Page Body

Page Main

Post Main

Post Article

Micah Lee breaks down some important distinctions between Signal and its ostensible competitors.

But it’s important to keep in mind that, even with the Signal protocol in place, WhatsApp’s servers can still see messages that users send through the service. They can’t see what’s inside the messages, but they can see who is sending a message to whom and when. And according to the WhatsApp privacy policy, the company reserves the right to record this information, otherwise known as message metadata, and give it to governments.

Finally, online backups are a gaping hole in the security of WhatsApp messages. End-to-end encryption only refers to how messages are encrypted when they’re sent over the internet, not while they’re stored on your phone. Once messages are on your phone, they rely on your phone’s built-in encryption to keep them safe (which is why it’s important to use a strong passcode). If you choose to back up your phone to the cloud — such as to your Google account if you’re an Android user or your iCloud account if you’re an iPhone user — then you’re handing the content of your messages to your backup service provider.

By default, WhatsApp stores its messages in a way that allows them to be backed up to the cloud by iOS or Android. WhatsApp does let you remove your chats from these cloud backups if you go out of your way to do so, which I recommend you do, if you use WhatsApp to discuss anything sensitive.

The technology behind Allo looks very cool, but it’s moving in the wrong direction with regard to privacy. If privacy is important to you, you should use a messaging app that encrypts messages by default instead.

Along with Allo, Google is also releasing a new video calling app called Duo. Unlike Allo, all video calls in Duo will be end-to-end encrypted by default. Google isn’t releasing details — how the encryption works, if it’s possible for users to independently verify that it’s secure, or if metadata of the calls will be retained on Google’s servers — until it’s publicly released.

Allo and Duo will both be covered under Google’s privacy policy. Unfortunately, this policy doesn’t break out details about specific Google products.

Paul Ciano

Enjoyed this post?

Let me know you appreciate it by signing up for my newsletter.