Now that Whatsapp is part of Facebook, some might feel a bit exposed using it. But I wouldn’t worry about Facebook doing something with their chat conversation data. I would worry more about the fact that it has been known to have very weak security.
Also last weekend, after the Facebook purchase, the service had a major fail. I had several friends going back to SMS messages to communicate.
So for those cases, here are 5 alternatives to Whatsapp in case you don’t like it, don’t trust it or when it fails:
Besides normal chat like Whatsapp, Line offers free video and voice calls. It has emoji like Whatsapp plus stickers, and you can also send location, photos, videos and voice messages in the chat stream. Another plus with Line is that it has a desktop client, so you can reply and continue your conversations on your desktop while doing other things, instead of having to reach your phone every time.
Viber also supports emoji, stickers (and you can download extra ones if you need), and like Whatsapp it supports group messages with up to 100 members. Besides texts, Viber only supports voice calls. Like Line, it also has a desktop client. Oh, and they explicitly say they value your privacy.
Telegram supports group chats with a maximum of 200 members. You can share photos and any other media, and videos up to 1Gb. The most unique feature of Telegram is Secure Chats. These chats have end-to-end encryption and they claim are not logged in the chat servers. Also you can set them to auto delete themselves after certain time on both ends.
They also claim to be concerned about your privacy and security and they show it with their features. They also claim to never disclose data to third parties.
The interface is very similar to Whatsapp if you’re migrating from that. The downside is that it doesn’t support voice or video chats. It supports emoji but no stickers like other clients and no desktop client either. Although you can install it on a tablet, it lacks a tablet design.
Well, we all know Skype by now. It supports chats with very limited emoticons, no emoji or stickers. You can send files but not share pictures easily in the chat timeline. The advantage of Skype is its large user base and its voice and video chats. And if you have skypeout or similar you can have an additional phone number to receive calls on any device.
Hangouts is Google’s chat client replacing Google Talk. It supports voice and video chats, emoji, photos and location (no videos or voice messages for now). It has a desktop client (actually a Chrome extension) so you can continue your chats anytime your browser is open, or you can do it while having your Gmail or Google+ window open. Like Google+ in the social media landscape, Google Hangouts is a late-comer into the mobile messaging world and it has slowly been adopting features from its competitors. But since it has the Gmail user base behind it and every new Android phone seems to have Hangouts included, it is slowly gaining popularity and it is very likely that your friends already have it, ready to receive your messages in case other services are unavailable.
I was an active Foursquare user back in the first years of it, and it’s been a while since I toned down my participation in it. A few years ago, my girlfriend questioned me on why I was reporting my location everywhere I went. What was my gain on it? How much value did I gained versus the risks and privacy losses? This applied to Foursquare and all the other social media networks, specially Facebook.
Giving some thought to what people post on social media networks, as individuals, there’s a lot of questioning as to why one does such things. They make it a game, addictive with lame rewards and “badges” with no meaning. They get supported by your friend’s peer pressure to go on and join and also to actively participate. If you’ve been an active user of a social network you know it’s hard to quit.
Some don’t even tell you that you’re being tracked while you use it, while you check that photo your friend added or replying to that family member that seems to have forgotten what email is and how it works. We empower the social media sites with content. We write for them, we upload for them. Make it rich in content and attractive to more people for them. They get to sell our content, brag about our ideas and scrutinize your activities and thoughts. And all we get is the social communication benefit. Now we are so highly communicated that we barely talk to each other while waiting in line at the bank or while your car is being washed. I’ve seen families that are so connected that they all stare at little screens at a very quiet dinner table.
By the time my girlfriend was making me think of a balance in my privacy, drug wars in northern Mexico reminded us all why we need privacy. Friends being kidnapped because it was easy to know where they were and who they hang out with. Our own free speech being used against us. Things got so bad (still are) that you could not talk about what was going on in public places. People had to create a language of silences and signs to discretely say what they wanted to say if they were in public. People got so used to it, that even in the comfort of their own homes they could not pronounce the name of the attackers.
Suddenly you’re being reminded that the world is not a happy safe place where you can shout out everything about you. That it is not about having something to hide, it’s about protecting yourself and those around you. You wouldn’t hide your family, but you also wouldn’t like them to be taken away from you. Although I do know people that did had to hide their family.
The problematic part is that leaving the social media sites is not an option. You’ll be like a caveman or outcast, missing on a now big part of your participation in the world for social or even business communication. Your social circles will almost demand your participation in them to stay in touch. Even if you leave and cease all participation, the social media networks will still know about you by what your friends post about you (photos, videos, comments, links). That’s why I have reached to the conclusion that the best answer to that is to moderate my participation in them.
I want to share this talk by Eben Moglen, lawyer of the software freedom law center and who help draft the GNU license among several other things. This talk is from 2011, and he used references to the KGB as examples because he probably knew that using the US government would be too unbelievable by most people at that time. Oh but times change, unfortunately not much for the benefit of freedom and anonymity.
Wow, this blog post was drafted on september 30th 2011 and was sitting idle without much changes or additions. I thought of deleting the entry, as I had no reasons to talk about social media privacy anymore. But times change…or maybe things just got worse, and there’s been a lot of mess with privacy lately.
With all the recent news about privacy violations, user data requests, gag orders and the like, it is useful to know that there are tools to communicate in safer ways. I can’t say that they are bullet-proof, as I’m not a security analyst, but at least you can add an extra layer of complexity to those trying to tap into your communications.
Redphone – allows you to have encrypted phone calls
With the recent news scandal about the NSA surveillance program code named PRISM more people is starting to question their use of cloud services thinking about their privacy. I’ve talked about free network services and ugly cloud stories but this is the ugliest of all stories going mainstream.
But in addition to that list, Peng Zhong created a web site called PRISM Break with a nice and easy to understand list of software, both desktop and web services to help protect your privacy.
I’ve already been using several of these programs and discovered new ones. It might be scary to run your own instances of web services or change the software you’ve always used, but freedom and privacy are worth a shot. I hope these list gets bigger with new software developments and current offerings get better as more people use them and get more attention.
Political scandals have always been about leaked information. Don’t you wonder why sensitive data has been passed around in clear text on the leaked cables that Wikileaks has been making public, while your latest SpongeBob Blu-ray or DVD disc is encrypted with DRM locks and transactions like your book purchase at Amazon is secured and encrypted by SSL certificates?
Encryption has been overlooked by general public all the time. You only hear about it in “hacker” films or breaking news scandals. Although encryption is commonly associated with hiding secrets, when in fact it’s more about securing information. When you change the mindset you’ll start considering encryption as something more relevant for your everyday digital life.
For example, the cloud storage service Mega has encryption built in, after the lessons learned on the data kidnapping of MegaUpload servers. This is for the protection of both parties, the service providers and yourself, the user. This way, only you can open the files and not even Mega employees can know what is in your storage account. Dropbox, Google Drive and other services don’t provide the same level of security, so basically anyone that has access to those servers can see your personal information.
There are many types of encryption methods. One of them is called GPG (initially PGP but the free software version is known as GPG).
GPG is a two key system, where you hold a private key and a public key. The way it works is that you encrypt a file with someone’s public key and send it. On the receiving end, the other person has a private key, and only with the private key the message can be deciphered.
Public keys can be obtained from the person directly through a file transfer or email attachment prior to encrypted communication. Some people, like me, publish their public keys on their personal web page. The most common method to get a public key is to search it on key servers. Most GPG GUI programs have the option to search, download and upload public keys on key servers.
So to get started with protecting our data using encryption, you’ll need to learn the basic concept words:
Encryption will protect the contents of the file, image, text or whatever is being encrypted, so that only the owner of the private key can view it.
If you want to protect a file only for your eyes, encrypt it with your own public key.
This is the process of removing the encryption so that you can view the contents of the protected file. This can only be done if the contents were encrypted with the public key of the person who’s supposed to see the information.
If someone sends you a file that was encrypted with your public key, only you, who has the private key, can decrypt the file.
Sometimes the only layer of protection you need, is to make sure the contents of a file or email were not altered between the time you send it and the time it is received by the other person.
It also works as a way to make sure that a message is coming from you, since you need your private key to sign the file and only you have access to it.
Signing a file or text is a mechanism to know that the contents are intact. This does not hide the message itself, it only adds a signature to the file to ensure that every bit is in place with no modifications.
This is how you check a file or message’s signature for authenticity and integrity. If the signature doesn’t match, it means that the file has been altered or didn’t came from the right person.
You can sign or encrypt a message or file. Signing doesn’t hide the information but it helps to certify that the information hasn’t been modified by anyone else before reaching you. Encrypting will hide the information so no one can see the message or file’s contents.
To setup GPG on your system, you’ll need to generate your public and private keys. Any GNU based system is compatible with GPG (GNU Privacy Guard). Most GNU/Linux distributions are already bundled with the gpg command-line tool. If not, on a Debian-based distribution you can install it with:
sudo aptitude install gpg
Generating your keys
After you installed gpg on your system, to create your keys for the first time, all you need to do is open a terminal and type:
This will start a step by step process with some simple questions. When in doubt, use the default options by just pressing Enter. Don’t fear the command line, it’s just text.
When asked for a passphrase, note that GPG is not asking for a pass *word*, it’s asking for a pass *phrase* so make sure it is longer than one word and an easy to remember sentence.
Once that is done, you can check your list of keys with
Key search and import
If someone hands you their public key on a file, you’ll need to import it to your keyring to use it:
gpg --import key.asc
The key.asc is the file with the public key.
You can also search for someone’s public key on key servers
If you’re on GNU/Linux and using KDE you can install the user interface KGPG
sudo aptitude install kgpg
On Gnome, you can use Seahorse
sudo aptitude install seahorse
For graphical user interface options on Mac OS X and Windows, you can check the GPG website.
These GUI front ends will integrate well with your desktop environments, so you can easily encrypt, decrypt, sign or verify files from the file manger right-click menu options.
GPG and Email
The easiest way I can recommend to use encryption with email, is with Enigmail, an extension for the Mozilla Thunderbird email client. It integrates very well and makes it easy to sign, encrypt, verify and decrypt email messages.
I’ve highlighted the parts you should watch out for:
When you post User Content to the Site, you authorize and direct us to make such copies thereof as we deem necessary in order to facilitate the posting and storage of the User Content on the Site. By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content. Facebook does not assert any ownership over your User Content; rather, as between us and you, subject to the rights granted to us in these Terms, you retain full ownership of all of your User Content and any intellectual property rights or other proprietary rights associated with your User Content.
And the other day I found some local TV advertising studio photographs, from the biggest TV network in latinamerica, posted on the photographer’s photo gallery. He could get sued by his client!
Good think Flickr exists and provides us with our own licensing terms. And even more for providing the option of Creative Commons licensing.
It would be interesting and a huge challenge, to come up with a social networking site like Facebook that follows the Franklin Street statement.