May 16, 2019 at 07:01Why WhatsApp Will Never Be Safe
- Transfer
The author of the column is Pavel Durov, founder of the Telegram messenger
The world seems shocked by the news that WhatsApp has turned any phone into a tracking device. Everything on your phone, including photos, emails and texts, was accessible to attackers only because you had WhatsApp installed.
However, this news did not surprise me. Last year, WhatsApp had to admit a very similar problem - a hacker could access all the data on your phone through a single video call .
Every time WhatsApp fixes a critical vulnerability in its application, a new one appears in its place. All security issues are well suited for surveillance, they look and work like backdoors.
Unlike Telegram, WhatsApp does not open the source code, so security researchers cannot easily check if there are backdoors. WhatsApp not only does not publish the code, they do exactly the opposite: WhatsApp specifically obfuscates the binary files of its applications so that no one can carefully study them.
Perhaps WhatsApp and its parent company Facebook are even required to implement backdoors - through secret processes such as secret orders from the FBI . It is not easy to launch a secure messenger while in the USA. During the week our team spent in the USA in 2016, FBI agents tried to penetrate us three times . Imagine what will happen to an American company in 10 years of work in such an environment.
I understand that power structures justify the installation of backdoors by anti-terrorist efforts. The problem is that such backdoors can also be used by criminals and authoritarian governments. No wonder dictators seem to love WhatsApp. The lack of security allows them to spy on their citizens, which is why WhatsApp is not blocked in countries such as Russia or Iran, where Telegram is prohibited by the authorities .
Actually, my work on Telegram was a direct response to personal pressure from the Russian authorities. Then, in 2012, WhatsApp was still sending messages in clear text. This is madness. Not only governments or hackers, but also mobile providers and WiFi administrators had access to all WhatsApp texts.
WhatsApp later added some encryption, which quickly turned out to be a marketing ploy: a message decryption key was available to at least several governments, including Russia . Then, when Telegram began to gain popularity, the founders of WhatsApp sold their company Facebook and said that they had "privacy built into DNA . " If true, then it is probably a sleeping or recessive gene.
Three years ago, WhatsApp announced that they had implemented end-to-end encryption, so “no third party can access the messages.” This coincided with an aggressive call for all users to back up their chats in the cloud. At the same time, WhatsApp did not tell users that when backed up, messages are no longer protected by end-to-end encryption and may be available to hackers and law enforcement agencies. Brilliant marketing, as a result of which some naive people are now serving a prison term .
Those who have not succumbed to the constant pop-ups that recommend creating backup copies of their chats can still be tracked with a number of tricks - from access to backup copies of contacts to inconspicuous changes to the encryption key. WhatsApp user-generated metadata - logs describing who communicates with whom and when - is leaked to all agencies in large volumes through the parent company . In addition, you get a set of critical vulnerabilities that succeed each other.
WhatsApp has a stable and consistent history, from zero encryption at creation to current vulnerabilities, strangely suitable for surveillance purposes. Looking back, there has not been a single day in their ten-year history when this service was safe. That's why I don’t think that simply updating the WhatsApp mobile app will make it safe. To become a privacy-oriented service, WhatsApp must risk the loss of entire markets and clash with authorities in its country. They do not seem ready for this..
Last year, WhatsApp founders left the company due to concerns about user privacy . They are definitely connected either by secret orders or by the NDA, therefore they cannot publicly discuss backdoors without risking losing their fortune and freedom. However, they were able to admit that they "sold the privacy of their users . "
I can understand the reluctance of the WhatsApp founders to provide more detailed information - it's not easy to jeopardize your comfort. Several years ago, I had to leave my country after refusing to comply with government-sanctioned violations of VK user’s privacy. It was unpleasant. But will I do something like this again? With pleasure. Each of us will die sooner or later, but we, as a species, will stay here for a while. That is why I think that the accumulation of money, fame or power does not matter. Serving humanity is the only thing that really matters in the long run.
And yet, despite our intentions, I feel that we have let down humanity in this entire WhatsApp spy story. Many people cannot stop using WhatsApp because their friends and family are still there. This means that we at Telegram did a poor job convincing people to switch. Although we have attracted hundreds of millions of users over the past five years, this has not been enough. Most Internet users are still held hostage by the Facebook / WhatsApp / Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable. Even those who completely abandoned WhatsApp are probably using Facebook or Instagram, both of which think it's ok to store your passwords in clear text.(I still can’t believe that a tech company can do something like this and get out of the water).
In almost six years of its existence, Telegram has not had any serious data leaks or security flaws, which WhatsApp shows every few months. Over the same six years, we revealed exactly zero bytes of data to third parties, while Facebook / WhatsApp share any information with almost everyone who claims to be working for the government .
Few outside the Telegram fan community realize that most of the new messaging features first appear on Telegram and then WhatsApp is copied to the smallest detail. More recently, we have witnessed Facebook’s attempt to borrow the whole philosophy of Telegram when Zuckerberg suddenly declared the importance of privacy and speed, practically verbally quoting the description of the Telegram application in his speech at the F8 conference.
But whining about FB's hypocrisy and lack of creativity won't help. We must admit that Facebook is implementing an effective strategy. See what they did with Snapchat .
We at Telegram must recognize our responsibility in shaping the future. Either we, or the monopoly of Facebook. Either freedom and privacy, or greed and hypocrisy. Our team has been competing with Facebook for the past 13 years. We already beat them once, in the East European market for social networks . We will defeat them again in the global messaging market. We must.
It will not be easy. Facebook's marketing department is huge. And we at Telegram are not marketing. We do not want to pay reporters and researchers to tell the world about Telegram. For this, we rely on you - millions of our users. If you like Telegram enough, you will tell your friends about it. And if each Telegram user persuades his three friends to remove WhatsApp and permanently use Telegram, then Telegram will already become more popular than WhatsApp.
The age of greed and hypocrisy will end. The era of freedom and privacy will begin. She is much closer than it seems.
The world seems shocked by the news that WhatsApp has turned any phone into a tracking device. Everything on your phone, including photos, emails and texts, was accessible to attackers only because you had WhatsApp installed.
However, this news did not surprise me. Last year, WhatsApp had to admit a very similar problem - a hacker could access all the data on your phone through a single video call .
Every time WhatsApp fixes a critical vulnerability in its application, a new one appears in its place. All security issues are well suited for surveillance, they look and work like backdoors.
Unlike Telegram, WhatsApp does not open the source code, so security researchers cannot easily check if there are backdoors. WhatsApp not only does not publish the code, they do exactly the opposite: WhatsApp specifically obfuscates the binary files of its applications so that no one can carefully study them.
Perhaps WhatsApp and its parent company Facebook are even required to implement backdoors - through secret processes such as secret orders from the FBI . It is not easy to launch a secure messenger while in the USA. During the week our team spent in the USA in 2016, FBI agents tried to penetrate us three times . Imagine what will happen to an American company in 10 years of work in such an environment.
I understand that power structures justify the installation of backdoors by anti-terrorist efforts. The problem is that such backdoors can also be used by criminals and authoritarian governments. No wonder dictators seem to love WhatsApp. The lack of security allows them to spy on their citizens, which is why WhatsApp is not blocked in countries such as Russia or Iran, where Telegram is prohibited by the authorities .
Actually, my work on Telegram was a direct response to personal pressure from the Russian authorities. Then, in 2012, WhatsApp was still sending messages in clear text. This is madness. Not only governments or hackers, but also mobile providers and WiFi administrators had access to all WhatsApp texts.
WhatsApp later added some encryption, which quickly turned out to be a marketing ploy: a message decryption key was available to at least several governments, including Russia . Then, when Telegram began to gain popularity, the founders of WhatsApp sold their company Facebook and said that they had "privacy built into DNA . " If true, then it is probably a sleeping or recessive gene.
Three years ago, WhatsApp announced that they had implemented end-to-end encryption, so “no third party can access the messages.” This coincided with an aggressive call for all users to back up their chats in the cloud. At the same time, WhatsApp did not tell users that when backed up, messages are no longer protected by end-to-end encryption and may be available to hackers and law enforcement agencies. Brilliant marketing, as a result of which some naive people are now serving a prison term .
Those who have not succumbed to the constant pop-ups that recommend creating backup copies of their chats can still be tracked with a number of tricks - from access to backup copies of contacts to inconspicuous changes to the encryption key. WhatsApp user-generated metadata - logs describing who communicates with whom and when - is leaked to all agencies in large volumes through the parent company . In addition, you get a set of critical vulnerabilities that succeed each other.
WhatsApp has a stable and consistent history, from zero encryption at creation to current vulnerabilities, strangely suitable for surveillance purposes. Looking back, there has not been a single day in their ten-year history when this service was safe. That's why I don’t think that simply updating the WhatsApp mobile app will make it safe. To become a privacy-oriented service, WhatsApp must risk the loss of entire markets and clash with authorities in its country. They do not seem ready for this..
Last year, WhatsApp founders left the company due to concerns about user privacy . They are definitely connected either by secret orders or by the NDA, therefore they cannot publicly discuss backdoors without risking losing their fortune and freedom. However, they were able to admit that they "sold the privacy of their users . "
I can understand the reluctance of the WhatsApp founders to provide more detailed information - it's not easy to jeopardize your comfort. Several years ago, I had to leave my country after refusing to comply with government-sanctioned violations of VK user’s privacy. It was unpleasant. But will I do something like this again? With pleasure. Each of us will die sooner or later, but we, as a species, will stay here for a while. That is why I think that the accumulation of money, fame or power does not matter. Serving humanity is the only thing that really matters in the long run.
And yet, despite our intentions, I feel that we have let down humanity in this entire WhatsApp spy story. Many people cannot stop using WhatsApp because their friends and family are still there. This means that we at Telegram did a poor job convincing people to switch. Although we have attracted hundreds of millions of users over the past five years, this has not been enough. Most Internet users are still held hostage by the Facebook / WhatsApp / Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable. Even those who completely abandoned WhatsApp are probably using Facebook or Instagram, both of which think it's ok to store your passwords in clear text.(I still can’t believe that a tech company can do something like this and get out of the water).
In almost six years of its existence, Telegram has not had any serious data leaks or security flaws, which WhatsApp shows every few months. Over the same six years, we revealed exactly zero bytes of data to third parties, while Facebook / WhatsApp share any information with almost everyone who claims to be working for the government .
Few outside the Telegram fan community realize that most of the new messaging features first appear on Telegram and then WhatsApp is copied to the smallest detail. More recently, we have witnessed Facebook’s attempt to borrow the whole philosophy of Telegram when Zuckerberg suddenly declared the importance of privacy and speed, practically verbally quoting the description of the Telegram application in his speech at the F8 conference.
But whining about FB's hypocrisy and lack of creativity won't help. We must admit that Facebook is implementing an effective strategy. See what they did with Snapchat .
We at Telegram must recognize our responsibility in shaping the future. Either we, or the monopoly of Facebook. Either freedom and privacy, or greed and hypocrisy. Our team has been competing with Facebook for the past 13 years. We already beat them once, in the East European market for social networks . We will defeat them again in the global messaging market. We must.
It will not be easy. Facebook's marketing department is huge. And we at Telegram are not marketing. We do not want to pay reporters and researchers to tell the world about Telegram. For this, we rely on you - millions of our users. If you like Telegram enough, you will tell your friends about it. And if each Telegram user persuades his three friends to remove WhatsApp and permanently use Telegram, then Telegram will already become more popular than WhatsApp.
The age of greed and hypocrisy will end. The era of freedom and privacy will begin. She is much closer than it seems.