Explainer: Are your private messages on social media actually private?

(Tiếng Việt)

Recently, Facebook turned over the contents of the private Facebook messages between a mother and daughter, after Facebook received a warrant from the police in Nebraska investigating an abortion. The ramifications are clear: private messages between individuals on Facebook, and other social media platforms, are not actually private and can be read by other people, including the authorities.

Many of us use chat apps like Facebook and Google to communicate with friends and family. These products are useful and convenient, but it’s important to know they are not always secure. While talking about your favorite sports team with your friends is not likely to be something you are worried about others hearing, there may be conversations you want to keep private. 

Here is how to make sure that the private conversations you are having are truly private, and to make sure other people cannot access them.

Questions to ask yourself about privacy

There are two fundamental questions you need to ask yourself when thinking about privacy. The first question is: who do you want to keep your information to be kept private from? For instance, you may not want a close family member to know about a surprise you’re planning for them. In other instances, you may not want employers or government officials to know something about you. 

The second question to ask is: what is the personal cost to you if a private conversation is released to a third party? Is it mild embarrassment? Or is it something more severe, like a break in family relations or legal exposure. 

If the cost of losing the privacy of your chat is low, and are not of interest to anyone outside your friends and family, you can continue to use any chat app without concern. 

But if you have more serious privacy concerns, you should be thoughtful about the apps you use to talk to people.

Apps like Facebook have a copy of your private conversations

A great feature in most mainstream chat apps like Facebook Messenger and Google Chat is that you can read all of your history from when you started chatting. This is a feature people love because it is convenient. However, the way shared history works is that these companies store a copy of all your messages on their computers, called a server, that is always connected to the internet.  

That means that an employee within that company can read anyone’s private chats. While most companies operating a chat business have strict rules over reading private chats, there have been instances where employees have been terminated for violating those rules. Also, in the case of a court order like a subpoena, companies will provide these private chat histories when asked to by government authorities.

Which apps should you be using?

This doesn’t mean that you shouldn’t use ANY chat apps. If privacy is important to you, you should select an app that uses end-to-end encryption (E2EE), such as Signal, iMessage, WhatsApp, and Viber

E2EE is a privacy feature where the data is only stored on your personal devices, so there are no copies of your messages stored by the tech companies. That means no one else can read your messages if the app is E2EE encrypted. The exception to that is if, for example, you use iMessage and back up your messages on iCloud, Apple can read your messages. 

What about voice and video calls?

Video calls like on Zoom and phone calls are harder to track than text chats. If recording is not enabled, it is very unlikely you are being actively monitored unless you are the subject of an investigation. While it is unclear if any cases of privacy breaches have occurred due to sophisticated eavesdropping, it is still technically possible. Zoom calls have an optional E2EE setting, and FaceTime calls are always E2EE encrypted

Telephone calls are also reasonably secure in that they are rarely recorded by a third party (though the person you’re speaking to can, in 38 states, record the call without informing you). 

For extra privacy, delete your chats.

There are certain apps where the information will be deleted on the servers after they’ve been deleted from your phone or account. This includes Google Chat and Facebook. But in these cases, there can always be operational changes or backups that keep data from being truly deleted. Regardless, it is good privacy hygiene to delete chats that you consider sensitive.

In conclusion, the most secure conversations are private face-to-face meetings, then phone calls, then video calls, then E2EE chat apps like Signal or WhatsApp. The least secure are online chats in apps like Slack, Facebook Messenger, and Google Chat. A rule of thumb to follow is that the more convenient the communication is, the less secure it is.