What are the features of a secure and private communication service?

Español - Italiano

Index

Metadata collection

• Minimum: the service stores only the metadata necessary for its correct operation. Most metadata is protected and unreadable by the server and third parties. Application: Signal.
• Limited: the service stores some additional metadata in addition to those necessary for its correct operation. Metadata can only be read by the server. Application: Telegram, Wire.
• Complete: the service stores a large amount of additional metadata in addition to those necessary for its correct operation. Metadata can be read by the server and by third parties. Application: WhatsApp.

Analysis: metadata provides additional information (date and time, participants, locations, IPs, etc.) on user activities while not allowing you to read the content of exchanged data. In fact, metadata is used for user profiling and mass control by government authorities.

Signal stores profile and group data, contacts, application settings and the list of blocked users via Secure Value Recovery (SVR). Moreover, it also stores metadata: date and time of registration and date of last connection. Finally, it provides the possibility of masking the sender of a message while leaving the date and time, sender IP and recipient IP visible. Telegram stores phone number and profile data (name, username, picture and description). Moreover, it may store metadata: IP, devices and application versions used, username change history, etc. for up to 12 months. Wire stores profile data (name, username, image and colour) and application settings. Furthermore, it stores metadata: users (date and time of registration, IP geographic coordinates, devices and their labels, passwords) and conversations (date and time of creation, creator, name, list of participants (name, devices and role)). Finally, Wire stores the logs for up to 72 hours. WhatsApp stores data: phone number, profile (name, picture), transactions and payments, statuses and conversations. It also stores metadata: frequency and duration of conversations, IP, time zone, language, location information (GPS, Bluetooth, WiFi, and cellular ISP network), devices (information and performance), application versions used, location, diagnostic information, Facebook unique identifier, etc. some for an indefinite amount of time. Finally, it shares data and metadata with third parties such as Facebook, Onavo, Oculos, CrowdTangle, etc.

Conclusion: minimising the amount of metadata collected is a fundamental requirement for any communication service.

Vulnerabilities list

• Low: the defect can only be exploited in particular situations and causes consequences limited to the confidentiality of the data (confidentiality, integrity and availability). Application: Signal.
• Medium: the defect can be exploited in particular situations and can cause partial compromise of the confidentiality of the data (confidentiality, integrity and availability). Application: Signal, Telegram, Wire.
• High: the defect can be exploited by a local attacker and causes the compromise of the confidentiality of the data (confidentiality, integrity and availability). Application: Signal, Telegram, WhatsApp, Wire.
• Critical: the defect can be exploited by a remote attacker and causes the total compromise of data confidentiality (confidentiality, integrity and availability) without the need for user interaction. Application: WhatsApp, Wire.

Analysis: a computer system is subject to threats, vulnerabilities and attacks, the purpose of which is to gain access to stored data and to compromise the availability of the service. There are no services or applications, especially communications, without vulnerabilities and the compromise of security and confidentiality depends on their extent. Note: the severity of known vulnerabilities does not guarantee the presence or absence of future vulnerabilities, but is a good indicator of the quality of design and implementation of a software.

Wire has fixed the vulnerabilities identified in the implementation of the protocol (CWE vulnerability: 5 medium level and 9 low level) and applications (CWE vulnerability: 1 high level, 5 medium level and 1 low level). Signal has fixed known vulnerabilities in applications (CVE vulnerability: 1 (1 disputed) critical level, 5 high level (1 disputed), 7 medium level and 1 low level (1 disputed)) according to the NIST NVD database. Telegram has fixed known vulnerabilities in applications (CVE vulnerability: 2 (2 alpha version) critical level, 8 (2 disputed) high level, 24 (4 disputed, 1 alpha version) medium level and 2 low level) according to NIST NVD database. Wire has fixed known vulnerabilities in applications (CVE vulnerability: 5 critical level, 6 high level, 16 medium level and 1 low level) according to the NIST NVD database. WhatsApp has fixed known vulnerabilities in applications (CVE vulnerability: 16 critical level, 14 high level, 11 (1 disputed) medium level and 1 low level) according to the NIST NVD database.

Conclusion: minimizing vulnerabilities, especially serious ones, is a fundamental requirement for any communication service.

Conclusions

The analysis shows the differences in terms of security and confidentiality of the services or communication applications most commonly used.

Signal and Wire offer a secure and confidential communication service. In particular, they use secure communication techniques and protocols, are completely open, have solid business models, minimize metadata collection, save data in users' devices and promote freedom of communication. The only shortcomings are the absence of a free FOSS version in the F-Droid catalogue for Signal and the lack of 2-factor authentication (2FA) for both. Signal, considered by many to be the state of the art of secure and confidential communication services, has recently introduced usernames, but does not support anonymous registration.

WhatsApp offers an unsecured and non confidential service. In fact, while using secure communication techniques and protocols, it is completely closed, the business model is based on users' data resulting in the collection of metadata, the data is stored in third party cloud without protection (e2e encryption is disabled by default) and supports censorship by actively collaborating with government authorities. WhatsApp also does not support usernames, requires you to upload your address book on the service servers and has been the subject of a large number of serious vulnerabilities.

Telegram offers a secure and confidential communication service. In particular, security and confidentiality in secret chats and audio/video calls are equivalent to those of Signal and Wire, while in private, group and voice chats and channels trust in service providers is required. The communication protocol is open and verified, the client side software is open and there is a free FOSS version on the F-Droid catalogue while the server side is closed. Metadata collection is limited while data is saved in the cloud. Telegram guarantees freedom of speech and counteracts censorship thanks to a solid business model. It also supports usernames and does not require you to upload your address book on the service's servers. Telegram has been the subject of some important, but not as serious vulnerabilities as WhatsApp. Finally, Telegram is part of a project known as The Open Network (TON) which provides for the creation of a decentralized censorship network, parallel to the Internet, completely open (also server side) and managed by a non-profit foundation by 2021 [1].

[1] The Open Network (TON) project is officially abandoned due to disagreements with the US authorities.

Final remarks

If you have nothing to hide, you have nothing to fear.

It's probably the most common thesis against the defenders of confidentiality. It argues that government surveillance programs do not threaten a person's privacy until they have nothing to hide.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. The fact that you don't care about this or that freedom today doesn't mean you can't care about it tomorrow." Edward Snowden, 2015

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Cardinal Richelieu, 1641

Freedom of speech and confidentiality of communication are fundamental rights.

A democracy as such must guarantee freedom of speech and the confidentiality of communication. A communications service should guarantee them and make them prevail over requests from government authorities and third parties.

"When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights." Edward Snowden, 2015

"Too many wrongly characterize the debate as security versus privacy. The real choice is liberty versus control." Bruce Schneier, 2009

"Privacy is not for sale, and human rights should not be compromised out of fear or greed." Pavel Durov, 2018

Why should we be concerned if absolute security and confidentiality do not exist?

There is no perfect communication service free of design or implementation defects. However, there are big differences between services whose aims are to respect the freedom of users and the community (Telegram, Signal, Element, Wire, etc.), and services whose aims are profit and mass control (Whatsapp, Facebook, Google, Apple, Microsoft, Amazon, etc.).

"Every one of us is going to die eventually, but we as a species will stick around for a while. That’s why I think accumulating money, fame or power is irrelevant. Serving humanity is the only thing that really matters in the long run." Pavel Durov, 2019

Conclusion: the user is free to choose the most appropriate communication service and in line with his ideas without forgetting that his choice also influences that of the other users with whom he communicates. Moreover, a lack of interest in the issues of security and confidentiality of communication cannot be a valid reason to force one's interlocutors to use a communication service known for not respecting these rights.

"A person's true value is not measured by the values he claims to uphold, but by what he is willing to do to protect them. If you don't hold true to the values you believe in, you probably don't believe in them all the way." Edward Snowden, 2015

"It's the actions that matter. Our thoughts, good as they may be, are false pearls until they are transformed into actions. Be the change you want to see in the world." Mahatma Gandhi, unknown

Bibliography

• Freedom Privacy over Internet (FPoI)
• Privacy tools
• PRISM mass anti-surveillance tools
• The Open Network (TON)
• On the security of WhatsApp and Telegram

License

This document is released under the license Creative Commons Attribution-ShareAlike CC BY-SA.