Here is the first short contribution to clarify the impact of the messaging apps on the protection of natural persons with regard to the processing of personal data. We refer you to our previous contribution related to the subject “communication manner” which people use nowadays and precisely the digital communication, by using messaging apps.

People pay more attention to trends, diffusion, the number of users of a particular app, and less to the most relevant aspects such as privacy and data protection. We should pay more attention to our life and personal information, avoiding becoming elements carried toward legally unclear ways.

A brief premise based on my experience

Some time ago, tired of being a slave of entrusting my communication to some messaging apps providers, I decided to find different solutions that guaranteed me the freedom to control my personal data and was secure (we well-know that in informatics the complete security doesn’t exist, but I mean some resource by which to reduce risks).

Fundamentally, my doubts were related (but not only) to the relationships between privacy, the processing of my personal data, and the current data protection legislation (better, on the protection of natural persons with regard to the processing of personal data). Indeed, probably few people still know that according to Whereas n. 7 of the GDPR

Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced.”.

Although I mention only the Whereas (7), it should be clear that the GDPR lays down principles and rules according to which controllers and processors shall be responsible for, and be able to demonstrate compliance with, the EU Regulation 2016/679 to ensure adequate protection to data subjects with respect to the processing of personal data.

I wondered whether it was legally correct that someone processed my personal data where I didn’t have control over them.

Indeed, I couldn’t modify or delete some personal information, neither having - in the end - the related confirmation. Indeed, according to articles 12 and 13 of the GDPR, the controller shall provide the data subject with all of the information laid down by the mentioned articles. What about the information provided by controllers according to article 12 or 13 of the GDPR? No comment. While I was looking for a good solution, occurred the peak with Whatsapp. Indeed, I asked Whatsapp to delete my account and give an official confirmation to me.

What’s happened?

After several tickets I opened, Whatsapp replied to me, communicating to have deleted my account.

Is it entirely true? No, it isn’t. People who chatted via WA with me in the past continue viewing the entire chats content and my account like I am still present on Whatsapp.

Thus, by still seeing my account, they think to can send me messages via that platform (WA).

The question is: is it all correct? No, definitely. I think that it’s not surprising that a user expects that the deletion of the account will be global along with the contents of previous chats exchanged with others or that others cannot still send messages to those who no longer have a Whatsapp account. Suppose at all the provider wanted to preserve the content of the chats between two users, of which one deleted its account.

In that case, the provider should inform in any way the user “survived” that the other has not the account anymore to avoid inconvenience and unpleasant embarassing situations. Anyway, it was the time to change the communication system.

Step two: short analysis and … XMPP

After some tests and evaluations, I decided to move towards open-source resources, and I found three different solutions:

  1. XMPP;
  2. Matrix;
  3. DeltaChat.

Today, I want to describe the XMPP protocol briefly and then Snikket.

Who still doesn’t know XMPP can find any clarification in the FAQ section of theofficial XMPP website. Notably, there are the answers to the following questions:

  • What is XMPP?
  • Who owns XMPP?
  • Who uses XMPP?
  • How can I use XMPP?
  • Where did XMPP come from?
  • How secure is XMPP?
  • What’s wrong with Skype/WhatsApp/Google Hangouts/whatever? Why should I use XMPP?
  • How many users are there in the community?
  • What’s the XSF?

Among the aspects which contributed to my decision, I want to underline the following, which are present on theofficial XMPP websitewhere we read: XMPP offers several key advantages over such services:

  • Open
  • Standard
  • Proven
  • Decentralized
  • Secure
  • Extensible
  • Flexible
  • Diverse

Among the mentioned characteristics of the XMPP protocol, I think that we should pay attention to “open”, “standard”, “decentralized”, “secure”. Notably, a decentralized system is a strong point for the architecture and users if we want to be guaranteed them control over their personal data.

How can I have an XMPP account?

There are several solutions to create and use an XMPP account. I can obtain the XMPP account from an already existing XMPP provider (you can see it on the official XMPP website here: https://list.jabber.at). Alternatively, we can decide to install an open-source XMPP resource on a server and use it on my own. We decided to opt for the second solution.

Our XMPP choice: Snikket

Looking around me on the Internet, we stumbled upon Snikket.

What is Snikket?

We read on the Snikket website that “Snikket is an ambitious project to build a new kind of XMPP-based messaging platform.”.

Indeed, Snikket is a new communication resource based on the XMPP protocol constituted from a server-side component and client. Snikket users can send and receive messages among them - precisely like a messaging app - but it’s also possible to send files (images, PDF, etc.) and set up the call and video call. Since Snikket adopts the XMPP protocol, it is possible to communicate with any other user who has an XMPP account with any provider in the world. In essence, I can communicate with people worldwide if they have an XMPP account. An XMPP account is like an email address because it is made up of a username and the relative domain (for example, alice@domain.com). On November 18, 2021,as we read on the blog, has been released a new release of the Snikket server. I installed Snikket on the server-side, and I am using the Snikket app on iOS via TestFlight; I am thrilled to see that the notifications work correctly after the last update server-side. I will wait for the next iOS update, being sure that developers will continue improving the app. I took the following images of Snikket for iOS from the Apple App Store.

Why prefer Snikket to other messaging apps?

Why should one choose Snikket instead of the most known other apps like Whatsapp, Telegram, Signal, etc.? There isn’t one answer only. There are different answers: firstly, we like Snikket as it is, and it’s a matter of personal feeling. Furthermore, from our point of view, Snikket guarantees any user to have control over their personal data. Snikket doesn’t require any personal information to create an account, including the mobile number. On the contrary, it is well-known that those who want to create an account to use a different app like those known mentioned above are obliged to provide to the host - minimum - a mobile number. The GDPR, which applies to European citizens, lays down the “data minimisation” principle according to article 5(1)(c). We should bear in mind that principle - but not only that - and evaluate whether a messaging app provider respects it and the others lay down by the GDPR. It would be interesting to know how a messaging app provider respects data protection principles and rules in practice. The Snikket server admin is the only one that can create an account. Still, after the user at the first access changes the password, the Snikket server admin cannot access any information because data are encrypted on the Snikket server.

Why Snikket?

Why should one choose Snikket instead of the other XMPP resources? There are a lot of aspects that I considered in choosing Snikket.

  1. Snikket is an ambitious project to build a new kind of XMPP-based messaging platform.It’s a very intriguing project, indeed.
  2. Snikket is open source, and I can see the project on GitHub here: https://github.com/snikket-im;
  3. Snikket is simple to install, being dockerized. Any information about the installation is available on the Snikket website here: https://snikket.org/service/quickstart/;
  4. Snikket is easy to use;
  5. Snikket has the features explained in detail here: https://snikket.org/app/features/.
  6. Last but not least, to me, another strong point is that the head project (MattJ) and the technical staff are available to answer questions from the users.

I am not a developer, but I am sure that Snikket is going toward maturity, although it will be necessary to further implementations, as it is for every software.

In my perspective, Snikket is a highly valuable solution based on XMPP protocol and deserves attention, hoping it grows and brings further benefits to users, facilitating the communication.

Follow us on Mastodon