Anonymity may limit organic growth, but it’s winning over secure-messaging pilgrims

Australian government messaging crackdown is a marginal curiosity for SafeSwiss founder

Adopting a strict policy of zero-knowledge encryption has helped uphold the ideals behind secure-messaging provider SafeSwiss, but the Christchurch-originated company’s founder concedes that privacy measures have slowed the organic growth of competing platforms.

Those measures – such as intentionally not harvesting contact details from users’ phones to send invites to join the app, and allowing users to use the app without providing any personal information at all – mean that “organic growth is slow,” founder Tim Gallagher told CSO Australia. “But the upside is that it keeps the communications nice and private.”

That philosophy has anchored the platform since its earliest days, with the company intentionally establishing itself not in Australasia but moving its servers and offices to Switzerland – a country that Gallagher says “is geopolitically stable, currency stable, and offers some of the world’s most stringent privacy protection laws. And we are, first and foremost, a privacy company.”

Security experts have previously recommended privacy-conscious WhatsApp users switch to Swiss alternatives. Gallagher, too, has noted that as each compromised messaging app is revealed – such as the conflicts between WhatsApp and new parent owner Facebook’s respective privacy policies, the hacking of Telegram and concerns over exploitable password-reset procedures – SafeSwiss sees “an influx of downloads”.

The company has so far seen less than 100,000 downloads – but Gallagher expects that influx to ramp up as national governments, in Australia and elsewhere, try to clamp down on secure messaging and encrypted communications. Despite denials, current signals from Australian prime minister Malcolm Turnbull suggest that technology firms will be leaned on to provide some sort of back-door access to the strong encryption that it fears is protecting terrorists as they plan their attacks.

Gallagher dismisses such possibilities: although the company “would chop an account in a heartbeat” if there were evidence that a user was a terrorist or child pornographer – something that has also been done by Telegram and others – he says SafeSwiss has no technical means to access its users’ communications and couldn’t provide that access even if legally obligated to do so.

“The issue is that our accounts have complete anonymity,” he says. “There’s nothing to provide. If you have a truly robust encryption scheme, there is no metadata. And voice calls are peer-to-peer, so while everyone is online talking we have no idea what they’re talking about. Privacy at the end of the day is a basic human right.”

The persistence of such platforms reflects the magnitude of the challenge facing the governments of Australia, the UK, and other countries that see secure messaging as a facilitator for terrorist attacks.

Former NSA deputy director Chris Inglis recently told CSO Australia that it was important to at least put the discussion on the table. However, given that the cost of switching platforms for users is effectively zero, there is nothing to stop malicious-minded actors from jumping platforms on a whim as they perceive that the privacy of any particular platform has been diminished.

While platforms like Spectrums allow users to opt-in to a single identifier that tracks all of their social-media accounts, criminals are unlikely to help investigators in such obvious ways. This leaves the need for investigation squarely in the hands of authorities – who will quickly encounter limits in messaging companies’ ability to assist.

Other countries moving to clamp down on or ban use of virtual private networks (VPNs) will likely encounter similar problems as users migrate to other methods of secure communications. Russian authorities’ seizure of Private Internet Access servers was due to its practice of not collecting local logs of user activity in line with Russian regulations, while China is cracking down on its VPN developers in the wake of a policy change that saw Apple forced to remove VPN software from its China App Store.

CEO Tim Cook said the company believes in “engaging with governments even when we disagree,” according to reports. “But like we do in other countries, we follow the law wherever we do business.”