Why You Should Always Use Encrypted Messaging
While SMS messaging is generally reliable, it is also outdated, being more than three decades old. The problem with SMS messages is that the contents of every text message are not only viewable to governments and mobile carriers but can also be intercepted. Additionally, SMS messages leak metadata including the phone number of the recipient and the sender.
Encrypted messaging is the way of the future, but what does it mean and which of the many apps out there should you use? Keep reading to find out.
What is an Encrypted Message?
Encryption is the process of encoding information in order to prevent anyone that isn’t the intended recipient from reading the message. The message’s text is scrambled using complex mathematical calculations.
According to the New York Times,
“End-to-end encryption scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a sender’s device, sent to the recipient’s device in an unreadable format, then decoded for the recipient.
There are several ways to do this, but the most popular works like this: A program on your device mathematically generates two cryptographic keys — a public key and a private key.
The public key can be shared with anyone who wants to encrypt a message to you. The private key, or secret key, decrypts messages sent to you and never leaves your device. Think of it as a locked mailbox. Anyone with a public key can put something in your box and lock it, but only you have the private key to unlock it.”
Why You Should Use Encrypted Text Messaging
Whether in your personal life or for professional matters, message encryption is vital for keeping data safe. For example, when business partners share confidential information regarding business matters, exchanging files that contain financial data, or even regular day-to-day business dealings, it is imperative that these details do not fall into the wrong hands.
“If you knew that every piece of mail you sent was opened at the post office, read, and resealed before it was delivered, would you still feel comfortable divulging personal information in those letters?” wrote the Toronto Citizen Lab in a post on the issue.
“Unfortunately, SMS text messages that we send and receive may be subject to this exact type of inspection.”
So, how is end-to-end encryption different from other types of encryption?
There is a more common form of encryption called transport layer encryption. This relies on third parties like tech companies to encrypt messages as they move across the web. The problem with this type of encryption is that intelligence agencies or law enforcement agencies are able to get their hands on those encrypted messages with a warrant. Consequently, neither the sender nor the recipient would know about it.
“End-to-end encryption ensures that no one can eavesdrop on the contents of a message while it is in transit. It forces spies or snoops to go directly to the sender or recipient to read the content of the encrypted message. Or they must hack directly into the sender’s or recipient’s device, something that can be harder to do “at scale” and makes mass surveillance much more difficult.
Privacy activists, libertarians, security experts and human rights activists argue that end-to-end encryption steers governments away from mass surveillance and toward a more targeted, constitutional form of intelligence gathering.”
Things to Remember When Choosing the Best Encrypted Messaging App
1. Move Away from Consumer Messaging Apps
As we have already established, it is very important to move away from consumer-grade messaging apps, especially if you run a business. While many companies allow their employees to use their own messaging apps, around 60% of employees use their own personal smartphones for business purposes regularly. The problem with this is that many of these messaging apps do not have end-to-end encryption at all.
2. Choose an App with End-to-End Data Encryption
Although there are numerous encryption possibilities out there, not every form of encryption is equally secure. Traditional encryption utilizes password keys that are stored by the app’s service provider. This is especially insecure as hackers are easily able to break into a service provider’s server and decipher the keys. The same goes for government agencies with a search warrant.
Alternatively, end-to-end encryption will encrypt each message when it is sent and does not decrypt it until it has been delivered to the recipient. These keys are stored only on the sending and receiving devices, rather than on a central server so that only the recipient is able to receive and decode the message.
3. Shred Those Messages
On top of encrypting your messages, you should also think about a solution that will automatically delete messages. Should your provider store the messages on their server, it is a possibility that these messages can be compromised by intruders.
Think about how your messages are deleted. Although traditional deletion simply removes each message, the underlying pointers to each message still remain, rendering them recoverable. The most secure way to delete your messages is to shred the message data so that it is unable to be found or even reassembled.
4. Find out What Metadata it Stores
Some services will go as far as logging the location of your phone. This is valuable information to advertisers and any other people attempting to monitor your movements.
5. Avoid Desktop Apps
One of the best elements of encrypted messaging apps is that they are available on a number of platforms, devices as well as operating systems. There are also some that have branched out, offering desktop versions to make for faster response times. However, over the past few years, there have been many vulnerabilities found in the desktop software. Always remember to update your apps and if it requires you to restart your PC, you should do so straight away.
6. Set an Expiration Date
As with shredding your messages, users should remember that encryption isn’t magic, and will not save you should your phone be compromised or stolen. This can and usually results in your data being accessed by third parties. To avoid this from happening, you should set an expiry timer on your conversations in order to ensure that any older messages are deleted.
The Best Encrypted Messaging Apps
Now that we have answered the burning question, what is an encrypted message, let’s jump in to find out which of the following is the best encrypted messaging service for you.
This is another excellent choice of encrypted messaging apps that are available on the market. Signal created an encryption protocol that is currently recognized as the most secure messaging app out there. Signal is free and also uses a combination of Curve25519, AES-256, and HMAC-SHA256 for encryption as well as having end-to-end encryption capability built-in as a default.
Users have the ability to make voice calls, file share, group chat, video call, as well as send SMS and disappearing messages. It is one of the few apps that secures both messages and attachments and also includes a transparency report. Signal encrypts your metadata and also does a much better job than other secure messaging apps in hashing your personal information like your mobile number and your contacts list.
One of the biggest highlights of this app is that it is an open-source platform meaning that anyone within the Signal community is able to check it for vulnerabilities. The great news? There hasn’t been any yet.
This is a free and secure messaging app that is available on many popular platforms including Android, iOS, Windows Phone, and Nokia S40 devices. It was launched in 2009 and is one of the most popular text and voice messaging applications available.
When it comes to security features, WhatsApp has end-to-end encryption, like Apple’s iMessage and Signal. All of the messages transmitted from the sender to the recipient can only be viewed by the recipient.
The app doesn’t store personal information, and the only people that can contact you via WhatsApp are the people on your contact list. WhatsApp also uses two-factor authentication. There are some issues with group messages as people that you have blocked can still appear in any group messages that you are a part of.
WhatsApp was acquired by Facebook back in 2014 and is used by more than 1.5 billion people around the world. Due to its end-to-end encryption qualities, WhatsApp is currently banned in China and has also been temporarily banned at some point in countries like Brazil, Turkey, and Iran.
Apple products truly have an excellent reputation when it comes to cybersecurity, and for good reason. iPhone owners’ have an alternative to text messages called iMessage which have end-to-end encryption. Any messages and attachments that are sent via the Messages app are encrypted so that nobody but the sender and recipient have access to them.
The great news is that not even Apple can decrypt the data. This has led to some legal conflicts with federal law enforcement agencies that have attempted to unlock messages used by accused criminals.
If you know of many people that have Apple products, this is a good solution for you, but remember it only encrypts messages to other Apple users. This includes all iOS, watchOS and macOS devices.
Swiss-based Threema is available for a number of platforms including Android, iOS and Windows Phone. Established back in 2012, it quickly gained popularity when the Snowden leaks happened in 2013. When Facebook acquired WhatsApp, as many as 200,000 users quickly jumped ship to Threema due to the problems Facebook has had with privacy issues.
Although many of these secure apps are based in the United States, the fact that Threema is based in Switzerland means that it is subjected to much stricter user privacy laws. All communications made with the app uses end-to-end encryption and are also immediately deleted from the servers after delivery. There is anonymous sign-up allowed as well as notifications letting you know if a contact’s fingerprint changes.
There are some downfalls including the fact that Threema, unlike Signal, is not an open-source platform and it also requires payment. There are no video calls available and it displays a link to the phone number and email address by default.
It has become quite obvious that communication between individuals is not just between two people but rather can be monitored by internet service providers, government agencies as well as third-party hackers. This can lead to people not only having their privacy intruded upon, but can also end up causing financial damage, with plenty of sensitive information shared daily, whether via SMS text messaging, emails, or other online channels.
Standard SMS texting is unencrypted leaving their contents available for anyone who wants to monitor your conversations for their own gain.
Fortunately, within the past decade, or so, a number of excellent messaging services have popped up providing great solutions to keeping communications private. End-to-end encryption jumbles up messages using mathematical calculations, essentially only making the message available for the sender and the receiver.
These include Apple messages, Signal, WhatsApp, and Threema amongst others that include end-to-end encryption preventing outsiders from intercepting and monitoring your messages.
If you haven’t yet started using an encrypted messaging app on your smartphone, we strongly recommend you do as it is one of the best ways to take back your privacy.