FOSS isn't enough STOP Trust is everything STOP

So with the recent news of Facebook acquiring the Chat service Whatsapp, many felt they had to find an alternative. I don’t blame them, if a company thinks buying another company is worth x money then they expect to make a lot more than x money from owning it.

But when people blindly make the switch they might easily be moving to a service with the same intentions or worse than what Facebook could turn Whatsapp into.

One of these alternative chat services is Telegram that quite surprisingly was already making some impressive traction months before the Whatsapp acquisition came about.

They follow a similar plan as Whatsapp, make a great experience and worry about making money once you have an impressive userbase. The difference with Telegram is that they are selling themselves as the “secure” alternative and because of this claim I’m here today.

Obviously, why wouldn’t they sell themselves as the secure alternative, it makes great sense with all the NSA, GCHQ spying being a hot topic these days. Then they throw in that they are open source by making their clients available on github and detailing their crypto technique.

All is well and good making your clients open source and I applaud any company that does but particularly when we’re talking about a chat service whose selling point is security, what use is open source clients when the server remains proprietary. All we can be sure of is that our messages are secure when they’re on the client, as soon as they’re sent to a black box server we have no certainty of what next happens to our messages. More worrying is that multiple organizations that have been accepted into this years Google Summer of Code have ideas on their project page to incorporate telegram into their project, this seems crazy to me and incredibly shortsighted.

Next, detailing your crypto that super Ph.Ds in Maths created is all well and good until people start debunking its security within days. Also, making a competition with flawed rules is a surefire way to turn the community against you even more.

But let’s step back for a second and imagine that Telegram was identical to Whatsapp, no claims of security and people use it fully understanding that they have no control over anything once it has been sent, who exactly is Telegram? A small startup out to disrupt? Nop, not even close, Telegram was founded by the same cofounders of VK, the second largest social network in Europe. That fact alone should keep people far away from Telegram, you don’t trust Facebook? A site you use everyday? But you do trust someone in the exact same business of profiting from it’s users information that you don’t even use?

So what chat service should you use if you want everything to be secure? Well, there probably isn’t and there never will be. There are options like Cryptocat but how sure can you really be?

And this is where I’ve ended up, it all comes down to how much you Trust the companies whose products you use, my messenger of choice is currently Google Hangouts, it’s probably not secure, Google can read everything, the clients suck, but I’ve been using Google services for a long time and until now nothing bad has happened so a level of trust has been built up. And that’s it, it’s as safe to use as my trust in the company.

Nothing more.

© 2021 Mark Holland