News

Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty

on: 2020-02-28

The recent security scandal around WhatsApp and access to the content of private groups shows that there is an urgent need for action with regard to secure communication.

Links to private chat groups in the proprietary WhatsApp messenger can be used to show the communication and private data of group members, even if you are not a member. The links could be found on various search engines. Even if they are removed from search results, links still work and give access to private group communication. Among these groups are also administrations like civil servants of the Indonesian Ministry of Finance. This case shows again that digital sovereignty is crucial for states and administrations. The security breach was first reported by Deutsche Welle.

In order to establish trustworthy and secure communication, governments need to strengthen interoperable Free Software solutions using Open Standards and enable decentralisation. This helps administrations as well as individuals to protect their privacy and empowers them to have control of the technology they use. The software is already in place and was used by most of the internet users before Google and Facebook joined the market: XMPP! This open protocol, also known as Jabber, has been developed by the Free Software community since 1999. Thanks to Open Standards it is possible to communicate with people who use a completely different client software and XMPP server. You are even able to communicate with other services like ICQ or AIM - some might remember. XMPP has also been used by tech enterprises like Facebook and Google for their chat systems, but both eventually switched to isolated proprietary solutions, so XMPP has been forgotten by many users.

Still, there are many XMPP servers in use and - as the recent scandal around WhatsApp shows - it should be considered as an alternative by users nowadays. But of course there has also been a development in the field of Free Software and Open Standard messengers in the last decades. For instance the Matrix protocol is a widely recognised and respected standard for secure and decentralised communication. This is proven by the fact that it is being used by large Free Software communities like Mozilla, KDE, but also in the whole French administration or Germany's armed forces.

The Free Software Foundation Europe therefore asks governments to use interoperable, decentralised Free Software messenger solutions and also provide funds for security programmes like bug bounties around these projects. Individuals are advised to change their messenger to a Free Software one.

The FSFE also started an initiative called "Public Money, Public Code!", requiring that publicly financed software developed for the public sector be made publicly available under a Free and Open Source Software licence. If it is public money, it should be public code as well. The campaign is supported by administrations like the city of Barcelona, more than 180 NGOs and 27.000 individuals. You can find more information on publiccode.eu.

For users of Android mobile phones, the Free Software Foundation Europe started the "Free Your Android" campaign. It helps users to regain control of their data and Android device by replacing proprietary components and eventually the complete operating system with Free Software. The FSFE collects information about running an Android system as free as possible and coordinates efforts in this area.