online privacy reports and even terrorists won’t use it. See here from a previous post I wrote . The recommendation is either use iMessage or Telegram. There are even more secure messaging apps out there, but for a balance of usability and functions, you cannot go wrong with one of these two. Telegram can be downloaded from here .
So we know Apple have a good Cybersecurity Policy but why Telgram? They ensure passwords, secret chats and encryption for end to end conversations. Detailed info here .
Detailed information for those who want to know more or understand the technical bits
The Electronic Frontier Foundation – dubbed EFF – ranked the biggest technology companies in the world, based on how transparent and protective they are of their users’ data.
Let us just say WhatsApp did not come very high on the list ..this is what the report found.
WhatsApp earns one star in this year’s Who Has Your Back report. This is WhatsApp’s first year in the report, and although EFF gave the company a full year to prepare for its inclusion in the report, it has adopted none of the best practices identified as part of the report.
We appreciate the steps that WhatsApp’s parent company Facebook has taken to stand by its users, but there is room for WhatsApp to improve. WhatsApp should publicly require a warrant before turning over user content, publish a law enforcement guide and transparency report, have a stronger policy of informing users of government requests, and disclose its data retention policies. WhatsApp does get credit for Facebook’s public position opposing back doors, and we commend Facebook for that.
Industry-Accepted Best Practices. WhatsApp does not publicly require a warrant before giving content to law enforcement. WhatsApp does not publish a transparency report or a law enforcement guide.
Inform users about government data demands. WhatsApp does not promise to provide advance notice to users about government data demands.
Disclose data retention policies. WhatsApp does not publish information about its data retention policies, including retention of IP addresses and deleted content.
Disclose content removal requests. WhatsApp does not host content nor do we have reason to believe it receives account closure requests domestically, and thus this category is not applicable.
Pro-user public policy: oppose backdoors. In a public, official written format, WhatsApp’ parent company Facebook opposes the compelled inclusion of deliberate security weaknesses. On behalf of itself as well as WhatsApp, Facebook signed a coalition letter organized by the Open Technology Institute, which stated:
We urge you to reject any proposal that U.S. companies deliberately weaken the security of our products… Whether you call them “front doors” or “back doors,” introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.”
Table of companies ranked here
Table of applications ranked here