And what, why and for how long will they hold it?
Previously in posts, we have talked about secure messaging, why your team should use it, how secure it is and the software behind being able to send a secure message. To fully complete this, we will talk about what servers have stored in them, the length of time it is kept there, and why it is kept to begin with.
The seemingly best idea for secure messaging would simply to make sure that no sever data would be stored in the first place. This sounds great, but in practice, is something that cannot work. For secure messaging to operate, some data needs to be stored, but only for a short time, for the system to work. Electronic Frontier Foundation (EFF) talks about this in their post Building A Secure Messenger. In the post, EFF says:
Hiding the network metadata is a feature we’d like to see grow past the experimental phase. Until then, we expect to see services retain only the metadata absolutely necessary to make the service function, and for the minimum possible time.
So what gets stored? And for how long is it kept?
Imagine if each time you had a conversation via messaging app, the messages were randomly scrambled, arriving in the wrong order? It would be annoying to say the least. To keep each message in the correct order, sever data is needed on who is talking with who and at what time – Rachael sent a message to Jack at 8:34, Jack replied to Rachael at 8:39. The information given to the server is what it needs to make sure each message is sent in order. This is vitally important for group messages.
The data needed can send with the encrypted message and the rest is sorted when the message gets to the intended receiver and decrypted. A timestamp and an identifier to show who the user is are the only things needed. That’s it.
It does not require an IP address from either the sender or recipient, or a phone number. And it certainly does not require that the message be stored, even if it is encrypted. There are exceptions however to this, which we get into in a moment.
In the metadata post, we talked about how the information collected and stored paints a very accurate picture of the user. To make sure a user’s privacy is protected and reduce what information law enforcement could force them to share (as well as protect from potentially hackers), many apps and services make sure they only hold data for a limited amount of time.
At SKY ECC, we make sure that once delivered, we make sure we do not keep records of each message. Any message from an hour, day or a month ago, we have no log of. Whilst this can be challenging at times for our developers, it allows for our users to be better protected, as well as their security and privacy.
What happens when a message is sent to someone offline?
Remember we mentioned earlier about the exception? The one time that E2EE apps have the server store message data (for short period of time) is when the message is being sent to someone who is offline. Whilst inconvenient, the alternative would be to have the app only work when both the sender and receiver are both online, which would not be convenient for users.
To deal with this problem, encrypted messages remain stored. Once the offline user goes online, the message that has been held, sends, and the information leaves the server. However, how long does the server hold the information for the user to come back online? This part is very important, as while they are offline, the message, timestamp, sender and receiver are all held in the encrypted message. The question is what is the balance between holding the information on the server, and what timeframe it should be for the user to read the message by.
We think that 48 hours provides the right middle ground. If you have not logged into SKY ECC for longer than 48 hours, any waiting messages for you will be deleted. If you, or someone you are chatting to lose connection, then messages will be waiting for when they can reconnect. Anyone travelling in long flights and could be in airplane mode for large periods of time, it is highly unlikely you will pass the 48 hour limit.
What about files? Are they stored?
The other case in which data storage may happen is in sending files and photos attached to messages. These are encrypted, same as normal messages. Essentially, these are to digitally pack away the file whilst it is in transit.
The best practice to ensure privacy and security is to not store any files within the server, with the exception being the case above, waiting for a user to come back online. But what happens after you have received a file? To truly keep the user’s privacy, the picture or file should delete, or become securely stored within an encrypted device (and not held in the photo gallery of the device or within cloud storage drives). It is important that files and pictures should not be available outside of a secure messaging app. Whilst not as convenient to have them held within the app, it allows for the files to be more secure and confidential.
The majority of EE2E apps look after files in this manner, keeping them protected and locked behind a secure vault in the app. However, WhatsApp does not do this. WhatsApp in fact, by default, makes sure to copy all videos and pictures you receive to the photos app on your device. To disable this, a user must manually change it, by going to settings and turning the setting off, as to stop filling the phot app and potentially leaking sensitive information about your device. An important point to note is that when your device becomes unlocked, all the media WhatsApp has transferred to the photo app is open to anyone to see. A major worry in privacy and security, we are not alone in seeing this as a flaw in confidentiality and unsafe.
In the pursuit of convenience, WhatsApp threw away security. In security, everything is a balance between privacy, convenience and security. At SKY ECC, we believe that the balance we have found is a good mix, where we can give the user very private, very secure but easy to use software that can seamlessly adapt into your work.
Keep the server data you want, but for only as long as you want it
Aside from making sure that all your messages are end-to-end encrypted, having an understanding on how where data is kept and how your own data is handled is a vital point to security and privacy. When data is sitting on a server, be it metadata, messages or files, it is at risk of being released. For E2EE apps, the aim is to hold onto only as much data as needed to securely send messages and to hold it only as long as necessary. With less data kept, it means it is likely that private information could be intentionally or accidentally shared with others. We believe that looking at privacy, messaging and security like this allows confidential information to stay this way. But not doing this and approaching from this mind-set can mean that your customers and their data are not being fully protected by you.