SMS is out. Long live the instant messaging app. Versatile and uncomplicated, over three billion people use them, with apps like WhatsApp and WeChat being particularly popular worldwide. Billions of messages, images, videos and file attachments are sent across instant messaging apps every day. Many of us are in what can often feel like close to that number of group chats. Groups for gifts, parties and demos, work chats and the rest: instant messaging apps play a major role in the everyday lives of many of us. And, our chats reveal a lot about us.
However, as criticism of the big players in the instant messaging market becomes louder, concerns about their apps are also increasing. Data protection, in particular, is a major issue. It is often unclear what user data is collected, stored and passed on, and for whose benefit.
So, what is the problem exactly, and what alternatives are out there? How important is end-to-end encryption and open source? And are any of the existing alternatives actually greener?
There’s no such thing as a “free” app
According to parent company Meta, over two billion people use WhatsApp worldwide as of March 2024. However, as you may have heard, the instant messaging app is being increasingly criticised. The concerns regard both the handling of user data and the platform’s security. Although the platform is end-to-end encrypted, WhatsApp not only collects everything you enter when you sign up, such as your phone number, but also so-called metadata. This is information about your actual usage of the app. This includes, for example, who you communicate with, when and from which IP address. This metadata is analysed and shared with other companies in the Meta Group, such as Facebook and Instagram.
So, while instant messaging apps such as WhatsApp are free for the user in terms of literal currency, we pay for the service with our data, dearly. This data is worth its weight in gold for companies, and their entire multi-billion dollar business models are based on it. On the one hand, the metadata is analysed to improve the respective service. On the other, many companies use the sensitive personal data of their customers for advertising purposes and also sell it to other companies for commercial or political purposes.
Our metadata can tell a lot about us
Together with data points from other apps, our data can be used to create usage profiles that reflect our online behaviour, our interests and our movement profile fairly accurately. This allows targeted advertising to be placed. It can also be used to deliberately spread disinformation, for example to influence politics.
Image: Screenshot from Signal
Obviously, it’s hard to believe that companies whose entire purpose is to make money from our data are seriously interested in protecting it. And, it is hardly surprising that data breaches—the theft of data or careless storage—are becoming known time and again.
Taking action against this is difficult. For example, European data protection organisations have so far tried to prevent the sharing of metadata on WhatsApp in court without success.
Telegram isn’t a secure alternative
The messenger Telegram is often considered to be a strong alternative to WhatsApp. However, a closer look reveals big question marks in this regard. Telegram was developed by brothers Pavel and Nikolai Durov and, according to the website, the company is now based in Dubai after several relocations.
The developers provide little information about the storage of metadata. Telegram also states that it attaches great importance to privacy. However, messages are only sent via instant messaging apps using transport encryption, not end-to-end encryption.
What does encryption mean for instant messaging apps?
The most secure encryption method is end-to-end encryption (E2E). This means that the messages are encrypted directly by the sender device and in such a way that only the recipient device can decrypt them again. Most instant messaging apps now use this method, including WhatsApp.
How can we ensure a green digital future?
Growing e-waste, carbon emissions from AI, data centre water usage––is rampant digitalisation compatible with a healthy planet? Our latest project explores how digital tools and services can be developed with sustainability in mind.
Telegram, on the other hand, only encrypts messages in transport encryption by default. Only in so-called “secret chats” between two people can E2E encryption be optionally used. This means that the app encrypts the chats from the mobile device to the server and then stores them in the provider’s cloud. This has the advantage that you can access all chats from different devices without having to back them up. However, all messages sent in channels, groups and chats between two participants end up on Telegram’s servers. This is where Telegram can decrypt the messages if necessary.
The safest thing to do is to look for alternatives that handle our data responsibly and are as transparent as possible. This is where open source comes in.
Open source ensures transparency
If messenger providers make their programme code available as open source, this leads to almost complete transparency. This makes it possible to check whether the company’s claims—for example, regarding the handling of our data—actually correspond to reality. This can also have advantages for the provider. Anyone with sufficient technical understanding can uncover weak points in the software or design flaws.
The programme code for WhatsApp is not open source, and only partially so for Telegram. This means that the industry cannot scrutinise these apps. However, some messengers do rely on open source. Here are two of them.
Alternative instant messaging app Threema: Consistent data protection “made in Europe”
The Threema messenger can do everything that WhatsApp and Telegram can. But there is one big difference. For the company, security and the protection of user data are at the centre of software development and all business decisions. This is why the app does not require a phone number or access to the address book when signing up. Users are only identified by their own ID.
And Threema collects hardly any other metadata. “We only store the data that is necessary for successful communication,” says Julia Weiss, the company’s spokesperson. “Because where there is no data, none can be misused.”
The end-to-end encrypted messenger was developed by the Swiss company Threema GmbH and has been on the market since 2012. In the beginning, the small number of users was managed from the kitchen table, but now more than 12 million people use the messenger.
Since December 2020, the Threema app has been completely open source, meaning that the program code is available as open source.
“Old school” but safe: as the app does not live from the collection and sale of your data, the company relies on a different financing model: the app costs money. Private users pay a one-off fee of 3.99 euros, while companies pay an annual licence fee for the business version. Educational institutions and NGOs receive discounted offers.
The app’s servers are located exclusively in Switzerland. For technical reasons, media servers abroad may be used for group calls only.
Why “from Europe” could be important to you
Even if messages and attachments are end-to-end encrypted – and therefore app companies, internet service providers, governments, etc. cannot see the content – the location of the developers and the infrastructure (e.g. the servers) still plays a role. This is because developers can be forced by a government to create a backdoor to the data or grant companies access.
Here you can find more European alternatives for messengers and other digital services.
🌿 That leaves the question of the sustainability of the messenger provider. Julia Weiss confirmed that Threema uses servers that are operated by a Swiss colocation partner that only uses renewable energy. “And even in our offices, we only use electricity that comes from renewable energy sources.”
The company does not provide exact figures on energy consumption, but the way the messenger works alone means that this should be comparatively low. Julia Weiss confirms this: “We can definitely say that Threema has a lower energy consumption than other messengers because we only store the bare minimum of data and therefore have a relatively small and efficient server infrastructure.”
Want to use Threema? The app is available via the Apple App Store and the Google Play Store. However, Threema also works without Google. The app can also be downloaded directly from their website.
Alternative messenger Signal: The gold standard for E2E encryption
The instant messaging app Signal was developed by two Americans, Moxie Marlinspike and Stuart Andersen. They’ve been working on apps for encrypted communication since 2008 and were important advocates for NSA whistleblower Edward Snowden.
The app is now owned by the non-profit Signal Foundation, which states that it does not pursue any commercial interests. “This is an essential structural safeguard that ensures we remain true to our privacy-focused mission,” said Meredith Whittaker, President of Signal, and Joshua Lund, developer at Signal, in a statement. “As a non-profit organisation, we don’t have investors or for-profit board members knocking on our door in tough times, urging us to ‘sacrifice a little privacy’ to meet growth and financial goals.”
The development and operation of the messaging app is financed by grants and donations from users. In addition, Signal does not store any metadata and the source code is open.
According to Google Play, the Signal app has been downloaded more than 100 million times. The messenger is not only popular with data protection and political activists, but has also been the recommended application of the European Commission and its employees since February 2020. Signal’s end-to-end encryption process is considered particularly secure and has also been adopted by WhatsApp, among others.
However, a phone number must be entered when registering. For Signal, this disadvantage is offset by the fact that the phone number makes it easier for users to find their contacts in the app. To still ensure anonymity, Signal does not send the phone numbers to the server in plain text for synchronisation.
🌿 And what about the sustainability of Signal? Signal uses the server infrastructure of Amazon Web Services, Google, Microsoft and Cloudflare for its communication services. From an IT security perspective, the use of rented servers is less problematic, as Signal is based on the zero-knowledge principle – the infrastructure providers have no access to content or metadata.
From a sustainability perspective, it would of course be desirable for the servers to be powered by renewable energies. Unfortunately, we have not received any information on this. Signal, just like Threema. scores points for data economy and the associated energy savings.
We will update this article as soon as we have more information.
Want to use Signal? Signal is available in the Google Play Store and in Apple’s App Store. The app is also available as a direct download from their website.
🌿 Sustainability on WhatsApp
We were unable to find any information on which servers the messenger runs on and whether these are powered by renewable energies. However, it is clear that WhatsApp stores and processes significantly more data than other messengers. This increases the server space required and therefore the energy consumption.
The company is also increasingly focussing on resource-intensive technologies and has integrated an AI assistant into the app. This further increases the application’s CO2 emissions. There are also concerns about the handling of data. It is still unclear whether and how the new AI functions within WhatsApp will interact with the existing end-to-end encryption.
Other secure instant messaging apps
There are of course other alternative messengers, such as Wire, Ginlo, Briar or the decentralised Delta Chat. Here you can find a tabular overview of many instant messaging apps and their security functions, which blogger Mark Williams has scrutinised: Secure Messenger.
