Are there still secure messengers available today? A new study reveals, among other things, which services lose your data and weaken your battery. WhatsApp is one of the best in the business, unlike Facebook Messenger and Instagram Direct.
Messengers like WhatsApp connect us to our friends, family and colleagues every day. They give us the ability to stay in touch with loved ones anywhere, anytime-even if they’re on the other side of the world.
Hardly anyone would want to miss this communication privilege. But often Messengers are not safe and vulnerable to abuse and dangerous spam – because of simple features like link preview, for example, which makes Facebook Messenger a complete disaster.
Secure messengers: link preview lowers your battery and more
Security experts Talal Haj Bakry and Tommy Mysk have conducted an investigation into this and found that the link preview offers dangerous opportunities for abuse.
After all, the preview can contain sensitive information such as account details or personal data that was supposed to be private, but is now shown in the link preview, potentially violating users’ privacy.
This is because it is not clear what the servers download in advance to generate the link preview. Also questionable: What happens with this downloaded information? Does it remain stored somewhere on the servers of the providers? For how long? And who has access to it?
In their experiment, the researchers were able to determine exactly what the messengers download for the link preview.
- Discord: 15 MB of each type of file sent.
- Facebook Messenger: Complete files, even with huge sizes of photos or videos.
- Google Hangouts: 20 MB of each file.
- Instagram: Just like Facebook Messenger. Only difference: Not just photos or videos, but any file.
- LINE: 20 MB of each file.
- LinkedIn: Up to 50 MB of each file.
- Slack: Up to 50 MB of each file.
- Twitter: Up to 25 MB of each file.
- Zoom: Up to 30 MB of each sent file.
Even though most messengers seem to set limits on how much of a file they download and delete the preview information after a while, even that’s not necessarily reassuring. After all, most photos or documents are no larger than a few megabytes.
And the link previews also pose another security risk: access to the sender’s IP address.
Because to generate the link preview, the recipient server must communicate with the sender server. This gives it access to the sender’s IP address and thus possibly to its location. This happens regardless of whether the recipient clicks on the link or not.
To prevent this, secure messengers must have end-to-end encryption.
Server crashed, battery empty, data gone
But the data protection problems of the messengers are not everything.
Because the services sometimes download high volumes of data, an app like Viber is able to download massive amounts of data – and thus also carries the risk of draining its own data volume, weakening the battery and sometimes even crashing itself.
The latter happened to the researchers, for example, when they sent 1.38 gigabyte images. Recipients were able to receive the photos at the expense of the data volume, but when calculating the link preview, the app failed and crashed.
It also weakened the battery. After all, the app needed a lot of computing power.
By the way, the social news aggregator Reddit had the same problem, but the researchers estimate that this has now been solved in the application.
End-to-end encryption is not standard for many messengers
All in all, most messengers today do a lot of things right. For example, in Signal, Threema, Tik Tok and WeChat, users can choose not to receive a link preview.
For really sensitive messages and users who value privacy, this is also the best setting.
But end-to-end encryption is still not standard in many services. WhatsApp has now introduced the feature, and Apple’s iMessage, Signal, Threema, and Viber are also secure messengers in this sense.
But the popular Facebook Messenger and Instagram Direct in particular do not have the key-lock principle. And even the professional services LinkedIn, Slack and Zoom as well as Reddit, Tik Tok, Twitter and WeChat do not have end-to-end encryption.
Alarmingly, however, the researchers’ analysis also shows that end-to-end encryption alone does not automatically make the Messenger secure.
In the case of Messenger Line, for example, the app first sends the link to its own server to generate the preview link. This actually defeats the purpose of encryption, since all information about links, senders, recipients and locations is stored on the line servers.
Secure messengers: Which services are the best?
That naturally raises the question: Do secure messengers even exist? No messenger can guarantee complete security. WhatsApp has improved and is no longer so often criticized because of privacy scandals.
But there are alternatives to WhatsApp. These include Signal, Edward Snowden’s favorite messenger, and the Swiss-based Threema service.
With other messengers, such as Facebook or Instagram, it is certainly advisable not to send sensitive information via these services.
