So, you want to send a short instant text message to another person. The options are endless - iMessage, Slack, Instagram, WhatsApp, Skype, Snapchat - but there is one “but”: their level of security varies. If you are not whispering words into your interlocutor’s ear, it’s hard to guarantee that no one will know what you told him.
For everything that the provider should not see, or that should not be used against you in court, end-to-end encryption is required. This works on the principle of providing each user with public and secret keys. Messages sent to you are encrypted with a public key, but can only be opened in secret. For anyone who does not have your secret key, including a company that develops applications, or a government that wants to know the data, this text cannot be decrypted.
The fact that the service stores messages on its servers is also important for security. Even without reading your texts, law enforcement agencies can draw conclusions from the received metadata, for example, with whom you spoke and when. Similar information can be obtained from your contact list. Or perhaps you backed up the entire chat history in the cloud.
Messaging applications may include other security features: self-destruct messages. It matters if you are worried about someone who lives in the same house or just uses your device. Other features allow you to send messages anonymously.
Today, the choice of means to send confidential information is becoming increasingly difficult. So much so that even the nonprofit privacy organization Electronic Frontier Foundation does not recommend a single messaging application.
Messengers work only when the people to whom you want to send a message also installed them. As for other services, SMS reaches everyone who has a phone number, but they are practically not protected. iMessage has end-to-end encryption, but is only available for Apple devices. WhatsApp and Facebook Messenger have a wide global reach, but are tied to Facebook.
In fact, the choice of application comes down to the issue of security, the need for convenience, for example, the ability to create backup copies, and also depending on who you want to send the message to - sometimes you have to adapt to the interlocutor.
Let's start with the most ubiquitous platform, for the use of which you do not even need someone's phone number to find a user. According to recent estimates, Facebook Messenger has 1.3 billion users. However, chats do not have end-to-end encryption by default. To do this, you must open a "secret chat" - an option that is available only in applications for iOS and Android, and is not available in browsers. These chats are not only encrypted with the standard Signal protocol, but can also be configured to self-destruct. Disadvantage: this is Facebook. Privacy experts are wary of what social media titanium - whose business model is selling data to advertisers - can do with the information.
- A huge number of users.
- It is possible to communicate in secret chats with a large number of privacy settings.
- Not everyone knows about the existence of secret chats, in addition, they are not on every device.
- Facebook has been seen flushing metadata - can it be trusted?
The same wariness about Facebook Messenger extends to the generally well-protected WhatsApp. Mark Zuckerberg acquired WhatsApp in 2014, promising that the messenger will work independently; then, two years later, WhatsApp announced that the application would share data with Facebook. WhatsApp has about 1.5 billion users and can share information with Facebook, for example, when was the last time you used the application and how often. Initially, the company stated that it would be used to offer products and advertising, but now everything is a little different: “Today, Facebook does not use your WhatsApp account information to improve Facebook experience or provide more relevant advertisements.”
Despite this, WhatsApp also uses the Signal method for end-to-end encryption, which means that Facebook cannot access the content of your messages no matter what the user agreement will be in the future. WhatsApp also reports that it does not store messages on its servers after sending. However, if users choose to back up chat history from an application, for example, in iCloud or Google Drive, then they can be vulnerable if these platforms are hacked.
- Strong end-to-end encryption by default.
- Wide coverage worldwide.
- Great place for group chats.
- The messenger’s connection with Facebook does not yet inspire confidence.
When Facebook Messenger and WhatsApp were temporarily out of service in March this year, Telegram’s CEO said that 3 million new users signed up for the service within 24 hours. A security-oriented messaging app has existed since 2013 and has about 200 million active users as of 2018. The application contains options for self-destruction of messages, their sending or even retroactive removal of entire chats (you can completely erase the correspondence both at home and at the interlocutor).
However, end-to-end encryption is not enabled by default. To get it, you must use "secret chats". Normal conversations are encrypted between your device and the Telegram server, as well as between the Telegram server and the recipient's device. The company claims that this should provide backup in the cloud and access to chat history on any device. Some cybersecurity experts have also questioned Telegram's encryption method, which was developed in-house and is not open source.
- Security settings in secret chats.
- The messenger is free, not designed for profit and does not belong to a corporation based on the sale of user data.
- For an application that puts privacy as a priority, it does not have the most basic function enabled by default.
- There are questions about the internal encryption method.
In addition to developing a reference end-to-end encryption protocol, Signal is the most secure messenger for the most ardent privacy advocates. By default, chats are fully encrypted, as are metadata, such as, for example, the people you chat with. Messages can be configured to self-destruct and can be sent anonymously.
In 2016, the activities of Signal developers were called into question, and they were summoned to court, however, they were only able to submit the last date the user’s application got access to the servers and the time of creating the account, proving how little data is actually stored on servers. “Signal was designed to minimize the data we store,” said Signal founder Moxie Marlinspike after the details of the investigation became known. Edward Snowden himself vouched for this open source application, and the chairman of the Signal Foundation, a non-profit organization, is none other than the co-founder of WhatsApp.
- The highest standard of security features, including end-to-end encryption and metadata protection.
- An open source messenger managed by the Signal Foundation, a non-profit organization.
- Not all users know about the application, probably you will have to ask your interlocutors to install it.