WhatsApp users should switch to a more secure service, German privacy regulator urges

The German data protection authority recommended Swiss WhatsApp alternatives Threema and myEnigma

Threema mobile messaging service

Threema mobile messaging service

WhatsApp users should switch to a more secure messaging service now that it is being bought by Facebook, a German data protection commissioner urged Thursday.

Facebook announced on Wednesday that it plans to acquire WhatsApp, a mobile messaging service with about 450 million monthly users, for US$12 billion in shares, $4 billion in cash as well as $3 billion in stock options.

The deal could raise important data protection issues because the personal data of its users will likely be merged with Facebook data, said Thilo Weichert, data protection commissioner for the German state of Schleswig-Holstein.

When communication metadata and content of both services is merged, it can be used for profiling and commercially exploited for advertising purposes, Weichert said.

A Facebook spokeswoman declined to comment on Weichert's concerns and referred to Facebook's conference call about the acquisition on Wednesday, in which Facebook said that WhatsApp will continue to be run as an independent business.

WhatsApp said in a blog post on Wednesday "nothing" will change for users.

The company states in its privacy policy that it will not sell or share personally identifiable information such as mobile phone numbers with third-party companies for their commercial or marketing use without consent. But it may share that information with third party service providers "to the extent that it is reasonably necessary to perform, improve or maintain the WhatsApp Service."

WhatsApp also says it will not use that information itself for commercial or marketing messages without consent, "except as part of a specific program or feature for which users will have the ability to opt-in or opt-out."

It says it also may use both personally identifiable information and certain non-personally identifiable information (such as anonymous user usage data, cookies, IP addresses, browser type, clickstream data, etc.) to improve the quality and design of its site and service as well as to create new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and trends.

In addition to having issues with possible profiling, Weichert also highlighted that both companies are based in the U.S., where there are less strict data protection laws than in Europe. He added that the services "refuse to comply with European and German data protection requirements."

German data protection authorities and consumer organizations have been embroiled in privacy litigation with Facebook for years.

The Germans want Facebook to adhere to German data protection laws. Facebook has been trying to evade this by arguing that German law does not apply to it because its European headquarters in Ireland is processing all European user data. So far one appeals court has ruled in Facebook's favor while another appeals court recently ruled that Facebook should comply with German law.

Weichert does not only have issues with Facebook in this matter, he said. WhatsApp is an insecure way of communicating and has had very serious security and privacy issues, he said.

WhatsApp, for instance, had a major design flaw in its cryptographic implementation that could allow attackers to decrypt intercepted messages. The company hasn't been transparent about how it solves such security problems, Weichert said.

So far, WhatsApp hasn't been doing much to exploit their user data for commercial purposes, Weichert said, adding that the Facebook deal probably will put an end to that.

Therefore, WhatsApp users should switch to services they can trust, at least if the confidentiality of their own communication is worth something to them, Weichert said.

He strongly recommended Germans to start using German or Europe-based services that are transparent about their security and are subject to an effective data protection regime.

This seems to be the case with the Swiss services Threema and myEnigma, which are subject to the Swiss Federal Act on Data Protection,  Weichert said. Threema has been used within his office, he said, adding that he had some reservations in his advise because his staff had not been able to review the source code of the services to verify the security themselves. "But we have had the same issues with Facebook and WhatsApp," he said.

Both Threema and myEnigma use end-to-end encryption and say they have no way to decrypt messages if law enforcement tries to force them to, because they don't know their users' private keys, according to their websites.

MyEnigma is available for free for iOS, Android and BlackBerry. Its security is based on open standards "which are used today to protect classified information at governmental level," according to its website.

The service also protects all communication with an independent encryption layer to provide a dual-encryption channel for all data, it said, adding that it is only relays the encrypted messages. The service is made by the Swiss company Qnective, which offers secure communications to governments and military organizations.

Threema was developed by software development company Kasper Systems and is available for $1.99 on iOS or Android. It has asymmetric cryptography designed to ensure that only the intended receiver can read messages, and photos, videos and current location can be shared with the same encryption, according to its site.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags WhatsAppsecurityFacebookprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Loek Essers

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?