Source files of fsfe.org, pdfreaders.org, freeyourandroid.org, ilovefs.org, drm.info, and test.fsfe.org. Contribute: https://fsfe.org/contribute/web/ https://fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

93 lines
4.6 KiB

<?xml version="1.0" encoding="UTF-8"?>
<html newsdate="2020-02-28">
<version>1</version>
<head>
<title>Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty</title>
</head>
<body>
<h1>Security scandal around WhatsApp shows the need for decentralised messengers and digital sovereignty </h1>
<p>The recent security scandal around WhatsApp and
access to the content of private groups shows that there is an urgent
need for action with regard to secure communication.</p>
<p>Links to private chat groups in the proprietary WhatsApp messenger
can be used to show the communication and private data of group
members, even if you are not a member. The links could be found on
various search engines. Even if they are removed from search results,
links still work and give access to private group communication. Among
these groups are also administrations like civil servants of the
Indonesian Ministry of Finance. This case shows again that digital
sovereignty is crucial for states and administrations. The security
breach was first reported by <a
href="https://www.dw.com/en/whatsapp-security-flaw-over-60000-groups-still-accessible-online/a-52543414">Deutsche
Welle</a>.</p>
<p>In order to establish trustworthy and secure communication,
governments need to strengthen interoperable Free Software solutions
using <a href="/freesoftware/standards/">Open Standards</a> and enable decentralisation. This helps
administrations as well as individuals to protect their privacy and
empowers them to have control of the technology they use. The software
is already in place and was used by most of the internet users before
Google and Facebook joined the market: XMPP! This open protocol, also
known as Jabber, has been developed by the Free Software community
since 1999. Thanks to Open Standards it is possible to communicate with
people who use a completely different client software and XMPP server.
You are even able to communicate with other services like ICQ or AIM -
some might remember. XMPP has also been used by tech enterprises like
Facebook and Google for their chat systems, but both eventually
switched to isolated proprietary solutions, so XMPP has been forgotten
by many users.</p>
<p>Still, there are many XMPP servers in use and - as the recent
scandal around WhatsApp shows - it should be considered as an
alternative by users nowadays. But of course there has also been a
development in the field of Free Software and Open Standard messengers
in the last decades. For instance the Matrix protocol is a widely
recognised and respected standard for secure and decentralised
communication. This is proven by the fact that it is being used by
large Free Software communities like <a
href="https://discourse.mozilla.org/t/synchronous-messaging-at-mozilla-the-decision/50620">Mozilla</a>,
<a
href="https://dot.kde.org/2019/02/20/kde-adding-matrix-its-im-framework">KDE</a>,
but also in the whole <a
href="https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app">French
administration</a> or <a
href="https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/matrix-pilot-bwmessenger">Germany's
armed forces</a>.</p>
<p>The Free Software Foundation Europe therefore asks governments to
use interoperable, decentralised Free Software messenger solutions and
also provide funds for security programmes like bug bounties
around these projects. Individuals are advised to change their
messenger to a Free Software one. </p>
<p>The FSFE also started an initiative called "Public Money, Public
Code!", requiring that publicly financed software developed for the
public sector be made publicly available under a Free and Open Source
Software licence. If it is public money, it should be public code as
well. The campaign is supported by administrations like the city of
Barcelona, more than 180 NGOs and 27.000 individuals. You can find more
information on <a href="https://publiccode.eu">publiccode.eu</a>.</p>
<p>For users of Android mobile phones, the Free Software Foundation
Europe started the "<a href="/activities/android/">Free Your
Android</a>" campaign. It helps users to regain control of their data
and Android device by replacing proprietary components and eventually the
complete operating system with Free Software. The FSFE collects
information about running an Android system as free as possible and
coordinates efforts in this area.</p>
</body>
<tags>
<tag key="front-page"/>
<tag key="fya">Free Your Android</tag>
<tag key="openstandards">Open Standards</tag>
<tag key="pmpc">Public Code</tag>
</tags>
</html>