
So, the Government of the Russian Federation has established a procedure for identifying users of instant messengers. So, to confirm the subscriber number, the messenger user will be asked to perform actions using this number, which will allow to reliably establish that he uses the reported subscriber number when registering with the messenger. In case of absence of a number in the operator’s database or non-receipt of a response from it, the identification is considered to be incomplete, and the messenger refuses to provide services to the user. This order will take effect from May 06, 2019.
Thus, one of the pillars of instant messengers - anonymity, a thing of the past. What is it done for?
Improving the level of security in the community? Hardly. For precinct and police departments to solve domestic crimes? To do this, do not use the resources of such capacity - the enormous costs of cellular operators, conflicts with instant messengers, social discontent. Fighting terrorists? Common sense dictates that serious events are held at a certain level of conspiracy, excluding calls and the exchange of instant messengers from the phone purchased to their last name. Does this make it difficult for criminals of various levels to access the messenger? Not. Take a foreign sim card and use it. Plus, you can still buy “gray” SIM-cards without problems in large cities.
This does not lead to a new level of security, does not create any qualitatively new barriers to criminal communities. They will not have to invent and attract more resources to solve the problem of anonymity.
Linking a messenger to a subscriber can be a help when searching for petty hooligans or “random extremists”, those who spoke on prohibited topics. Those. or criminals - complete idiots, or ordinary people who have no idea of hiding. Checking the phone by the police has already become a given. In fact, the ruling simplifies procedural actions for investigators - it is easier to establish a binding of users to a real person.
Legal issues also arise, for example, in normative acts there are no definitions of either a “messenger” or a “sender of a message in a messenger”, which may cause legal conflicts. It is rather difficult to give a legally correct definition of the messenger, since the ability to exchange messages in real time is provided by a wide range of programs. From a legislative point of view, the notion of “message sender” requires clarification.
Or how to provide a bunch of cellular operator, app store and device. Moreover, there are plenty of other ways for a user to register with the new messenger. It is unclear how the rules will apply to minors and legal entities. Identification of users of instant messengers may affect the right of citizens to privacy of correspondence, which is guaranteed by 23 articles of the Constitution of the Russian Federation. It is not clear if, when identifying a user, only information about the “presence or absence of information about the subscriber” is specified, then such identification does not really give anything. It is unclear what information will be exchanged between messengers and telecom operators and how this information should be regulated in terms of personal data protection and subscriber information protection.
findings
- Perhaps a few (by 0.01% - 0.1%) will increase the detection of crimes at the expense of idiots who plan crimes using their own phone.
- Possible increase in the cost of cellular communication
- Periodic conflicts of subscribers of cellular operators due to errors in interaction with instant messengers due to illegal blocking of sending messages in the messenger.
- Significantly increase the possibility of law enforcement agencies to search and identify those who speak on prohibited topics.
- Well, the economy. I put it in last place. But perhaps it would be worthwhile to say this as the prevailing version. The instant messenger market has reached saturation level - 83% of smartphone owners have several messaging services.
- In the communications industry, instant messengers are very important. In this case, instant messengers are completely opaque in terms of the use of advertising tools.
- For example, 59% of smartphone users in Russia have WhatsApp installed (data at the beginning of 2018), but there is, of course, no relevant data about users, and precisely because there is no regulation regarding messengers. The advertising market for development requires the possibility of a relevant audience assessment.
- With regulation, the messenger market will be more attractive from the point of view of communication work: from the possibility of assessing the audience to the development of new technologies of advertising and communication interaction
What to do? I will describe in ascending order of paranoia
- The most obvious option is to put where it is possible (From popular: Telegram / Whatsapp) two-factor authorization (In other words, add a password).
- Use instant messengers who claim the privacy of your private correspondence, supporting your words with the ability to conduct correspondence using end-to-end encryption.
- Use instant messengers that provide the source code and protocol specification for analyzing the presence of possible “bookmarks” and auditing of cryptography and user data privacy protection mechanisms. Famous examples: Telegram, Signal.
- In principle, stop using messengers that require a phone number for registration. These instant messengers must have open source code, both client and server-side (a federated network of public and private servers necessary for the communication of clients with each other). However, they still provide such amenities as push-notifications, registration on public servers (no need to bother with setting up and maintaining your server), low traffic consumption and device batteries, conferences / channels and even the use of bots. From popular examples: protocols XMPP and Matrix. Which can be used with the help of such open clients as Conversations, Xabber, Yaxim, Riot and others.
- Use fully decentralized solutions like Jami (Formerly Gnu Ring), Tox, Wire, and others. Which have some inconvenience, such as a large consumption of traffic, battery resources (after all, the service should keep the connection constantly waiting, for example, new messages), but at the same time can provide complete anonymity and excellent privacy.
In the following articles, it is planned to consider in more detail the last two types of instant messengers, federated and fully decentralized. For the first category, consider the popular implementations of the XMPP and Matrix servers, focus on security issues (using the most relevant cryptographic libraries), ease of deployment on your hardware / leased facilities, and optimal use of system resources. For the second, there will be an overview of popular solutions in the field of decentralized communication, the pros and cons of various instant messengers.