I’m Not Installing Facebook Messenger And Neither Should You

scar7-mar22

“We’re Moving To Messenger!” That was the cheery message, accompanied by a picture of an anthropomorphized beaver, that greeted me every time I tried to read my Facebook messages on my phone. Last week, I was told that the move was a fait accompli and that I no longer had the choice of not moving. So I dutifully went to the Google Play store, prepared to install the app, and… whoa.

Facebook’s new Messenger app demands an extraordinarily broad range of permissions from iPhone and Android users. As someone who has occasionally made a living administering and writing programs for Linux-based systems, I could go into the specifics of those permissions and what they each mean, but it’s easier to demonstrate it like so:

Let’s say that you’re married, or in a long-term relationship with someone about whom you actually care. One day, your significant other decides to spice things up by sending you a picture of herself naked, taken in the bathroom at home or work or the Frankfurt train station. Without Messenger, this is the chain of custody of that photo:

  • It’s on her phone until she deletes it. Given the limited storage of most phones, it will probably be quickly overwritten, so unless the cops seize the phone or she goes to the “Genius Bar” in the near future, it will go no further.
  • It was transmitted on a variety of carrier networks. Unless she’s a person of interest to the NSA, the photo itself won’t be retained, only the CDR (call data record) that she texted you from cell X to your location at cell Y at time Z.
  • It arrives at your phone. You look at it, smile, and then delete it before you are arrested or lose your phone at a bar.

In the modern era, that’s as close to privacy as you can come without meeting under a UV-and-IR-reflective canopy in the open desert. None of the above applies, by the way, if you’re a celebrity or other individual whose phone contains enough valuable data to make cloning or intercepting it a financially worthwhile endeavor.

Facebook Messenger ties together a broad range of permissions that include access to your messages and permission to use the network, camera, and microphone in your phone without your permission. So here’s the way it works after you install Messenger:

  • It’s on her phone until she deletes it. Given the limited storage of most phones, it will probably be quickly overwritten, so unless the cops seize the phone or she goes to the “Genius Bar” in the near future, it will go no further.
  • It was transmitted on a variety of carrier networks. Unless she’s a person of interest to the NSA, the photo itself won’t be retained, only the CDR (call data record) that she texted you from cell X to your location at cell Y at time Z.
  • It arrives at your phone. You look at it, smile, and then delete it before you are arrested or lose your phone at a bar.
  • Facebook Messenger (almost certainly) uploads a copy of the message to its servers. The nominal purpose of this is to better monitor your personal relationships to ensure that you are given the news feed and suggestions that best suit your life. The actual consequence of this is that Facebook now has that photo for eternity.
  • And if your wife is on Facebook and has given Facebook her phone number, Facebook knows that’s her and can index it appropriately.
  • And if your wife is not on Facebook but she is in your contacts, Facebook Messenger has the ability to cross-reference your contacts to get her name and attach it to the communication.
  • And if Messenger wants to — which, at this time, I doubt it does, but you never know — it has the ability to turn on the camera and microphone, observe your reaction to the picture, record it, and upload it to the Facebook servers.
  • And the photo belongs to Facebook now, not you, according to the terms of the User Agreement.

And this is the guy to whom you just sent it:

zuck

I know a lot of people who think SMS is more secure than gChat or FB messages. They’re right. It’s a federal felony to capture or snoop on SMS messages — it’s wiretapping. Looking at gChat or FB messages isn’t even a crime if you work at Google or Facebook. Are you completely sure that everybody who works at those companies has your best interests at heart?

Some people have responded to the Messenger flap by saying, “Oh, Apple and Google already store all this information on you and blah blah blah there’s no privacy.” This is known as the Continuum fallacy. Just because Apple is tracking your movements doesn’t mean that you should be allowing Facebook to read your SMS messages. You’re not only compromising your privacy in that case, you’re compromising the privacy of the person who sent you the message.

Some time ago, I moved from hosting all my own mail on a server that I owned of which I had physical control to just using gMail for most things. I did this because I realized that although my own security was pretty good, the endpoints of my communications were long since compromised. I was going through a lot of effort to maintain privacy in communication with people who were letting Google index those communications anyway. There’s plenty of information to suggest that Googlers read GMail whenever they want. Note for investors and futurists: an email service that had a means to technically guarantee user privacy might eventually have really nice user base of high-net-worth individuals.

Giving up on my mail privacy doesn’t mean I want to give up on my SMS privacy, however. Not just mine; the privacy of other people. Two years ago, I had the USB port on my Motorola Droid4 fail. That meant that once the battery died, I wouldn’t be able to use the phone at all, and since the battery in the Droid4 is installed with screws and a very delicate connector, I wouldn’t be able to easily change the battery for a charged one. The problem with this is that I didn’t know the USB port had failed until the phone died.

I had a $50 insurance plan that I could use to get a replacement phone. The problem was that I had a bunch of photos that a female friend had sent me on that phone. I’d been keeping them for reasons of sentimentality/laziness. Sending the phone into the insurance provider would hand over a dozen nude photos of a woman who had a professional image to protect. And since she was in my contacts, they’d have her name and contact information.

I sat down and thought about it for a while. Then I went out to my front porch and hit the phone with a Craftsman hammer until it was in little pieces. Then I went out and bought another phone.

The moral of this story:

  • It’s okay to send me naked photos, I’ll protect you. (Unless you’re a man.)
  • Being thoughtless about privacy can have real costs.

From now on, my friends who use Facebook Messenger to communicate with me will have to wait until I get back to my laptop. Sorry about that, but that’s the way it’s going to be.

11 Replies to “I’m Not Installing Facebook Messenger And Neither Should You”

  1. jz78817

    I’m confused about the moral of this story. Are you saying its ok to send you naked pics unless I’m a man, or that its ok to send you naked pics if I’m a man but you just won’t protect me?

    NEED CLARIFICATION.

    Reply
  2. B.K. L.

    Many years ago, my mother told me never to put anything in writing that I would be embarrassed to see on the front page of the local newspaper. The medium may have changed, the advice is still very good.

    Reply
  3. rpm1200

    If you and whoever you are texting have iOS6 and the Send button is blue, the messages go through Apple iMessage instead of SMS so the same potential privacy issues apply. By default the button will be blue. I do not remember consenting to anything like that when updating iOS.

    http://www.ianswerguy.com/green-blue-iphone-messages/
    http://blog.quarkslab.com/imessage-privacy.html

    On the iPhone you can go to Settings, Messages and set Send as SMS to On to override this behavior and always use SMS (the Send button will be green).

    Reply
    • JackJack Post author

      It’s bizarre how hard everybody’s working to “steal” SMS messages.

      Or maybe it isn’t, given the payoffs.

      Reply
  4. Brian Driggs

    Another easy solution to this “problem” is to simply dump the FB app as well, and use your mobile browser. You get all the functionality you used to get, plus the added bonus of not getting FB notifications unless you’re actively on FB. (Though sharing anything from your phone does become a bit more involved, as you lose the option to share direct to FB and have to copy/paste links like some kind of Gen X Caveman.)

    Reply
  5. the passenger

    This is exactly (and another example in a long and growing list) why I won’t have anything to do with facebook. Maybe Apple is reading my iMessages, maybe they aren’t, but you know what? My distrust for them is less than my distrust of fb.

    Reply
  6. Japanese Buick

    At the risk of wading into an Android vs iOS flame war, Apple users are much better protected than Android users here simply because of how the stack is coded on iOS, no matter what the TOS says. See more info here: http://apple.stackexchange.com/questions/140784/can-facebook-messenger-spy-on-me-to-the-degree-many-sites-are-claiming

    And here: http://macdailynews.com/2014/08/08/facebooks-scary-messenger-app-highlights-ios-security-vs-android-security/

    That said I still refuse to install messenger because I resent the blatant attempt to force me to install another app to do what I could already do.

    Reply
  7. Pingback: Whatever Happens, You Cannot Say That You Were Not Warned - Riverside Green

Leave a Reply

Your email address will not be published. Required fields are marked *