[FSFE PR][EN] Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty

press at fsfe.org press at fsfe.org
Fri Feb 28 11:10:15 UTC 2020

 = Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty =

[ Read online: https://fsfe.org/news/2020/news-20200228-01.en.html ]

The recent security scandal around WhatsApp and access to the content of
private groups shows that there is an urgent need for action with regard
to secure communication.

Links to private chat groups in the proprietary WhatsApp messenger can
be used to show the communication and private data of group members,
even if you are not a member. The links could be found on various search
engines. Even if they are removed from search results, links still work
and give access to private group communication. Among these groups are
also administrations like civil servants of the Indonesian Ministry of
Finance. This case shows again that digital sovereignty is crucial for
states and administrations. The security breach was first reported by
Deutsche Welle [1].

In order to establish trustworthy and secure communication, governments
need to strengthen interoperable Free Software solutions using Open
Standards [2] and enable decentralisation. This helps administrations as
well as individuals to protect their privacy and empowers them to have
control of the technology they use. The software is already in place and
was used by most of the internet users before Google and Facebook joined
the market: XMPP! This open protocol, also known as Jabber, has been
developed by the Free Software community since 1999. Thanks to Open
Standards it is possible to communicate with people who use a completely
different client software and XMPP server. You are even able to
communicate with other services like ICQ or AIM - some might remember.
XMPP has also been used by tech enterprises like Facebook and Google for
their chat systems, but both eventually switched to isolated proprietary
solutions, so XMPP has been forgotten by many users.

Still, there are many XMPP servers in use and - as the recent scandal
around WhatsApp shows - it should be considered as an alternative by
users nowadays. But of course there has also been a development in the
field of Free Software and Open Standard messengers in the last decades.
For instance the Matrix protocol is a widely recognised and respected
standard for secure and decentralised communication. This is proven by
the fact that it is being used by large Free Software communities like
Mozilla [3], KDE [4], but also in the whole French administration [5] or
Germany's armed forces [6].

The Free Software Foundation Europe therefore asks governments to use
interoperable, decentralised Free Software messenger solutions and also
provide funds for security programmes like bug bounties around these
projects. Individuals are advised to change their messenger to a Free
Software one.

The FSFE also started an initiative called "Public Money, Public Code!",
requiring that publicly financed software developed for the public
sector be made publicly available under a Free and Open Source Software
licence. If it is public money, it should be public code as well. The
campaign is supported by administrations like the city of Barcelona,
more than 180 NGOs and 27.000 individuals. You can find more information
on publiccode.eu [7].

For users of Android mobile phones, the Free Software Foundation Europe
started the " Free Your Android [8] " campaign. It helps users to regain
control of their data and Android device by proprietary components and
eventually the complete operating system with Free Software. The FSFE
collects information about running an Android system as free as possible
and coordinates efforts in this area.

 1: https://www.dw.com/en/whatsapp-security-flaw-over-60000-groups-still-accessible-online/a-52543414
 2: https://fsfe.org/activities/os/index.en.html
 3: https://discourse.mozilla.org/t/synchronous-messaging-at-mozilla-the-decision/50620
 4: https://dot.kde.org/2019/02/20/kde-adding-matrix-its-im-framework
 5: https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app
 6: https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/matrix-pilot-bwmessenger
 7: https://publiccode.eu
 8: https://fsfe.org/campaigns/android/index.en.html

  == About the Free Software Foundation Europe ==

  Free Software Foundation Europe is a charity that empowers users to
  control technology. Software is deeply involved in all aspects of our
  lives; and it is important that this technology empowers rather than
  restricts us. Free Software gives everybody the rights to use,
  understand, adapt and share software. These rights help support other
  fundamental freedoms like freedom of speech, press and privacy.

  The FSFE helps individuals and organisations to understand how Free
  Software contributes to freedom, transparency, and self-determination.
  It enhances users' rights by abolishing barriers to Free Software
  adoption, encourage people to use and develop Free Software, and
  provide resources to enable everyone to further promote Free Software
  in Europe.


More information about the Press-release mailing list