Apple is now battling its tech rivals to protect your privacy, it says. What happens on your iPhone, stays on your iPhone, it says. But there’s a catch. Apple’s iMessage has now fallen well behind its rivals, risking the privacy of millions of iPhone users.
End-to-end encryption is a must for any messaging platform. But it also risks a false sense of security. While your information is protected in transit from your phone to others, once there it’s open to compromise. And that means you need to beware what you send, lest it comes back to haunt you later—maybe years later.
Do you remember what you texted colleagues at your last company back in 2014? What about the messages you sent your college friends when news of Trump’s election victory came in? How many Facebook memes have you shared with how many people? How many iMessage and WhatsApp and other groups do you belong to? What tasteless memes have you sent to them, or have they sent to you?
What about snaps you quickly take and share? Or videos taken on a work night out? Friends you no longer maintain. Relationships you no longer remember—and those you do remember, but which ended badly. How many phones are now carrying compromising images and videos that you sent or received as part of a group?
Apple’s iMessage has the best architecture of any secure messenger. Period. Multi-device end-to-end encryption. Full synchronization from a rolling, secured backup. Trusted device verification for new endpoints. All entirely secure (with iCloud backups disabled) until iMessages land on someone else’s phone and stay there forever.
WhatsApp, meanwhile, has spent 2021 defending itself from the Facebook privacy backlash that hit early in the year. Using its default end-to-end encryption as a shield against suggestions that its Facebook ownership compromises user privacy, WhatsApp has emphasized the integrity of its security, aping Apple’s “privacy is a fundamental human right” message, ignoring the irony (at least) of its ownership.
End-to-end encryption is critical. You certainly shouldn’t use a messenger that doesn’t have it as a default for 1:1 and group chats, ruling out Telegram, Facebook Messenger, Android Messages and most others. But you need to remember that your device stores a decrypted copy of all the messages you send and receive. As do the devices of all those you message. Endpoint compromise invalidates end-to-end encryption.
And “compromise” doesn’t just mean a device being hacked, it includes a breach of trust or security by someone at the other end of your messages. It takes just one member of a group to fail to secure their device or choose to share screenshots or messages they shouldn’t, and all that end-to-end encryption is for nothing.
And so, the quiet new revolution in secure messaging is the mainstream adoption of ephemeral messages. Basically, you set your chats to delete messages after a certain amount of time. On some platforms, such as Signal and even Facebook Messenger, you can pick a duration, on others, such as WhatsApp, you default to a set time.
Ephemeral messaging has several advantages—yes, it stops your device becoming clogged up with historic content, especially weighty photos and videos; but more critically, it lets you automatically erase content shortly after it’s sent. In a world where trawling old messages and media from a bygone time has become a serious risk, you really don’t want all your old content hanging around on all those devices.
While this is useful for text, it’s even more useful for images and videos. As Signal said when it launched its own much requested “view once” media last year, “some moments are better when they melt away: memes that make you laugh now (but whose humor won’t last), photographs of shoes that you considered (but never purchased), or selfies of a goofy reaction (but without the risk of your face getting stuck that way).”
We all do it—sending photos or videos we’ve found on social media or the internet to a group of current friends or colleagues or snapping something at work or play and sending it around. It’s funny at the time, contextually, but five or six years later that could be very different. Times change. And controlling your online legacy is critical.
“No one is going to look back fondly on a photo that was taken in the supermarket 30 years ago,” Signal says, “when someone was paralyzed by choice and asked which green beans they were supposed to buy.” But, more to the point, we learn and evolve, we grow up, and no one is going to look back fondly at a childish video you sent out a decade ago, once the context and sociopolitical environment (and you) have changed.
There’s also a major difference between messages that might hang around for a week, and media that is viewed once and then disappears. And this is especially true on WhatsApp, which has an (unwise) setting to automatically save media to a phone. The answer is “view-once,” essentially disappearing mode on steroids.
Instagram and Facebook Messenger already offer “vanish mode,” which is a view once option for both texts and, critically, media. “Share your weird,” Facebook says, “just be silly with your friends without it staying in your chat history.”
Clearly, this replicates one of the features that Snapchat introduced long ago. But most of you don’t use Snapchat or Instagram as your go-to messenger, and anyone who reads this column regularly shouldn’t be using Facebook Messenger either.
But many of you use WhatsApp. And so, you will have vast stores of images and videos in your WhatsApp chat histories. And while much of this will be media shared between family and friends, material you want to keep, there will be plenty of “silly” exchanges within a group or spur of the moment “you had to be there” content as well. And what about the questionable memes you’ve copied from Facebook and shared?
Well, WhatsApp is about to release its own view once media option. Just like Signal, you can set a media attachment to be “view once,” with notifications when it has been received and then opened. And once it is opened, it’s deleted. Also, just like Signal, the sent media doesn’t appear in your own history either—it disappears without trace.
There’s a binary argument on disappearing messages of any kind. There’s risk, critics say, that it makes it easier for criminals to hide their activities, especially when it comes to child endangerment. There are also regulatory concerns in politics or controlled industries, including where inside information may have been shared.
These are real concerns that need to be taken seriously. But, as ever, there is a balance between privacy and other risks. Smarter controls need to be built around messaging and other platforms to prevent harm, especially where children are concerned.
Not all messengers are the same. Just as with end-to-end encryption, the time has come to recognize this, to ensure that security/privacy versus monitoring reflects those differences. Platforms like Facebook Messenger, Snapchat and Instagram, which have a heavy minority user base and link to user profiles should have additional safeguards.
This means that messengers linked to social media platforms should not have fully “dark” end-to-end encryption or disappearing media absent some form of audit trail. But messengers that are designed primarily for adults, that require a phone and a number, that do not link to profiles and so cannot be browsed, do not require the same level of active safeguards and monitoring at the expense of privacy.
You cannot search profiles on WhatsApp or Signal, these are person-to-person messengers, and while there’s a clear risk that criminals will encourage children or vulnerable adults away from open social media messaging to other platforms, that in itself needs to be a flag that is part of safeguard monitoring.
Disappearing messaging and media is popular. As with encryption, WhatsApp’s introduction of the feature will popularize it, with many millions of users likely to enable this new privacy protection. This is especially true given WhatsApp’s reported plans to offer a default disappearing message option for all your chats—rather than having to select individual chats to apply the setting.
Mark Zuckerberg has confirmed that WhatsApp’s view-once media is imminent, telling WABetaInfo earlier this month that “we’re about to start rolling out view-once… which will make WhatsApp more private and secure.” Who wouldn’t want to disappear all the regrettable memes and photos and videos they’ve ever shared? Sadly, that can’t be done, but you’ll soon be able to stop the problem getting worse.
All of which begs the question of Apple—when will you do the same? As things stand, your best defense against compromising material in historic iMessages is that searching your iMessage history is almost impossible, at all, never mind intuitively. You need to offload your messages to a forensic computer program to search properly. But that failing is probably not enough for us all to rely on.
iOS 15 previews promised a seminal update for iMessage—what we got instead was some superficial changes and a tighter stitch into iOS to share content, making iMessage even sticker for a billion-plus iPhone users. We didn’t get any radical privacy updates—which is a real shame given the opportunity to provide users with the choice as to how much of their content they want scattered across Apple’s user base.
Disappearing or ephemeral messaging is not new—it has been around for a decade. For most of that time it has been limited to specialist apps and media sharing platforms targeting a mainly young user base. But with Signal and then Facebook and now WhatsApp jumping onboard, this has suddenly become mainstream. WhatsApp will now set a new bar whereby users expect this level of privacy protection.
Apple has been criticized for an apparent lack of interest in ephemeral messaging before. More acutely, though, with all Facebook’s messaging platforms now offering this functionality, Apple finds itself in the ironic and awkward position of playing catchup with the tech foe it has battled over privacy all year. I asked Apple whether this will be addressed, with no response ahead of publication.
And so, my advice doesn’t change with iMessage come iOS 15—Signal remains the best messenger on the market, make sure you install the app and use it where you can. And WhatsApp remains the best realistic mass-market messenger for most users. The Facebook factor remains a serious issue, but when it comes to privacy, focus on real not theoretical issues, and make your decisions accordingly.