It may not matter to you as much as it does to others, but how we control who gets what when it comes to our data and when we communicate is still a very important discussion to have. It matters now more than ever and will matter even more as time goes by because tools and tricks to get unauthorized access to our stuff get better and better.
Here in the United States, there has been a lot of recent talk about our messages and what might happen if the right person reads the wrong thing. The NSA can intercept data you send to someone else in a text or email or instant message. They’ve been able to for years. Your internet service provider and cell phone carrier can do the same. While recent fears revolve around what the current administration in Washington might do, it’s important to know that the last administration had the same capabilities and might have done exactly what people are worried about in 2017.
Maybe we can’t keep them from snooping, but we can make it pretty damn hard for them to read it if they do.
A lot of applications promise secure messages between you and someone else. Some very popular apps, namely WhatsApp and Facebook Messenger, offer encrypted and secure cross-platform messaging according to their description. But a lot of researchers and security professionals have a very different opinion and offer some pretty compelling evidence that Facebook has access at will. These folks say we shouldn’t trust WhatsApp or Facebook Messenger when it comes to encrypted messaging and that’s cause for concern and shouldn’t be dismissed.
Security researchers have great things to say about Open Whisper Systems because they can look at every line of code to verify exactly how it works.
Google, too, offers an end-to-end encrypted messenger in Allo. While there is no evidence that Google’s claims aren’t to be taken at face value, many have concerns because Google’s business is looking at your data. And encryption isn’t enabled by default in Allo, so many users aren’t aware it’s there or have trouble finding how to send secure messages. For two savvy users, it’s a valid option.
On the “other” team, iMessage is great. But cross-platform is a must in my opinion, and iMessage can’t offer what we need unless everyone is using an iPhone.
I’ve been testing secure messaging apps for a while. I ignored the most controversial examples from Facebook and Google and instead focused on what else is available on Google Play. The client had to be cross-platform and offer encryption by default. Once you narrow it down this way the choices are fewer, but I found an app that offers everything I need for secure messaging.
Signal is the app I would direct anyone looking for a simple but secure solution to cross-platform messaging. It doesn’t have the giant set of features that WhatsApp or even Allo does, but the interface is pleasantly minimal and the app is easy to use. The setup is easy enough for anyone to walk through and it only takes a few minutes to get everything up and running so you can send end-to-end encrypted messages to anyone who has the Signal app.
The best cross-platform encrypted messenger app is Signal.
After testing, I think the Signal app and technology is secure, and so do security researchers at Oxford, QUT, and McMaster who gave glowing praise during a recent security audit of the app.
Forget Gmail, iCloud or Live email accounts. These services are convenient, easy to setup and use and great for almost any email need. Except for real encrypted mail. Messages may be secured between you and the provider as long as you choose the right settings and send mail the right way, but once it leaves their hands, anything goes. These companies make no claims that they offer a completely private email solution, so we should use them for everyday needs and enjoy their features, but not rely on them for anything sensitive.
The best thing anyone who isn’t ready for keystore-based self-encryption can do is to find a secure third party service who guarantees end-to-end encryption when both parties are using a secured service. There are a few good ones available, but I decided to stick with ProtonMail.
ProtonMail is the best turn-key encrypted email service for most people. And a basic account is free.
ProtonMail offers a single account with 500MB of storage for free. Paid options with multiple addresses and more storage start at $5 per month and extra storage is $1 per month per gigabyte. The prices are reasonable if the free account isn’t enough for you, but that’s not the only reason they are my choice. The company is based in Switzerland and not subject to data access laws from any other country, and it’s very unlikely that anyone will get access to your account unless you give it to them or they find a way to break in.
To top things off they have excellent mobile apps and the desktop web login is responsive and extremely easy to use.
Advanced users might want to manage their own encryption and use a paired key system like OpenPGP. That’s pretty simple on an Android device. You’ll need two apps:
OpenKeychain is a full featured OpenPGP key manager that lets you create, import, share and upload an encryption key. You can also encrypt or decrypt files or text or even create a self-signed password-protected encrypted attachment. They offer a complete API and can hook into the Android intents system so that any developer of any app that could use a bit of extra security can build support right into their service. If you are familiar with GPG or PGP encryption and key management, OpenKeychain will be easy to use.
K-9 Mail has been around forever, and version 5.2 or later offer complete OpenPGP support. K-9 supports POP, IMAP, and Exchange accounts and with OpenKeychain installed you can send and receive encrypted email seamlessly. The combination of these two apps mimics the great support for OpenPGP in mail apps for the desktop.
Nothing is foolproof and any encryption can be cracked if you try hard enough for long enough. But these solutions can help you control who is reading your messages and mail and who isn’t.