paint-brush
Messenger Problem: Why “Secure” Does Not Mean “Private” and How to Fix This With Blockchainby@MelvinTalk
531 reads
531 reads

Messenger Problem: Why “Secure” Does Not Mean “Private” and How to Fix This With Blockchain

by Danny WesleyMay 28th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Not long ago it turned out that Facebook was <a href="http://money.cnn.com/2018/04/05/technology/facebook-messenger-messages-privacy/index.html" target="_blank">scanning</a> messages sent via its Messenger app. The company said that it scans messages only for abuse, however, we all remember that Google used to <a href="http://variety.com/2017/digital/news/google-gmail-ads-emails-1202477321/" target="_blank">read</a> personal emails for better ads personalization. Another popular Telegram messenger is experiencing pressure from authorities in different countries who would like to get an opportunity to read what users are writing in chats.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Messenger Problem: Why “Secure” Does Not Mean “Private” and How to Fix This With Blockchain
 Danny Wesley HackerNoon profile picture

Not long ago it turned out that Facebook was scanning messages sent via its Messenger app. The company said that it scans messages only for abuse, however, we all remember that Google used to read personal emails for better ads personalization. Another popular Telegram messenger is experiencing pressure from authorities in different countries who would like to get an opportunity to read what users are writing in chats.

Seems that nowadays it is almost impossible to use any convenient communication without completely sacrificing privacy. Let’s talk about how this could be fixed.

The problem

Today there are plenty of messengers that present themselves as “secure and anonymous”. The problem is that while claims about security could be more or less true, it has no connection to real privacy.

To say that certain messengers provide real “privacy” means that you should be able to trust the company that developed this tool. But there is almost always no good reason for it. Most current communication tools are “closed source”, meaning that the source code of these products is never published and independent researchers cannot audit it. This means that even if the team behind such messengers have no intention to disclose users’ personal information, there is no guarantee that hackers or other malicious perpetrators would not use programming errors or security flaws to gain access to such data.

Another issue stems from traditional software development approaches. Currently, most messengers use outdated technologies like a client-server model or P2P, which do not by any means hide users’ IP addresses.

But the biggest problem is that “security and privacy” are used strictly for marketing purposes, while in reality corporations that stand behind popular messengers want no privacy for their users at all. That is why you need to use your telephone number or social media account to log in rather than allow an app access to your contact list to start communicating. All these data will then transferred to remote servers, and you have little understanding of how it will be used.

Even Telegram, which positions itself as the most secure messenger in the world, is absolutely non-anonymous. It is centralized and can be blocked, which has already happened to the service in Iran and Russia. As a result, its users may be forced to use other popular and even less anonymous communication tools. Very bad.

Free and Secure ≠ Private

Even really secure messengers that use strong encryption technologies can still be non-anonymous, collecting and sharing users’ personal information. That is normal because developers need to put some food on the table for their families. And the current market structure allows messaging services to earn money by selling user data or running ads.

The arms race for venture capital and acquisitions forces developers to focus on growing their user base. And this is hard with lots of ads, so instead, more and more teams choose to sell data to corporations rather than harming UI with ads.

It seems like an infinite loop with no exit, however, new technologies like blockchain could solve this problem. Here is how.

Blockchain to the Rescue

When you have a centralized messaging service, its core servers might be compromised, and user data stolen. When you have a P2P messenger, another problem arises — messages are stored only on devices participating in the communication. This means that if the device is compromised or lost, information can be easily accessed.

Both situations are bad, and that is why a team of developers and security researchers came up with the ADAMANT messenger concept. Instead of storing information on a device or remote servers, we can put it directly into the blockchain itself. The data is still protected by top-notch encryption algorithms and can be accessed only by participants knowing necessary keys. But it is stored in a distributed database that cannot be blocked, and nothing happens when the user loses his device.

Moreover, this approach eliminates the need to use phone numbers or other IDs to allow usage of the messenger. This means that unlike all other centralized message transfer systems, it is almost impossible to associate a message history to a specific person even if someone manages to decrypt data from the blockchain.

Another opportunity presented by blockchain is monetization using cryptocurrencies. For example, at ADAMANT there is no such thing as free communication — you should pay a tiny amount of cryptocurrency for each transferred message. When you pay for each message, you know how developers earn their money. There is no need for them to tell you tales about their “free messenger” while simultaneously trying to sell your data at the highest possible price.

The project is fully open-sourced, so that everyone can audit its source code and ensure that there are no security holes which could be used to access users’ data.

Conclusion

In a world where officials in different countries are trying to limit anonymity on the internet and corporations are trying to collect as much personal information to mine for profit (and often do not care much about securing it; see Facebook and Cambridge Analytica scandal), the only way to ensure privacy is decentralization.

And while there are still some things that might seem unusual or not so comfortable for the regular user — like paying for messages or lengthy waiting times of several seconds for message delivery — blockchain-based messengers like ADAMANT are currently the only effective tools for truly private communications.