Advocating Messaging Apps

I was reading an EFF thing about Data Privacy Day and I think over the last couple of years we have a problem with the advocacy of privacy respecting chat apps. The problem is that either the advice isn't very good, or it doesn't differentiate enough between threat models.

Different apps may be better suited for different threat models, and usually the message coming from privacy-related campaigns is something like: install Signal! INSTALL SIGNAL NOW OMG WTF!!!

This may not always be the best advice. There are common situations where installing Signal may be the opposite of the best thing to do, and Signal has quite a lot of problems which are usually not mentioned at all.

Bulk interception

If your main threat is metadata retrieval from bulk interception (remember the "We kill people with metadata" quote from some US militarist) then advocating Signal or WhatsApp as the above EFF article does is not going to solve your problem. In the best case scenario those apps may protect the content of messages, but the metadata is fully exposed. Both apps depend on the infrastructure of companies who are the biggest data miners on the planet. These are companies who employ very smart people to figure out ways to reconstruct social relationships from log files, and do that as a full time job.

If you're organising for a union or a protest, or any type of social activity which your government may not like, then using apps which don't protect the metadata immediately gives your opponent the upper hand and maximizes the potential that whatever you're doing will be shut down before it gets started.

To mitigate this type of threat you need to be using apps which can be onion routed through Orbot. The main ones are Conversations, based on XMPP, and the Tox reference implementation (TRifA). Possibly in future there might also be Briar.

Neighborhood threat

The other main threat model is some individual or group in your geographical neighborhood. Gangsters, bad family members, random low level crooks/thugs, bad relationships or ex-lovers, over-zealous parents, stalkers or the crazy neighbor from hell. For this scenario Signal and WhatsApp might be sufficient, but beware of the fact that they're based on using phone numbers. It may be relatively easy for a local troll to find out what your phone number is. So preferably choose apps which don't depend on phone numbers. Things like Conversations and Tox, as above, or also Riot, Ring and any others which support end-to-end encryption. Much of the choice depends upon what other people are using and how much consensus you can get around that, but whatever you choose make sure it has end-to-end security, preferably enabled by default.