Article Thumbnail

App-Ed: Protect Yourself With Some Encryption

How to prevent your messages from going… elsewhere

Whether you’re concerned about government eavesdroppers, corporate surveillance or targeted ads, switching from plain old texts to secure messaging can ease your mind and save you lots of trouble. Just last week, Facebook announced that it was rolling a secure messaging feature out for Messenger in the fall. But you don’t have to wait for Facebook. Using secure messages for your conversations now means you don’t have to worry about anyone getting access to your communication without your device — from hacker to jealous ex. You also can send sensitive information without fear that it will come back to haunt you — from the keycode to your garage to your social security number.

The key to modern secure messaging applications is that they use encryption, which encodes your messages so that even if an eavesdropper gets ahold of them, they can’t read them. Even if you personally have nothing to hide, more people using encryption makes everyone safer online.

What to look for in an encrypted messaging app

There’s no shortage of apps that claim to offer secure messaging, but what you’re looking for is a service that offers end-to-end encryption. “End-to-end” means that the message is encrypted on your device, and then decrypted when it gets to the device of your messaging partner. No one (not even the provider of the messaging service!) can decrypt it.The only catch of end-to-end encryption is that you’ll need whoever you’re messaging to take the plunge with you — there’s no way to secure just one side of a two-sided conversation.

In addition to encrypting your messages as they pass from you to your friends, you’ll also want to encrypt the data on your device. Device encryption prevents anyone from reading the data on your phone without your passcode (additional to your iPhone passcode) — keeping your photos and texts secure if a pranking friend or a criminal decides to snoop. (Fortunately, device encryption is easy. Here’s a how-to guide for iPhones, and one for Android.)

You’ll want an app that defaults to secure messaging. Remembering to switch to a secure channel can be difficult, and security measures work best when they’re automatic. Even more importantly, if you only encrypt conversations that are super-secret, that’s basically flagging that what you’re talking about is sensitive. Secure by default means that no one will be able to tell the difference between a message asking your partner to buy more toilet paper and a message on a more sensitive topic.

The best choices for secure messaging are apps that have had their code audited (reviewed by professionals — it’ll say on their website) and/or ones whose code is publicly available. Although neither guarantees perfect security, both are important steps to making sure that all the possible flaws in an encryption scheme have been caught.

For Everybody — Signal

Hey, if it’s secure enough for Edward Snowden, it’s secure enough for the rest of us. Made by OpenWhisper Systems, Signal is secure when texting with other Signal users and uses your phone number as your handle, meaning you don’t have to remember a separate login and password. On Android, you can use Signal as your primary messaging app — it will automatically send secure messages to other Signal users and SMSs to those who haven’t installed it. For iPhone users, it can’t automatically combine with SMS, but will allow secure messaging for all your contacts who also have the app installed.

It’s open-source and uses a technique called “perfect forward secrecy” to prevent an eavesdropper from getting access to your older messages — even if they get access to your secret key. It also allows for group messaging, without letting Open Whisper Systems know who is in your group or what it’s called. If you want to switch from text to talk, it allows for encrypted phone conversations from within the application.

For the Recovering SnapChat Addict — Wickr

If you’re looking for secure messaging application with expiring photos and video chat, Wickr might be a good alternative. Wickr is a messaging app that is secure by default, but it only allows for communication with other Wickr users. Although its code is not open-source, Wickr has made the technical details of its implementation available.

For the Friend Group — WhatsApp

The good news is that WhatsApp uses the same protocol as Signal, so the cryptography is open-source and peer-reviewed. It works for niche platforms, like Blackberry and Windows Phone, and the latest version of WhatsApp defaults all users to end-to-end encryption. However, WhatsApp retains “metadata,” the information about who you sent messages to and when, which can be quite revealing. WhatsApp may be the best choice for the cross-platform group that doesn’t want to switch to something as security-focused as Signal or Wickr.

For Apple Fans Only — iMessage

Perhaps the easiest option for end-to-end encryption is iMessage, the standard iPhone client. Did you know that when your text bubbles are blue, the messages are end-to-end encrypted? Even Apple can’t read them. However, iMessage is only secure with other people using iPhones or messaging from a Mac, so if you text with anyone who uses Android (and the bubbles turn green!), you’re out of luck. Additionally, in places without great data access, iMessage can default to sending information over SMS, which is never secure.