Should you leave WhatsApp because it is sending data to Facebook? And what about Matrix? Does a federated protocol actually have a chance to replace messengers like WhatsApp?
Today on The Private Citizen, I discuss the recent terms of service (TOS) change from WhatsApp and what I think about people wanting to leave the app because of it. I also take a look at a federated messenger protocol that is very interesting and might become a long term replacement to messenger silos like WhatsApp.
This podcast was recorded with a live audience on my Twitch channel. Details on when future recordings take place can usually be found on my website. Recordings of these streams get saved to a YouTube playlist for you to watch after the fact.
The Big WhatsApp Migration
A while ago there was, once again, a public outcry about WhatsApp changing their terms of service to share data with its parent company Facebook. This, once again, prompted millions of users to leave the app. Something, which the founder of Telegram – not an app you want to switch too, by the way – called “the largest digital migration in human history”.
In a blog post on Thursday, Telegram founder Pavel Durov revealed that Turkish President Recep Erdogan and Brazil leader Jair Bolsonaro were among those who had joined the platform in recent days.
Well, that certainly speaks of respect for people’s privacy, doesn’t it? Not sure I would trust a guy’s judgement who just blurts out the names of important users like this for PR reasons.
“Digital migration” might be the right term for it, though, since it is very much a herd of people blindly running in the same direction without thinking about what they are doing. This TOS change is nothing new. In fact, the thing people are worried about has been in place unchanged since 2016.
A bit of irony in all of this is the data sharing WhatsApp users are so keen to avoid has already likely been happening for a vast majority of those who use the messaging platform. The company let users opt out of data sharing with Facebook for only a brief amount of time back in 2016, two years after Facebook purchased the platform. After that, new sign-ups and those who didn’t manually opt out of data sharing have had some WhatsApp information, principally their phone number and profile name, shared with the larger social network for ad targeting and other purposes.
I’m not against people switching away from WhatsApp, especially when they are going to messengers that are actually more secure and more private – which Telegram isn’t. Signal is a good option that many people are now considering, it seems.
But lets look at where the problems with WhatsApp actually are, instead of where people think they are and why it actually would make sense to leave. Let’s evaluate this ourselves, instead of blindly following the herd.
→ c.f.: Keeping Tabs on WhatsApp’s Encryption, Fabian A. Scherschel
A Look at Matrix
If one does want to move on from WhatsApp, instead of just switching to just another messenger silo, why not switch to a federated solution? Many people, including producers of this podcast, have advocated Matrix as a possible answer. This weekend, the FOSDEM open source conference (fully digital for the first time this year) was run over Matrix. And it worked surprisingly well. So well, in fact, that it prompted me to finally take a look at Matrix and properly research what it is – something I’d had put off doing for a while because of my general workload.
In fact, I have now rented a test server. Which has a public Private Citizen room you can check out.
Matrix’s Element client on Windows
So what is Matrix?
Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, just like standard Simple Mail Transfer Protocol email does now for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. Such protocols have been around before such as XMPP but Matrix is not based on that or another communication protocol.
From a technical perspective, it is an application layer communication protocol for federated real-time communication. It provides HTTP APIs and open source reference implementations for securely distributing and persisting messages in JSON format over an open federation of servers. It can integrate with standard web services via WebRTC, facilitating browser-to-browser applications.
The reference implementation for the client is called Element and is available as a web app and natively for Windows, macOS, Linux, Android and iOS.
Matrix targets use cases like voice over IP, Internet of Things and instant messaging, including group communication, along with a longer-term goal to be a generic messaging and data synchronization system for the web. The protocol supports security and replication, maintaining full conversation history, with no single points of control or failure. Existing communication services can integrate with the Matrix ecosystem.
The Matrix standard specifies RESTful HTTP APIs for securely transmitting and replicating JSON data between Matrix-capable clients, servers and services. Clients send data by PUTing it to a ‘room’ on their server, which then replicates the data over all the Matrix servers participating in this ‘room’. This data is signed using a git-style signature to mitigate tampering, and the federated traffic is encrypted with HTTPS and signed with each server’s private key to avoid spoofing. Replication follows eventual consistency semantics, allowing servers to function even if offline or after data-loss by re-synchronizing missing history from other participating servers.
The Olm library provides for optional end-to-end encryption on a room-by-room basis via a Double Ratchet Algorithm implementation. It can ensure that conversation data at rest is only readable by the room participants. With it configured, data transmitted over Matrix is only visible as ciphertext to the Matrix servers, and can be decrypted only by authorized participants in the room. The Olm and Megolm (an expansion of Olm to better suit the need for bigger rooms) libraries have been subject of a cryptographic review by NCC Group, whose findings are publicly available, and have been addressed by the Matrix team.
Servers in the federation are called “home servers”. They run the reference server implementation called Synapse. A rewrite of this software, written in Go, is currently in beta. It is called Dendrite.
→ c.f.: Olm Cryptographic Review, November 2016, NCC Group
For me, the biggest reason to switch to Matrix is not an issue with WhatsApp, but an urgent need to make our digital infrastructure more resilient against the attempts at censorship that are now becoming obiquitous. We need to take back control over our ways to communicate. Especially at a time where our governments have us all locked up.
Producer Feedback
Barry Williams said, in response to the one year anniversary special episode:
As an Australian teacher, I could not ask for a better response to my question “who was your favourite teacher?” . Also I did not have a great time at school but soon found out if I did not respond to the bullies they don’t get what they want.
Also I was trying not to monopolise all the questions but since you mentioned it in the podcast what is your favourite coffee (I am a weird coffee person, who drinks single origin coffee direct from good roasters, I also watch far too many YouTube videos on all things coffee)?
If you have any thoughts on the things discussed in this or previous episodes, please feel free to contact me.
Toss a Coin to Your Podcaster
I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.
You can also support the show by sending money to via PayPal, if you prefer.
This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.
Thanks and Credits
I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.
Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.
But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Georges, Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Butterbeans, Dave, Steve Hoos, Mark Holland, Shelby Cruver, Vlad, Jackie Plage, 1i11g, Philip Klostermann, Jaroslav Lichtblau, Kai Siers, Fadi Mansour, ikn, Dirk Dede, Joe Poser, Matt Jelliman, Michael Small, David Potter, Mika, Martin, Bennett Piater, Dave Umrysh, Larry Glock, RikyM, drivezero, MrAmish, Jonathan Edwards, Barry Williams, avis, Neil, Matt, Captain Egghead, D, Christoph Martin and Filipe Carvalho.
Many thanks to my Twitch subscribers as well: Mike_TheDane, Galteran, redeemerf, indiegameiacs, Andyp4nts and m0dese7en_is_unavailable.
End of show song: Across Land and Sea by Christoffer Moe Ditlevsen.
End of show music and some sound effects licensed via Epidemic Sound.