Important tech edition today for guarding your privacy. Two main things.
First, you need to know it appears that social media platforms are being monitored by the US government. That’s actually not new but it’s ramping up as part of the hunt for people to deport. Mostly related to Gaza/Hamas and foreign nationals for now but who knows where it stops.
My understanding is they are scraping *public* posts. But it’s interesting that WhatsApp is on the list. It doesn’t mean they can read your messages, which are encrypted, but does mean your data that WhatsApp collects (for example who you contacted and when) is also accessible via these tools.
Don’t make it easier. For example, if you post on FB please try to avoid posting with Public status. The value of FB is that you can post to your friends. Not sure if that’s foolproof but better than handing it to them.
Second, I came across an article on Wired that you really should read in full. It turned a lot of my assumptions about encryption, including Signal, upside-down.
Yes, Signal is safe and is considered the gold standard of mainstream encrypted messaging apps. I know that regime officials in the US like Mvsk use it to coordinate their plans and activities.
But the question is where things are heading. That gets convoluted quickly.
Ready for your head to swim?
In the US, law enforcement that used to oppose encryption (since criminals and bad actors can also hide) now suggests that people use it if at all possible. So far that hasn’t seemed to change under Trvmp.
In Europe, generally a bastion of digital privacy rights, many countries actively oppose encryption (because of criminals and bad actors) and would like to undermine it. There is a deep split between countries like Germany that believe the personal privacy afforded by encryption is sacrosanct, and others like Spain who would like to ban encryption altogether for the sake of law enforcement.
Most proposed European legislation revolves around whether to allow governments a ‘back door’ to your encrypted messages, or perhaps to create a way for authorities to access scanned copies of those messages if they so desire. The UK already tried to strong-arm Apple into creating a back door (iMessage is encrypted), unsuccessfully for now at least. Sweden of all places has been mulling similar laws that Signal has said would make them abandon the country.
At best I can determine, those EU countries on the side of encryption are winning, but not by much.
It’s easy to imagine the US deciding to target Signal - a US-based independent nonprofit - if it becomes a last sanctuary of free, private speech. They could decide to ban or block it, as Russia did recently during the Ukraine war. Or simply revoke their nonprofit status on dubious grounds.
What to do? Which basket to put your messaging eggs in, US or Europe? I have a recommendation as all this plays out:
Both.
1) Please get on Signal if you haven’t yet.
Signal is the new baseline, even for everyday communications. It’s considered by most people to be the best combination of top-notch security and good user experience. At the moment there is no threat to Signal that I’m aware of, only speculation of what the US government might decide to do in the future.
2) Get a Europe-based messaging app as a backup option.
In the same way that you should consider following non-US sources of news, you should consider where certain essential apps like messaging are based. The US is facing the unpredictability of what our authoritarian slide could bring. Europe is in better shape in that regard but there is future regulatory risk to encryption generally. [See update below or here]
There are several encrypted apps based in Europe that rival Signal. I would say few can match Signal’s combo of security, quality, features, and ease of use for those who don’t want to think too much about these things. But they’re all different and have their own pros and cons.
So which one to get? I did some extra research last night, digging into various reviews and comparisons where you get true geeks nerding out over this and that difference between apps. Spare yourself the aggravation.
I got it down to two, then one winner emerged.
Threema is the closest to what I would call the European equivalent to Signal, with strong security protocols and a nice UI. Like Signal (and unlike WhatsApp) it doesn’t collect your data in the first place. It’s Swiss-based, which is a real advantage based on their strong laws around internet privacy. The Swiss don’t mess around, I didn’t see Switzerland on the list of countries pushing to weaken encryption. It is highly unlikely they will throw you under the bus at the behest of other governments.
Security-wise they seem pretty comparable. While Signal’s encryption protocols are seen to be the best, the app is not perfect. Critics say requiring a phone number for signup is a fundamental privacy liability. With Threema you can signup anonymously. You can choose to associate your contact info with your Threema profile, or not.
One small feature I like compared to Signal is that Threema actually has a contacts list tab. With Signal you can’t browse your contacts until you start a new message.
Maybe the main real drawback to Threema is that it costs six bucks on the app store. Might be a dealbreaker for some people. I see it as a positive, as it locks in their funding source. Signal relies on donations.
I had been ready to recommend one or two other strong contenders, like Matrix/Element, but for various reasons they didn’t seem as promising for popular adoption. Also Threema seems more polished and ready for primetime than some competitors.
While it’s fairly popular in Europe - several million users, though I’ve seen different numbers - you likely won’t find any of your peeps there at the moment (I had one, a security-conscious European friend). That’s ok. I think the important thing is to have an option for at least your inner circle in case Signal falters.
And for as many people as possible to agree on which option so we can find each other. I vote for Threema. I’m there already, find me if you take the plunge.
Update March 21, 2025: Important news from EFF (Electronic Frontier Foundation)