We cannot take security and data protection on the internet for granted. Many app providers sell user data or use it for personalised advertising. It is also not always clear who has access to the content of our communication via messaging services. We asked internet expert Markus Beckedahl what it would take to make the internet secure and what “digital self-defence” might look like.
By Johannes Zeller
Internet expert Markus Beckedahl advises paying more attention online, even if it sometimes requires some extra effort. | Photo (detail): © privat
Many users wonder how secure their messages and personal data truly are when using an app. Are there certain basic functions users should look for when choosing an app?
Markus Beckedahl: Using an app is a question of trust. Providers frequently collect user data and use it in ways we would not like. The security of your information is often at risk because there is no end-to-end encryption and third parties can listen in or read your texts. There are some basic conditions users should be ablet to expect from a service: It should be trustworthy, secure, and protect users’ data.
The services of large providers like Google and Facebook have billions of users worldwide and collect large amounts of data. Is this data then sold on?
For the most part, the major providers do not sell the data itself, but rather access to data. Facebook and others follow a business plan that involves creating as many data profiles as possible in order to sell targeted advertising space. For example, Facebook knows who communicates with whom via WhatsApp and when. Every single interaction is used to find out more about people and sell more targeted advertising. We could actually ban this business model if we really wanted to.
WhatsApp is still the messaging services market leader and is considered tap-proof. But many users have left because of the way operator Facebook uses data. Why do you think not everyone has simply switched to apps that neither collect nor sell data?
People use the large services because they promise convenience and lots of other people are there too. This is a dangerous development. We call this the network and lock-in effects. The value of a platform grows with the number of users. Once you’re on it and communicating with lots of people, at some point you are trapped – “locked in” – and can’t easily switch to another platform. To put it bluntly: Signal is useless to me if I’m alone on there because everyone else is on WhatsApp.
In 2003, your Netzpolitik.org blog began observing and documenting the development of digitisation and focusing on data protection and safe surfing. What advice do you have for users who want to be anonymous and safe on the Internet?
This is what we call “digital self-defence”: We want to motivate users to take their rights into their own hands. At least until policymakers have created the proper framework.
Do you also recommend specific apps on Netzpolitik.org?
Yes, we take a hands-on approach and say, for example, that we wouldn’t use WhatsApp because you upload your phone book there, which contains other people’s data. Facebook’s monopoly is another reason to avoid WhatsApp. But there are very good alternatives, such as Signal or Threema, which guarantee better data protection and are backed by foundations and companies that are more trustworthy than Facebook, for example. We then describe the advantages and disadvantages of these alternatives. We are glad that Signal and Threema at least have now become recognised alternatives to WhatsApp in parts of Germany.
Where should governments start to create better conditions for all users?
One demand that used to sound radical, but is now gaining more and more support, is a ban on personalised advertising on platforms. This would, of course, threaten Google and Facebook’s business model. But that would be the best leverage.
Could you also imagine mandatory end-to-end encryption?
Yes, it would be good to demand that interpersonal communication must always be encrypted. There are still a lot of services that run unencrypted. Many people don’t realise that Skype, for example, doesn’t offer that much protection, even though the service seems very practical. The fact is that Microsoft can and probably does listen in on everything, whether for quality control reasons or to make sure that no crimes are committed via the platform.
At the moment, governments are more concerned with finding ways to circumvent encryption and are demanding “backdoors” for police and intelligence agencies. What do you think of this?
This is based on the idea that if we had a back door for the police in Germany, then only the police could open it – and ideally only by court order. But that is totally naive. If there is a back door, it can be opened around the world. If the German police can open it, so can intelligence services and hackers from other countries. Trustworthy communication goes down the drain as soon as you introduce backdoors.
What do you see as the heart of the problem?
We have to ask ourselves whether we want trustworthy, secure communication and can we accept the trade off that it could also be used by criminals, and that it might be more difficult to catch criminals in individual cases. I’m not saying impossible – there are plenty of ways to catch criminals despite encryption, and lots of examples. The alternative is to abandon the principle altogether, leaving us all at risk. Personally, I would rather have trustworthy, secure communication, which is also a basic right in Germany.
Here are some secure app alternatives that promise better data protection than the services of the market leaders:
Messenger apps (alternatives to WhatsApp)
Threema: An encrypted messenger app developed in Switzerland that promises users Swiss privacy standards. It can be used without registration or a phone number.
Signal: This open-source app offers encrypted chats and (video) telephony. A phone number is required for registration.
Video conferencing (alternatives to Zoom, Skype etc.)
Jitsi: A platform for encrypted video conferencing and screen sharing that does not require data collection. The meetings can be conducted via a dedicated server, so that users are in control of data protection.
BigBlueButton: an open-source education platform that can also be used through its own server. In addition to video telephony, BBB offers features like a shared whiteboard, surveys, and break rooms.
Posteo.de: An e-mail provider from Berlin-Kreuzberg that promises users security and data protection.
Mailbox.org: Under the “so that private things remain private!” slogan, the Berlin-based company has offered extremely secure e-mail mailboxes since 1989.