Prying eyes are everywhere. What are you using to guard your privacy?
Maybe it was Edward Snowden’s warnings of massive government surveillance programs into our communications. It could have been the rise of better security being added to web pages with https becoming the norm.
Whatever the catalyst, encryption has fast become a standard in the consumer space, much to the surprise and hopeful delight of many a security enthusiast.
So why exactly is encryption important?
Keep in mind that if someone really decides that you are worth hacking, and is willing to put the resources behind it, then expect to get exposed.
That said, the vast majority of us are hardly worth the effort from a government agency unless we are in the business of moving around loose nukes. You guys are on your own.
For the rest of us, what we need is more protection from getting our data vacuumed up in the wider nets of mass surveillance. When you send a message to someone, it travels through a web of tubes, crossing through different junctions where a malicious actor called a “man in the middle” can pick it out. This could be at your ISP level, an unsecured Wi-Fi connection, or another point along the chain.
What encryption does is makes it so that even if the man in the middle succeeds in pulling your message out of the mix, without stealing the key on the other side for decryption, all he has is an incomprehensible jumble of letters.
While discussion about web traffic and email encryption will be the topic of other write ups, it is chat applications where the public actually has their most conscious exposure to encryption. This technology has recently enjoyed widespread implementation, becoming a banner of pride for the many companies that have added it to their products.
In particular is the move towards end-to-end encryption, meaning that even the chat service cannot access your messages even if they wanted to. Following the San Bernadino case where the FBI fought with Apple over access to the shooter’s phone, this issue was hotly debated in the public square. However now in the era of Trump, more companies may opt to provide more privacy and take less responsibility for the messages that are traveling through their servers.
Some apps will give you “in transit” encryption, your messages on their servers are still readable if someone breaks in to take a peek. This is why end-to-end encryption is a better bet and fast becoming the norm.
But which is the app that you should turn to for keeping your secret communications safe?
Here are a few favorites that have gotten good marks from across the board, including from the Electronic Freedom Foundation, as well as one or two that you might want to avoid.
By happy circumstance, the world’s most popular messenger service is also among the safest for your communications.
Last year it was announced that the Facebook-owned company had integrated Moxie Marlinspike’s technology that he had developed for Signal into their platform, garnering a lot of support for this fairly straightforward messaging system.
While they recently faced some flack for leaving indicators like a user’s metadata – info about when a communication took place and other details that can show evidence of a connection between you and another person without revealing the content of your messages – that criticism was way overblown.
It is true that on apps like Signal they do not collect this kind of identifying information. However, most users that are not activists, criminals, journalists working with sources or other members of networks that could be harmed by this data, should be fine here.
By offering solid end-to-end protection to the app’s billion plus users as an automatic add on, they have made a very significant accomplishment that is worthy of praise.
The downside that should be considered here is that users are still at the mercy of Facebook. While I am hardly a hater of the global giant, it is worth keeping in mind that the circumstances of your data’s privacy could change drastically and quickly should the company decide that it could be worth something to them. The moral here is not to put all of your eggs in one basket.
This is the gold standard for encryption professionals. Operated by Open Whisper Systems, Moxie Marlinspike’s main gig, this app is generally considered to have some of the best protections in the game. Add to this the personal endorsements of Snowden and other leaders in the field, and you have one very high profile app indeed.
As a fan of this app, I could tell you about its code word verification for voice calls, or the high level of thought that went into its open source verifiable code, but I won’t bore you.
The one downside here, and it’s the only one that I’ve encountered at this point, is that most people who are not security enthusiasts/paranoids have not adopted this app en-mass. Until that point, it will be somewhat limited by its more restricted reach.
These guys always get good marks as a part of the Silent Circle crew, the team behind the Black Phones and other enterprise-level security services. They scored a bingo of green check marks across the EFF’s Secure Messaging scorecard, which it should be noted is out of date but still a good reference point to start from.
Users receive the standard calling and texting that come with the rest of these services, but with a couple of extra perks. Get up to 100MB of file transfers, disappearing messages for you Snap Inc. fans, and actual live tech support.
This all comes at a price of $9.95 a month. Sometimes something good is worth paying for. Now that’s a novel concept, right?
Approach these with caution
Along with the good ones, there are a few apps which have taken some added flack. No implications of wrong doing here on the part of the companies, but you should think twice before sending your private messages on them.
After making some pretty big claims pertaining to anonymity, security, and other important features, this app took some heat after security pros complained that the lack of transparency from not being able to take a peek at their code.
In a field that is all about trust, being able to look under the hood is essential to acceptance by the community of users. If your code cannot be verified, then don’t expect to gain a following.
While this app was recommended by the folks over at Heimdal Security on their list, DeepDotWeb advises their readers not to use it. Beyond their critique of some of the opaqueness of the code, they raise an important point about the deceptiveness of the “disappearing message” that was popularized by apps like Snap Inc., leading users to believe that they are safe just because their message will “self-destruct” after a certain amount of time is wrong-headed. Many apps allow for screenshots, while there is always the option to simply take a picture of the screen with another device. Either way, it creates bad habits among users that can encourage other bad behaviors.
Telegram claims to have solid encryption, which I am sure the Russian ex-pat designer of the app put plenty of thought into when he was putting this one together. It is super easy to use, allows you to hide your phone number unlike Signal and Whatsapp, and saw a lot of growth in places where governments decided to punish Whatsapp for refusing to cooperate with criminal investigations. As they’ve gotten bigger, their team has built out a formidable set of features that should make this appealing to a wide swath of users.
It is worth noting though that there have been some critiques about the level of their encryption, which has been questioned by some names in the field. The bigger issue though is that unlike Whatsapp, the user needs to actually turn on the Secret chats in order to enjoy the higher level end-to-end protection. While not the only ones to have this annoying “need to turn me on” feature, I feel like they should know better.
My hesitation for users here is really when it comes to the groups. Telegram has this great feature wherein, like Whatsapp, you can create large groups which can be ideal for chat rooms or as a place to make broadcasts. Two issues here. One is that plenty of folks believe that because the chat is encrypted that whatever you say is safe. This is only true if you trust the other people in the group to keep your secret. This is not a failure of the technology but of humans in general, who are always the weakest link in the chain. Second, Telegram groups became a favorite spot for Islamic State (ISIS) supporters and recruiters to gather online, thus garnering some extra attention from authorities.
While clearly not every bit of information is sensitive and all that interesting for bad actors, it is definitely worth putting more thought into the way that we handle our messaging.
Data, whether our location, interests, or communications of personal details are quite valuable, even as society et large no longer places much stock in the concept of privacy. Given the choice, there are some truly excellent apps out there now that offer significant upgrades in security and user experience that leave you without much of an excuse not to make the switch.
For a really solid review of apps, including of some of the ones covered here, check out Heimdal Security’s blog post.
Click here for the outdated EFF scorecard. A new one is coming soon but this should give you a general idea of the field.
Which apps do you use? Let us know in the comments and we may add them to a future list.
Was this article useful? Please consider sharing it with a friend that could benefit from a little more security.