The private messaging arena is so hot right now that, as I’m writing this story, my inbox is filling up with story pitches about the launch of yet another ephemeral messaging app.
And it’s not just product launches: These apps are getting money. Just last week an app called Wiper, which claims to wipe a conversation from your phone, your friend’s phone, and Wiper’s servers with a single swipe of the finger tip, landed $2.5 million in funding.
With money comes crowding. Snapchat clones are everywhere these days, and while deleting your data is all the rage, it doesn’t seem connected to actual privacy. In fact, the whole notion of a private chat app is sort of bunk. Snapchat has been hacked, and developers have created Snap-saving apps to circumvent the self-destructing component of messages.
That’s not to say there is a shortage of reasons to be concerned with privacy.
NSA whistleblower Edward Snowden’s leaks have revealed that the National Security Agency has been siphoning citizen data through the backdoors of Internet companies. As a result, the fatigue we’re all feeling from having our browsing habits mined, analyzed, and morphed into “targeted” ads is — for some people — turning into a desire for real privacy.
Private messaging apps have emerged in stalwart opposition to data-hoarding companies like Facebook and Google.
“If I went around with a tape recorder and told people I was going to record our conversation, keep it for as long as I want, and maybe share it with third parties, nobody would go for that,” says Wiper co-founder Manlio Carrelli. His app means to give users control over how long their messages exist, rather than timing them to self-destruct, empowering users to take control of their information.
Allowing messages to stay stored on servers unless the user chooses to destroy them is a relatively unusual compromise. It provides something of a middle ground in an all or nothing space where users can either give data away to mainstream apps for indeterminate use — or regularly delete all data using an ephemeral messaging service like Snapchat.
‘This is tremendously difficult’
But with so much of the focus on obliterating content, data security may be taking a back seat. Manlio tells me that if you’re looking to keep messages for a long time, Wiper is probably not the app for you.
Messages on Wiper’s servers are encrypted and the company works with a “top three cloud service provider,” he says. However, that doesn’t necessarily tell me anything concrete about how secure my information is, such as the level of encryption the services uses, whether it’s end-to-end (in this case, yes), and what the server security looks like, which is all important in understanding just how secure your data is.
“I feel like there are a lot of novices stepping in, because this is actually tremendously difficult,” says Nico Sell, CEO of the private messaging app Wickr, an ardent supporter of Internet privacy.
To her point, Jon McAfee, who founded the eponymous security software company, tried his hand at private messaging with Chadder. The app is so secure that users have had trouble logging in or even finding other people using the app. Heightened security in some instances can also really slow down the sending and receiving of messages, which is not popular with users.
User friendliness and security have long been at odds. Most people don’t install security software on their mobile devices because it’s a cumbersome and often confusing process. The same goes for using encryption tools like Pretty Good Privacy, or PGP, a military-grade encryption tool that uses two different keys to encrypt and decrypt files.
Secret messaging apps have the opportunity to automate secure communications and create truly private messengers. But without security standards, measures of encryption are all over the map — with some apps being less secure than others.
Just say no to storage
Let’s take Sobrr, for example, an app conceived over a drunken bachelor party weekend by Bruce Yang. The “private” social network only holds onto friendships and communications for 24 hours before hard-deleting everything, because sometimes you want to forget about what happened last night. Outside of that window, the app only keeps friendships that you indicate are worth maintaining. Amazon S3 handles Sobrr’s backend and stores its user data — your phone number, location, friendships, etc. While Sobrr encrypts messages, that doesn’t ensure your information is secure.
“Any database is 100 percent guaranteed to be hacked. We have to get away from storage,” says Sell.
Maybe Sell’s approach is a little overzealous, but she takes securing personal information very seriously. User data never touches Wickr‘s servers. Messages are sent device to device, and all personal information is located on the registered device. Plus messages are encrypted so that only the intended device can see messages.
Wickr also uses Perfect Forward Secrecy, which prevents hackers or the NSA from decrypting intercepted messages at a later date.
The great thing about the flood of private messengers, despite their differing levels of security, is that start-ups and consumers are talking about expectations for data privacy in applications. Most of these companies talk about “end-to-end” encryption, which wasn’t the case even two years ago. A lot of that is because consumers are asking for security, they just don’t necessarily understand it.
Even Wickr, a company devoted to security, doesn’t really try to sell security to its customers.
“When we talk to kids about Wickr, we say it’s an app that sends you self-destructing messages. I don’t tell them about a private messenger, I say we’ve got stickers, graffiti,” says Sell.
Trendy today, necessary tomorrow?
These apps seem like trendy little chat tools now, but their use will likely dictate the future of social interactions on mobile and in the web.
Messaging is a major component of any social platform. Linkedin, Facebook, and Google all have their own instant-messengers, and Twitter is built on one-to-one messages. Making the next wave of communication tools is paramount to any major social tech company.
Ephemeral messaging is definitely that next stage. For confirmation, just look to Facebook, which has twice tried to create an ephemeral messaging app, first Poke and now Slingshot, in efforts to challenge Snapchat’s self-eviscerating photo-messaging dominance (to little success). Of course, Facebook makes no pretense of keeping your data truly private: Its business model depends on collecting as much information about its customers as possible, the better to target ads to them.
Snapchat was only the beginning. The apps of tomorrow have the chance to give consumers control over their information and to provide user friendly security — or they risk being as ephemeral as the messages they fabricate.