This is a guest post by Carey Parker, who blogs at Firewalls Don’t Stop Dragons.
Messaging has come a long way since the advent of short message service (aka SMS, or simply “texting”) in the mid-1990’s. One of the most notable improvements was the addition of end-to-end encryption. While text messages are really more like postcards, messages employing end-to-end encryption are like letters … if letters were made of Kevlar. They cannot be read or altered by anyone along their transmission path.
Who Can You Trust?
Not all secure messaging apps are created equal, however. Apple’s vaunted messaging service is fully encrypted, but the encryption keys are stored on the phone itself and managed by the Messages app. While Apple certainly seems to be trustworthy, the code for their Messages app is closed and proprietary. Also, if you backup your Messages to iCloud, then Apple has full access them. And finally, Messages will fall back to regular SMS if the person you’re communicating with does not have an iPhone.
Even the extremely popular WhatsApp messaging service, which implemented end-to-end encryption in 2014, may not be completely secure. That same year, WhatsApp (with over a billion users worldwide) was purchased by Facebook for almost $20B. While Facebook promised to honor the WhatsApp founders’ commitment to privacy, over the years Facebook couldn’t resist the urge to monetize the service by saving data on the app’s users. Eventually, the founders of WhatsApp left Facebook, apparently in disgust.
And the Winner Is …
One of those founders, Brian Acton, teamed up with Open Whisper Systems to create Signal Messenger. WhatsApp had used the Signal messaging protocol to bring encryption to WhatsApp in 2014, so it was a natural move for Acton. Signal is a completely open-source project, meaning that anyone can use it and the software is open for anyone (including security researchers) to study and vet. The security guru behind it all, Moxie Marlinspike, is a stalwart believer in the idea that privacy is a human right and necessary for a healthy society.
So it should be no surprise at this point that my number one recommendation for secure, private communication is the free Signal app (available for iOS, Android, Mac and PC). Your account is based on your cell phone number, so it’s not really anonymous – but you can bank on the communications being completely indecipherable to any third party. Signal even supports secure audio and video calling.
Like other messaging services, whoever you want to communicate with will also need to run the same app – so your biggest hurdle may be getting your friends and family to sign up. WhatsApp, Facebook Messenger and Apple’s Messages are all extremely popular and it can be hard to convince someone to install yet another app, especially if the only other person they know that uses it is you.
But at the end of the day, if we (as a society) truly care about Privacy, as a concept, then we need to commit to using the few tools that truly deliver it. We have to be willing to suffer some temporary inconvenience to register our disdain for mass surveillance and show visible support for companies and organizations that respect and support privacy. (If you’re still not convinced that your privacy is rapidly eroding and under attack, check out this article.)
Carey Parker is a cybersecurity and privacy advocate, and author of the book Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies. Carey hosts a weekly podcast of the same name and publishes a biweekly blog / newsletter.