Is Your Messaging App Spying on Your Personal Chats?

Opinion: End-to-end encryption should be applied by default

Privacy and security must be the default mode matejmo/iStock

The handling of consumer data has become a controversial topic in recent weeks. For many internet giants, consumer data is their core asset, except that rather than having to pay for it outright, it is given to them for free by us, their users.

Social and messaging platforms are based on the implicit exchange of users posting personal information about their lives in return for various tools to share that information. Most terms of service state that the user controls all of the information they post and how it is shared. However, it’s becoming clear that the platforms themselves actually control user data and do with it whatever they want, sometimes with disastrous and opaque consequences.

These platforms are a treasure trove of information, chronicling the most precious memories of our lives that we have voluntarily posted for friends and family. However, these moments are sometimes being shared with third parties without our educated consent or knowledge.

Have you ever noticed advertisements promoting pizza places popping up in your Facebook News Feed after you just messaged a friend about going for pizza tonight? That’s no accident—it’s a business.

Some will say that it is in your interest to bring you some value while you’re writing your chats. Make no mistake: It is actually the value the social network can make while reading your chats.

Choosing the right messaging application is a lot like choosing the right partner. In fact, your relationship with your favorite mobile messaging app is probably the most intimate you have because through it, you interact with the most important people of your life. You need to be sure you can trust the app to keep your information safe, and that it won’t compromise your privacy when the highest bidder comes along.

End-to-end encryption is a technical term that’s tossed around a lot, but it’s not hard to understand. It simply means that your content—whether its messages, photos, videos or voice and video calls—is scrambled (or “hashed,” to use the fancy term) from the moment it’s sent from one device until it reaches your intended recipient.

This content cannot be read in the middle of transit by anyone else, not even the central servers of the messaging app ensuring the transmission. Once the data has been delivered to the recipient, no chat content is stored on the central servers. If there is a problem delivering the message, it may remain encrypted for limited time until the receiver gets it, and then disappear from the server once it has been delivered. Only the recipient’s device has the key to decrypt the scrambled message that was intended to him or her, and the platform does not have access to the key.

Many messaging apps allow you to access personal chats through any internet browser with a login and a password. To achieve this, the content of the messages must be stored decrypted on a central server. In this case, end-to-end encryption cannot be implemented, which immediately puts your privacy at risk. Your chats can suddenly go from being privately shared by friends and family to becoming readable and usable for advertising purposes, shareable with any third party or susceptible to hacking.

In today’s high-risk security environment, we need platforms that enshrine the importance of consumer privacy and the right to be safe and secure without having to stop sharing information altogether. Messaging apps with end-to-end encryption on all one-on-one conversations, group chats and calls offer users an appropriate layer of protection. It’s important that these apps do not have access to, and therefore cannot read, the messages that their users send.

These security measures should be applied by default, without the need for users to go through a maze of endless settings to enable encryption as an option. Privacy and security must be the default mode. Exposing your content can be an option for a consumer fully aware of the data he is sharing and for what purpose.

Our sharing of day-to-day and minute-by-minute activities increases every year—so should our privacy rights and protections increase alongside. Make sure passionate advocates of privacy are taking words into reality and applying end-to-end encryption by default. This way, you know when you are a user with privacy or when your privacy is being abused.

Djamel Agaoua is CEO of messaging app Viber.