Private messaging
HOW TO CHAT WITHOUT BIG BROTHER LISTENING IN.
RECOMMENDED APP: SIGNAL PRIVATE MESSENGER
Last year, with bipartisan support, new metadata collection laws were introduced to Australia. e laws required that ISPs and telecommunications providers kept a record of pretty much all communications crossing their networks for a period of at least two years from the date of said communication. e captured information would include all metadata relating to the communications, including: e date, time and duration of a phone call e name, address and billing information of the user e IP addresses and email addresses of the senders and recipients e type of service in use (phone, SMS, social media and so on) e physical location of the telecommunications device (which mobile tower, for example) Essentially any time you send a message to another person, it’s recorded and kept on le.
While the metadata laws don’t require that the ISPs and telcos record the actual contents of the messages, we do know from the Snowden leaks and other sources that wide-ranging interception and monitoring of content is happening. Service providers like Microso /Skype, Facebook and Google have had standing relationships with signal intelligence agencies to record and deliver captured messages on legal request, while large-scale monitoring of international internet links is essentially standard practice for signal intelligence agencies.
If you want to avoid such government monitoring — or are simply uncomfortable with providers like Skype having a complete record of everything you ever said on it — then you need a messaging service that supports two things: Strong end-to-end encryption No metadata collection End-to-end encryption means that the only people who can read the message are the
WHILE THE METADATA LAWS DON’T REQUIRE THAT THE ISPS AND TELCOS RECORD THE ACTUAL CONTENTS OF THE MESSAGES, WE DO KNOW FROM THE SNOWDEN LEAKS AND OTHER SOURCES THAT WIDE RANGING INTERCEPTION AND MONITORING OF CONTENT IS HAPPENING.
sender and the receiver — they are the only people that have the keys to encrypt and decrypt the messages. To everybody else in between, it’s just unusable gibberish. Not even the service provider can read the message. No metadata collection is trickier, since it relies on trust in the app provider’s word with respect to metadata. ere are some purely peer-to-peer comms services for which there is no metadata, but they tend to be highly technical. All of which bring us to Signal Private Messenger ( whispersystems. org), our current pick for private communications. It’s easy to use and ticks both of those boxes. It supports end-end-end encryption with manual authentication to prevent man-in-the-middle attacks. It uses servers that could technically collect metadata, but Open Whisper Systems says no metadata is collected by it, and there are no records kept of communications between clients. Using Signal is very easy once it’s set up, since it integrates into your phone’s contacts. It works a bit di erently, depending on whether you’re using Android or iOS, since Android allows for deeper integration. Essentially, it works with your SMS and phone system on Android; on iOS, it’s a separate app independent from SMS and phone. In both cases, however, it uses your regular contacts list and automatically detects if anyone on it also has Signal, so you don’t need to set up an independent contact list. To use it, just follow these steps: Grab the app from the iTunes App Store or Google Play (there’s also a PC version that’s in beta, but it still requires an Android device to act as a relay).
e rst thing that will happen is that you’ll be asked to verify your mobile number. Enter you mobile number in the eld provided, then tap ‘Verify this device’.
If you’re on iPhone, you’ll receive a veri cation code via SMS that you’ll need to enter into the app. If you’re on Android, you can skip this step; it can read your SMSs and extract the number automatically. On iPhone, Signal will also ask you to grant it permission to access your contacts. Tap ‘OK’. You may also be asked if you want to allow Signal to send noti cations.
Once you’ve done that, tap on the compose button on the top right (iPhone) or bottom right (Android). A list of all the people on your contact list who also have Signal will appear. If there are none, you can tap on ‘invite contact’, which will send an SMS to a person on in your contacts with a link to Signal.
Tap on a name to send them a text message. If you’d like to make a phone call, tap on the phone icon next to their name. On iOS, you’ll only be able to message/call people with Signal from within the app. On Android, you can message anybody in your contact list, but if the recipient doesn’t have Signal (the presence of which is indicated by a closed lock icon), then it will use normal unencrypted SMS or phone calling to communicate.
You can also create groups and start a group chat by tapping on the group chat icon in the top right.
When you’re making a call, two words will appear on screen. Verify that the person you’re speaking to is seeing the same two words (just ask them). is is a protection against man-in-the-middle attacks. If you’re seeing di erent words, then somebody is potentially listening in.