Why Zoho’s Response to Arattai Privacy Concerns Misses the Mark on Digital Trust
The founder of Zoho, Sridhar Vembu, recently made waves on social media platform X with a casual, yet profound, response to a user’s question about the privacy of the new Zoho messaging app, Arattai.
When asked how private shared pictures are, the user quoted Vembu’s response as, “Trust me, bro!”
Vembu quickly clarified his statement, emphasizing that Zoho’s global Software-as-a-Service (SaaS) business model is fundamentally built on the trust that they do not access or sell customer data. He acknowledged that End-to-End Encryption (E2E) is a technical feature that is “coming,” but insisted that trust is “far far more precious.”
While Vembu’s commitment to business ethics is commendable, this episode is a crucial lesson in how digital trust operates—and why a founder’s good intentions are no substitute for good engineering.
The Digital Trust Equation: Trust vs. Technology
Vembu is essentially positioning business philosophy (Trust) against technical feature (E2E Encryption).
- Vembu’s Position (Trust): He argues that Zoho has earned global trust by never accessing customer data for commercial gain. For him, this policy commitment is the ultimate safeguard.
- The User’s Position (Technology): For a messaging app user, trust is not a handshake agreement; it is a mathematical guarantee. End-to-End Encryption (E2E) ensures that even if a government, a hacker, or the company itself wanted to read a message, they couldn’t, because the data is scrambled on the sender’s device and only unlocked on the recipient’s.
In the world of messaging, if the app developer holds the decryption keys (i.e., it lacks E2E), the system is fundamentally a “trust me” model. If the app has E2E, it is a “can’t read it even if we wanted to” model.
For a new messaging app aiming to challenge established giants like WhatsApp (which fully deployed E2E in 2016), relying on philosophical trust is a significant hurdle.
The Double-Edged Sword of Viral Marketing
Arattai has gained popularity precisely because it is seen as a local, “Indian product” alternative to Meta’s WhatsApp. This localization gives it a marketing edge, as social media users pointed out, supporting the idea of “helping improve an Indian product.”
However, privacy concerns, once viral, can rapidly erode that home-field advantage:
- High-Stakes Comparisons: Users are not comparing Arattai to a brand-new startup; they are comparing it to WhatsApp, Signal, and Telegram. In this competitive landscape, E2E is not a future feature; it is a baseline requirement for any serious player.
- Reputational Risk: The term “Trust me, bro” is inherently informal and, when applied to something as sensitive as user privacy, carries a strong undertone of casual disregard. This soundbite will stick, creating an uphill battle for Arattai’s marketing and PR teams to convey technical security.
- The Transparency Demand: The user’s question about private photos implies a focus on sensitive communication. Zoho’s commitment to data privacy in its business suite is excellent, but messaging apps are held to a higher standard, especially given the history of surveillance concerns globally.
A Roadmap to True Trust
For Arattai to fulfill its promise and earn the “precious trust” Vembu seeks, it must aggressively fast-track its technical security:
- Deploy E2E Immediately: This is the non-negotiable step that moves the app from a “Trust Us” model to a “Trust the Math” model.
- Open-Source Key Components: Releasing the cryptographic protocols for public scrutiny would allow third-party security experts to audit the system, dramatically boosting credibility—a strategy successfully employed by apps like Signal.
- Clear Privacy Policy: The policy must explicitly state the company’s inability to decrypt user messages and how metadata (who messaged whom, when) is handled.
While supporting an “Indian product” is a noble sentiment, in technology, patriotism cannot override security. The ultimate proof of trust is not a founder’s word, but a robust technical architecture that makes promises impossible to break. Until Arattai integrates E2E, its trust remains philosophical, not functional.
