The founders of WhatsApp never meant for it to be this way.
When Brian Acton and Jan Koum launched the messaging app 11 years ago, Acton’s motto was: “No ads, no games, no gimmicks." He wanted their aims to be transparent and the needs of users to be put first. Koum, who grew up in the Eastern Bloc in the 1980s, had a very personal commitment to making his app private and secure.
Today, however, Acton and Koum are long gone, and WhatsApp is engulfed in another row over privacy. Changes to the app's terms of service, which state that information gathered by WhatsApp will be shared with Facebook, have caused consternation and confusion. The truth about which data stays private and which doesn't is either buried in pages of legalese, or being revealed in short emailed statements to enquiring journalists. People don't know where they stand, and many are bailing out.
It was evident when Facebook bought WhatsApp for $19 billion in 2014 that it would make for an uneasy partnership. Shortly after the purchase, WhatsApp rolled out advanced end-to-end encryption, ensuring that only you and the recipient could see messages, and they’d be invisible to the companies themselves.
This would, on the face of it, be an anathema to Facebook, whose business model is predicated upon using its knowledge of your habits to serve you things you want to see (at least in theory).
But today, WhatsApp messages are still secure; end-to-end encryption still exists and your communications can’t be read by a third party. It does, however, reserve the right to collect other information, such as when and how you use the service, your location, contacts, transaction and payment data. And that’s the information which is making its way back to Facebook.
"WhatsApp is great for protecting the privacy of your message content," said cryptographer Matthew Green in interview with technology magazine Wired. "But it feels like the privacy of everything else you do is up for grabs."
In truth, WhatsApp has been sharing this information with Facebook for years unless you explicitly opted out. These new terms of service just shine a spotlight on it.
WhatsApp has now clarified that the opt-out will stay in place for those who chose it and nothing fundamental will change for anyone else, either. The new terms of service, they say, merely allow businesses you chat to on WhatsApp to use Facebook infrastructure to store those conversations, rather than have to store them themselves. What this means in practice isn’t yet clear; what is evident is that the privacy-conscious are actively exploring other options.
Here are five of them.
"Use Signal," tweeted entrepreneur Elon Musk on Thursday as WhatsApp's new terms of service were unveiled. This exhortation caused a surge of people to join the platform and temporarily caused its sign-up process to become overloaded.
Signal is an obvious alternative: it’s open source, funded by grants and donations, run by a foundation rather than a tech giant, and has long been used and admired by privacy activists. All your messages (and even stickers!) are end-to-end encrypted, and the only information the company has about you is your phone number. It can’t share any data with anyone, because it has nothing to share.
With a centre of operations based in Dubai, Telegram already has somewhere approaching half a billion users, attracted by its visual similarity to WhatsApp, the ability to transfer large files, and its “Secret Chat” mode, which uses its own high-grade encryption system.
However, outside Secret Chat, there is no end-to-end encryption, and the app “may” (according to its terms of service) collect similar metadata to the kind collected by WhatsApp.
Just before Christmas, founder Pavel Durov indicated that he is planning to start monetising the app. What shape this takes, and whether it will involve a form of advertising, isn’t yet known.
As the saying goes, “if a service is free, then you are the product”. Threema gets around the tricky problem of monetisation by charging for its app.
Popular in Germany, Austria and Switzerland for many years, it features the usual end-to-end encryption, but also allows you to create an account without providing an email address or phone number, making your usage of the service completely anonymous.
However, its user base outside Europe is relatively small, so you'll have to persuade friends to sign up for it to be useful.
Formerly called Riot, and before that Vector, Element’s interface may not be as slick and user-friendly as those of its competitors, but it makes use of the Matrix protocol, which boasts of being “open source, decentralised and secure".
What that means, in practice, is that all messages can be sent using end-to-end encryption but also, thanks to “bridges” provided by the Matrix community, you can send messages to users of other services, eg iMessage, Facebook Messenger, Skype and WhatsApp itself.
One of two messenger apps authorised for use by the US military (the other being Signal), Wickr Me is the younger brother of Wickr, an app directed at security-conscious businesses.
Again, you don’t need a phone number or email address to sign up, messages are end-to-end encrypted, and all content is ephemeral, ie sent messages and attachments self-destruct after a set period of time, whether received or not.
This could be problematic if the recipient doesn’t read the message before it disappears, but it is reassuringly private.