2020-02-28 11:01:10 +00:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<html newsdate="2020-02-28">
|
2020-04-15 09:46:59 +00:00
|
|
|
<version>1</version>
|
|
|
|
|
2020-02-28 11:01:10 +00:00
|
|
|
|
|
|
|
<head>
|
|
|
|
<title>Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty</title>
|
|
|
|
</head>
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<h1>Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty </h1>
|
|
|
|
|
2020-05-01 09:03:48 +00:00
|
|
|
<p>The recent security scandal around WhatsApp and
|
2020-02-28 11:01:10 +00:00
|
|
|
access to the content of private groups shows that there is an urgent
|
|
|
|
need for action with regard to secure communication.</p>
|
|
|
|
|
|
|
|
<p>Links to private chat groups in the proprietary WhatsApp messenger
|
|
|
|
can be used to show the communication and private data of group
|
|
|
|
members, even if you are not a member. The links could be found on
|
|
|
|
various search engines. Even if they are removed from search results,
|
|
|
|
links still work and give access to private group communication. Among
|
|
|
|
these groups are also administrations like civil servants of the
|
|
|
|
Indonesian Ministry of Finance. This case shows again that digital
|
|
|
|
sovereignty is crucial for states and administrations. The security
|
|
|
|
breach was first reported by <a
|
|
|
|
href="https://www.dw.com/en/whatsapp-security-flaw-over-60000-groups-still-accessible-online/a-52543414">Deutsche
|
|
|
|
Welle</a>.</p>
|
|
|
|
|
|
|
|
<p>In order to establish trustworthy and secure communication,
|
|
|
|
governments need to strengthen interoperable Free Software solutions
|
|
|
|
using <a href="/activities/os/">Open Standards</a> and enable decentralisation. This helps
|
|
|
|
administrations as well as individuals to protect their privacy and
|
|
|
|
empowers them to have control of the technology they use. The software
|
|
|
|
is already in place and was used by most of the internet users before
|
|
|
|
Google and Facebook joined the market: XMPP! This open protocol, also
|
|
|
|
known as Jabber, has been developed by the Free Software community
|
|
|
|
since 1999. Thanks to Open Standards it is possible to communicate with
|
|
|
|
people who use a completely different client software and XMPP server.
|
|
|
|
You are even able to communicate with other services like ICQ or AIM -
|
|
|
|
some might remember. XMPP has also been used by tech enterprises like
|
|
|
|
Facebook and Google for their chat systems, but both eventually
|
|
|
|
switched to isolated proprietary solutions, so XMPP has been forgotten
|
|
|
|
by many users.</p>
|
|
|
|
|
|
|
|
<p>Still, there are many XMPP servers in use and - as the recent
|
|
|
|
scandal around WhatsApp shows - it should be considered as an
|
|
|
|
alternative by users nowadays. But of course there has also been a
|
|
|
|
development in the field of Free Software and Open Standard messengers
|
|
|
|
in the last decades. For instance the Matrix protocol is a widely
|
|
|
|
recognised and respected standard for secure and decentralised
|
|
|
|
communication. This is proven by the fact that it is being used by
|
|
|
|
large Free Software communities like <a
|
|
|
|
href="https://discourse.mozilla.org/t/synchronous-messaging-at-mozilla-the-decision/50620">Mozilla</a>,
|
|
|
|
<a
|
|
|
|
href="https://dot.kde.org/2019/02/20/kde-adding-matrix-its-im-framework">KDE</a>,
|
|
|
|
but also in the whole <a
|
|
|
|
href="https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app">French
|
|
|
|
administration</a> or <a
|
|
|
|
href="https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/matrix-pilot-bwmessenger">Germany's
|
|
|
|
armed forces</a>.</p>
|
|
|
|
|
|
|
|
<p>The Free Software Foundation Europe therefore asks governments to
|
|
|
|
use interoperable, decentralised Free Software messenger solutions and
|
|
|
|
also provide funds for security programmes like bug bounties
|
|
|
|
around these projects. Individuals are advised to change their
|
|
|
|
messenger to a Free Software one. </p>
|
|
|
|
|
|
|
|
<p>The FSFE also started an initiative called "Public Money, Public
|
|
|
|
Code!", requiring that publicly financed software developed for the
|
|
|
|
public sector be made publicly available under a Free and Open Source
|
|
|
|
Software licence. If it is public money, it should be public code as
|
|
|
|
well. The campaign is supported by administrations like the city of
|
|
|
|
Barcelona, more than 180 NGOs and 27.000 individuals. You can find more
|
|
|
|
information on <a href="https://publiccode.eu">publiccode.eu</a>.</p>
|
|
|
|
|
|
|
|
<p>For users of Android mobile phones, the Free Software Foundation
|
|
|
|
Europe started the "<a href="/campaigns/android/">Free Your
|
|
|
|
Android</a>" campaign. It helps users to regain control of their data
|
2020-04-12 22:00:17 +00:00
|
|
|
and Android device by replacing proprietary components and eventually the
|
2020-02-28 11:01:10 +00:00
|
|
|
complete operating system with Free Software. The FSFE collects
|
|
|
|
information about running an Android system as free as possible and
|
|
|
|
coordinates efforts in this area.</p>
|
|
|
|
|
|
|
|
</body>
|
|
|
|
|
|
|
|
<tags>
|
2020-04-26 11:32:25 +00:00
|
|
|
<tag key="front-page"/>
|
|
|
|
<tag key="fya">Free Your Android</tag>
|
|
|
|
<tag key="openstandards">Open Standards</tag>
|
|
|
|
<tag key="pmpc">Public Code</tag>
|
2020-02-28 11:01:10 +00:00
|
|
|
</tags>
|
|
|
|
</html>
|