Skip to main content

Why We Can’t Give You A Recommendation

DEEPLINKS BLOG
March 27, 2018

Why We Can’t Give You A Recommendation

Secure Messaging Month logo

No single messaging app can perfectly meet everyone’s security and communication needs, so we can’t make a recommendation without considering the details of a particular person’s or group’s situation. Straightforward answers are rarely correct for everyone—and if they’re correct now, they might not be correct in the future.

At time of writing, if we were locked in a room and told we could only leave if we gave a simple, direct answer to the question of what messenger the average person should use, the answer we at EFF would reluctantly give is, “Probably Signal or WhatsApp.” Both employ the well-regarded Signal protocol for end-to-end encryption. Signal stands out for collecting minimal metadata on users, meaning it has little to nothing to hand over if law enforcement requests user information. WhatsApp’s strength is that it is easy to use, making secure messaging more accessible for people of varying skill levels and interests.

No single messaging app can perfectly meet everyone’s security and communication needs.

However, once let out of the room, we would go on to describe the significant trade-offs. While Signal offers strong security features, its reliability can be inconsistent. Using it in preference to a more mainstream tool might attract unwanted attention and scrutiny, and pointing high-risk users exclusively to Signal could make that problem worse. And although WhatsApp’s user-friendly features produce a smooth user experience, they can also undermine encryption; settings prompts like automatic cloud backups, for example, can store unencrypted message content with a third party and effectively defeat the purpose of end-to-end encryption.

Any of these pros or cons can change suddenly or even imperceptibly. WhatsApp could change its policies around sharing user data with its parent company Facebook, like it did in 2016. Signal could be forcibly coerced into secret legal processes requiring it to log users’ metadata without notifying them. A newly discovered flaw in the design of either messenger could make all of their protections useless in the future. An unpublicized flaw might mean that none of those protections work right now.

More generally, security features are not the only variables that matter in choosing a secure messenger. An app with great security features is worthless if none of your friends and contacts use it, and the most popular and widely used apps can vary significantly by country and community. Poor quality of service or having to pay for an app can also make a messenger unsuitable for some people. And device selection also plays a role; for an iPhone user who communicates mostly with other iPhone users, for example, iMessage may be a great option (since iMessages between iPhones are end-to-end encrypted by default).

Security features are not the only variables that matter in choosing a secure messenger.

The question of who or what someone is worried about also influences which messenger is right for them. End-to-end encryption is great for preventing companies and governments from accessing your messages. But for many people, companies and governments are not the biggest threat, and therefore end-to-end encryption might not be the biggest priority. For example, if someone is worried about a spouse, parent, or employer with physical access to their device, the ability to send ephemeral, “disappearing” messages might be their deciding factor in choosing a messenger.

Most likely, even a confident recommendation to one person might include more than one messenger. It’s not unusual to use a number of different tools for different contexts, such as work, family, different groups of friends, or activism and community organizing.

Based on all of these factors and more, any recommendation is much more like a reasonable guess than an indisputable fact. A messenger recommendation must acknowledge all of these factors—and, most importantly, the ways they change over time. It’s hard enough to do that for a specific individual, and nearly impossible to do it for a general audience.


This post is part of a series on secure messaging.
Find the full series here.

JavaScript license information