Privacy advocate criticizes WhatsApp and Telegram promotes decentralized messaging as the upcoming standard

In an exclusive interview with crypto.news, Kee Jefferys, the Chief Technology Officer of Session, delved into the risks associated with privacy on centralized messaging platforms.

As our world continues to be more interconnected, privacy has shifted from being a luxury to becoming a necessity. Each click, message, or digital interaction poses a potential threat, leaking confidential information into a vast pool of data waiting to be exploited.

Messaging applications, crucial for our daily communication, are under increasing scrutiny for their privacy policies. Recent incidents involving WhatsApp and Telegram, where breaches and metadata mishaps have shattered trust, highlight the fragile state of privacy in conventional platforms.

These events serve as constant reminders of the daily vulnerabilities faced by users, exposing them to potential profiling and surveillance, eroding trust in the process.

Enter web3, a beacon of hope offering a shift towards decentralization. This innovative technology framework aims to dismantle the centralized authorities that traditionally control our data, advocating for a system where privacy is inherent rather than optional.

Jefferys, in his role at Session, champions this vision by utilizing a network of community-operated nodes to protect user interactions without the need for a central entity. He believes that a decentralized approach is vital in establishing a new model of trust that doesn’t rely on centralized bodies but distributes responsibility across an independent network of operators.

With recent security breaches and data collection issues in messaging apps like WhatsApp and Telegram, what risks do users currently face in the traditional messaging app sector, specifically concerning privacy?

Traditional messaging apps like WhatsApp and Telegram are inherently centralized, creating vulnerable repositories of sensitive metadata, including phone numbers, IP addresses, and profile images. This data, when combined with other metadata like message timing and group associations, can be used to create detailed user profiles, habits, and relationships. Despite claims by these services of not engaging in profiling, they possess the data and access to do so, which could potentially be leaked or accessed by unauthorized individuals. To enhance privacy, we need systems that minimize data collection and centralization.

Law enforcement agencies gain access to user data from secure messaging apps through metadata and cloud backups. How would web3 tackle this issue? Do you anticipate any backlash from regulators as these solutions emerge?

Cloud backups, a common feature provided by device manufacturers like iCloud for iOS and Google One/Drive for Android, pose risks that messaging app developers can mitigate by avoiding automatic backups and opting for custom-built decentralized storage networks like Arweave or Filecoin. These networks do not incorporate regulatory backdoors for mandated access. Regulators and law enforcement agencies typically focus on device seizures during investigations, revealing content similar to what could be obtained from cloud backups, potentially avoiding significant regulatory challenges.

How does the decentralized nature of web3 technologies specifically address the privacy and trust issues faced by traditional messaging apps?

Decentralization fundamentally establishes a new trust model that distributes trust among numerous parties rather than a single entity, creating a rule-based system to govern this model. It eliminates centralized repositories of user metadata and instead disperses user data, making it challenging to obtain a global network view. This means that instead of compromising a single entity, thousands of individual operators would need to be compromised to access user data.

The future of secure messaging in the context of increasing government surveillance and cyber threats is a crucial topic. How do you see it evolving?

Most secure messaging efforts have focused on enhancing message content security through advanced end-to-end encryption schemes, often at the expense of user experience. In the next decade, the focus will likely shift towards protecting metadata as governments intensify metadata collection efforts. The emphasis will move from content to context in securing messaging platforms.

How can web3 and decentralized technologies address existing flaws and create a more secure future for messaging apps?

Web3 and decentralized technologies can overcome flaws by challenging the trust assumptions of centralized messengers and proving that usability doesn’t have to be sacrificed for privacy or decentralization.

Session claims to provide a ‘trustless’ messaging environment. Could you elaborate on how Session’s architecture combats the privacy flaws in traditional messaging apps, ensuring user data remains private and secure without relying on a central authority?

Instead of relying on a centralized server, Session operates through a network of community-run nodes known as the “Service Node network.” With over 2,000 nodes, this network stores and routes encrypted data from Session users, ensuring user data privacy by eliminating a central location for collecting messages. Trust is established solely between the network and users, without any central authority or intermediary overseeing the process.

What measures does Session implement to safeguard user privacy?

Session employs four main strategies to protect user privacy: No phone number or personally identifiable information is required to sign up, end-to-end encryption is used for all messages with an audited encryption protocol and open-source clients, onion routing conceals users’ IP addresses, and a decentralized network is utilized for temporary storage, eliminating the need for trusting a central service provider.

Read more: Hackers target Telegram and WhatsApp users with trojanized apps to steal crypto.