Protect your chats from prying eyes
LEARN THE BENEFITS OF MESSAGING YOUR CONTACTS WITH END-TO-END ENCRYPTION.
AT THE TIME of writing this article, the government was getting ready to unveil a new set of regulations designed primarily to help law enforcement tap into personal communications. We currently don’t know what those regulations are, but the government is making serious noises about telecommunications providers, as well as software and hardware companies, being required to monitor and give up the contents of your personal communications at the government’s request.
As security nuts, we’re, let’s say, interested to know how this pans out. The government has said it doesn’t want direct backdoors or to weaken encryption, but asking companies to monitor communications and hand them over on request amounts to the same thing. In short, it appears the government may want to reverse some of the positive progress we’ve made in recent years on privacy.
The biggest part of that progress has been the move to end-to-end encryption as a standard. End-to-end encryption means that only the sender and receiver of a communiqué can actually read or view the contents of the data. Not even the messaging or telecommunications provider can read the contents of an end-to-end encrypted message. In some cases, the app provider might log that there has been communication between two parties (“Joe Bloggs talked to Mary Sue at 4pm on Tuesday”) but the contents of that communication would remain hidden.
More and more apps have built in end-toend encryption. That means the government’s desire to tap into all those communications seems doomed to fail unless it can compel companies to modify their software or provide local monitoring on their hardware (such as monitoring spyware on phone handsets).
That would, in turn, potentially open up the applications to non-government monitoring. Backdoors tend to make it into the wild, which is a concerning possibility.
For now, though, there are plenty of apps with proper encryption, capable of keeping your communications out of the hands of both private and state actors. This month, we’ll run you through some of the best.
SIGNAL
signal.org Signal is the top privacy tool, the one that is most often mentioned when it comes to secure communications. The Signal privacy protocol is actually being employed in other apps as well. For example, the encryption in WhatsApp and Skype also use the Signal protocol. Signal doesn’t gather user data or call metadata and it’s open source. You can have text chats and voice chats, all secure in the knowledge that the contents of those communications are between you and the other party.
Signal is very easy to use, integrating with your existing address book on your phone for easy connectivity with people you know. Just start it up and you’ll see people in your address book who also have Skype, so you can instantly text or voice chat securely with them.
RIOT
riot.im Developed in the UK, Riot is a relatively new text, voice and video chat tool that’s making impressive waves. Although its encryption system is still in beta, it does support end-to-end encryption and you can optionally use your own servers instead of Riot’s servers for video communications. That means you can avoid metadata collection and monitoring on group communications by setting up your own communications server. It also has identity verification, and the software has been audited for security leaks.
In terms of usability, Riot is largely on a par with Skype, Jitsi and other similar tools. It’s allows the easy creation of groups, as well as 1:1 communications.
THREEMA
threema.ch Threema is another voice and text chat tool
that receives top privacy marks from the EFF and other privacy organsations. It certainly puts it front and centre, including more than just end-to-end encryption.
It collects no metadata, and can delete messages after they are sent. It has identity verification similar to Signal, and does not collect any personal information about users. Users are identified only by an anonymous Threema ID, with no email address or mobile phone number required to use the service.
We’ve found it easy enough to use, on par with the likes of Signal. It also has some really cool tools, like instant polls and agree or disagree voting systems.
WIRE
wire.com Built (like Threema) by a Swiss company, Wire is another top ranking secure communications app, capable of voice, video and text chat in a simple app for mobiles and desktops. It open source, and even supports screen sharing and sketching tools, all encrypted.
It’s not free, however, requiring a monthy subscription, and it’s not quite as private as the likes of Threema and Signal, since the company can still collect some metadata and does require that you use a personal email address to sign up.
As with most video chat apps, only 1:1 video chats are fully end-to-end encrypted, since conferences require an intermediary server to mix the signals. Wire can also collect metadata, though it says that it keeps such collection to a minimum.
JITSI (AND JITSI MEET)
jitsi.org Now owned by Australian company Atlassian, Jitsi is a voice, text and video chat tools that remains open source and free, and continues to support end-to-end encryption through off-the-record (OTR) messaging and end-toend encrypted video. We’ve found that figuring out the encryption in Jitsi does take a little work, but it does have the tools built in to ensure that your communications are kept to yourself.
SKYPE
www.skype.com Microsoft’s video, voice and text chat application, now built into Windows 10, is used by over 300 million people. Just this year, Microsoft finally added end-to-end encryption for text and audio calls through a feature called Private Conversations. This employs the Signal protocol to ensure these conversations are kept private, although Microsoft likely still collects metadata on the conversations (who spoke to whom and when).
Private Conversations isn’t the default. You have to manually initiate it by selecting ‘New Private Conversation’ from the Compose menu. It’s also doesn’t support video.
www.whatsapp.com Somewhat surprisingly for an app owned by Facebook, WhatsApp gets some of the top marks for privacy from independent reviewers. It now employs the Signal protocol across all platforms, ensuring end-to-end encryption with no central storage of encryption keys. The code has been audited, and it even employs Signal’s authentication scheme to ensure that you’re not being hit by a man-in-the-middle attack.
Although WhatsApp does collect user information and log metadata, it’s still actually pretty solid with respect to privacy.