Skip links

Zoom in on Norway’s Whereby for Secure Communication

All you need is a URL. Share it. Go there and you are in the video meeting. No need to create an account or download an app or any software. Most people use US-based video conference tools in stead of looking to Norway, where they can find a service that is not only more privacy-focused but also extremely easy and convenient to use.

So, when you video meet with colleges, which tool do you then use? Skype (owned by Microsoft), Messenger (owned by Facebook) or the other US-based Zoom or Slack? Yes, those are all the big ones with a lot of users, but living under slack privacy laws compared to European services. Why not look at what you can find in countries with better privacy laws? Let’s zoom in on Norway, who might not be part of the European Union, but is certainly one of the European countries, who are implementing and enforcing GDPR – the General Data Protection Regulation.

Every month over one million users log into Whereby (formerly Appear.in) to communicate with someone via their screens. The video meeting service is so simple that you can speak to each other over the browser just by creating and sharing a URL. The technology is called Web Real Time Communication, Web RTC, and it does not require any software installed.

“It is a pretty simple technology that allows anyone to build this directly between two browsers. But building a prototype is easy. Making it globally available and scalable that is very hard,” says the founder of Whereby Ingrid Ødegaard, former CEO and now Chief Product and Technology Officer. She will be a keynote speaker at our 4th European Data Ethics Forum in Copenhagen October 10th.

It all started back in 2013, when she – as an economist – worked with the Norwegian telecommunications company Telenor, and they needed to communicate efficiently with a remote office.

“We had Skype and Google Hangout. None of them were good enough. And it was too much hassle using them. So, we looked at RTC, which was invented by a Swedish company, bought by Google and today is a browser standard,” she says.

Telenor still owns a part of Whereby, but this year the Norwegian video company Videonor bought the majority of the service. Videonor is a small video conferencing company started in small town Måløy on the West Coast of Norway, in a town of 200 inhabitants, and backed by local investors.

The business model of Whereby is not selling your data. As the service notes in its privacy policy:

Our business model is to provide a paid service to users who need additional features on top of the FREE version, and does not rely on widespread collection of general user data. We will only collect information that we need to deliver the service to you, and continue to maintain and develop the service.

Whereby vs Zoom

If you analyze Whereby and its biggest competitor Zoom.us on e.g. webbkoll.dataskydd.net, then Zoom.us uses many more third party cookies (those who share data with others including Google), stores data in the US, and states that if it is sold (which is often a main goal for a lot of Silicon Valley startups) then the data goes to the buyer. However, Zoom is very clear about what it is doing.

Whereby has much fewer third party cookies, it has a clear delete policy (probably because it is GDPR-compliant), all content is encrypted and data is stored in the EU. Ingrid Ødegaard, however, tells me that they use Amazon Web Services in Ireland as cloud provider.

“We are running a lot of data, so it is very expensive. In the free version we send audio and video directly between two browsers and not via our servers. If you are more than 4 people in the paid version, we need a server in between to avoid too much CPU usage on the user’s computer. And that cost a lot of money. We did however find a cloud provider that is cheaper than Amazon AND based in Europe, that is German Hetzner, which we are using more and more,” says Ingrid Ødegaard and underlines further;

‘I am personally concerned about privacy. We’ve spent a lot of time and effort becoming GDPR-compliant and we want to go even further with data ethics. We are a self-service first company, so we are trying to make your privacy settings as easy to use as using the service it self. You can edit your consents in the same place you edit your subscription, and export all the data stored with the click of a button. For a startup it can be a challenge to prioritize privacy when a lot of other things are burning, but if you do it right from the beginning it is easier. Privacy requires cross-disciplinary work, and educating all team members so they make good decisions every day. It needs to be an ongoing effort.”