Cybersecurity 101: How to choose and use an encrypted messaging app

Since the early days of cellular technology, text messaging has existed and has given rise to a distinct language. But it’s time to retire the practise of sending standard SMS texts.

If you own an iPhone, you’ve taken the first step. iMessage is the messaging service used by iPhones, iPads, and Macs to communicate with other Apple devices. Unlike SMS, which employs the obsolete but ubiquitous 2G cellular network, this communications system is data-based and relies on 3G, 4G, and Wi-Fi. Although iMessage has gained popularity, Android smartphones and other laptops are still without this feature.

Other messaging providers have filled a need in the market by providing such functions.

Data-based apps that function on several platforms include Wickr, Signal, WhatsApp, Wire, and WhatsApp. The best part is that they are end-to-end encrypted, which means that messages are scrambled on the device at one end of the discussion and uncrambled on the device of the receiver at the other. Due to this, it is almost hard for anybody to understand what is being said, even the app’s creator.

Numerous well-known applications, like Instagram, Skype, Slack, and Snapchat, do not provide any end-to-end encryption. Although it’s not enabled by default, Facebook Messenger includes the option to employ “secret” end-to-end encrypted communications.

What you should know is as follows.

Why hate on SMS messaging?

Short Message Service, or SMS, has been around for more than three decades. It’s typically dependable, but it’s pricey, out-of-date, and inefficient. SMS texting is unsafe for a number of reasons as well.

SMS communications are not encrypted, thus cell providers, governments, and even organised and less-skilled hackers may read the contents of each text message. This implies that your codes might be stolen even if you use SMS to safeguard your online accounts with two-factor authentication. SMS communications can leak metadata, which is information about the message but not its actual contents, such as the sender and recipient’s phone numbers, which may be used to identify the parties to a discussion.

You can never be certain that an SMS message comes from a certain individual since SMS messages may be faked.

Additionally, a recent FCC decision has expanded the ability of phone carriers to censor SMS texts. The FCC promised to reduce SMS spam, but many are concerned that this might be done at the expense of free expression.

An encrypted messaging app is the solution in each of these situations.

What are the best encrypted messaging apps?

The straightforward response is Signal, an end-to-end encrypted messaging programme that is open source and regarded as the industry benchmark for safe consumer messaging services.

With other Signal users, Signal supports and encrypts all of your texts, calls, and video chats. Some of the most knowledgeable cryptography and security specialists in the world have examined and validated its code, and they are confident in its security. Some people have questioned the app since it utilizes your mobile phone number as its point of contact, but it’s simple to set up a separate phone number for the app without losing your own cell number. The software is designed from the ground up to gather as minimal information as possible, apart from your phone number.

Recent government requests for data from Signal revealed that the app developer had practically nothing to provide. Your communications are encrypted, but each participant in the chat may also set messages to expire, ensuring that even if a device is hijacked, the messages will already have vanished. For further protection, you may even add a different lock screen to the app. The app also continues getting better and better. Signal just released a new feature that improves message sender anonymity by hiding the sender’s phone number.

However, there is a far more complex solution than “simply Signal.”

Every individual has unique demands, desires, and requirements. The best encrypted messaging software for you will depend on who you are, what you do, and who you communicate with.

For high-risk occupations such as journalism, activism, and government work, Signal may be the go-to tool. For those who just wish to communicate with their friends and family without having to worry about someone reading their messages, many will find that WhatsApp, for instance, is enough.

You may have heard some inaccurate information regarding WhatsApp in recent years. This misinformation was mostly the result of inaccurate and deceptive reporting that stated there was a “backdoor” that allowed other parties to access messages. These allegations lacked support. On its 1.5 billion users, WhatsApp does gather certain information, such as metadata on who is contacting whom and when. If the police make a request and have a valid court order, such information may be provided to them. But since communications are end-to-end encrypted, they cannot be read. Even if it wanted to, WhatsApp cannot reveal such communications.

Many people are unaware that Facebook, which has been embroiled in several security and privacy problems over the last year, is the company that owns WhatsApp. Facebook has said that it is dedicated to maintaining WhatsApp conversations end-to-end encrypted by default. Security experts have noted that Facebook may yet decide to modify its policy in the future. While you should always be on the lookout for threats, using WhatsApp to transmit encrypted messages is still preferable than doing nothing at all.

The greatest piece of advice is to never type anything into an end-to-end encrypted messaging service that you wouldn’t want to be read in court, just in case.

Many people who trust Wire’s open-source cross-platform functionality for group chats and calls take use of it as well. The software chooses usernames over phone numbers, which many people who want more anonymity find more enticing than with other applications. Users should be aware that using the app on other devices comes with the trade-off that the programme preserves a record of everyone you’ve ever contacted in plain text. Wire also backed up its end-to-end encryption claims by requesting researchers to undertake an external audit of its cryptography.

Millions of people use iMessage, which is similarly end-to-end encrypted, without perhaps even realising that their communications are protected.

Other applications should either be used carefully or not at all.

Researchers discovered that apps like Confide, once popular among White House staffers, don’t properly scramble messages, making it simple for the app’s makers to covertly eavesdrop on someone’s conversation. Apps like Telegram have been criticized by experts for their error-prone cryptography, which has been described as “being like being stabbed in the eye with a fork.”

Also Read: Facebook is losing its grip as a ‘Top 10’ app as BeReal and TikTok grow

How to verify someone’s identity

How do I know a person is who they say they are? is a fundamental concern in end-to-end encrypted transmission.

A user’s identification is handled differently by each end-to-end encrypted messaging service. It’s what we refer to as “key verification,” albeit Signal refers to it as a “safety number” and WhatsApp refers to it as a “security code.”

Each user is identified by a unique “fingerprint” that is connected to their username, phone number, or device. Usually, it is a series of letters and numbers. A person’s fingerprint may be verified most easily in person. It is as easy as getting out your phones, starting a discussion on your preferred encrypted messaging service, and verifying that the fingerprints on both sets of devices are same. After that, you often click a “verify” button, and that’s it.

It is more difficult to confirm a contact’s fingerprint when you are not in person or online. It often involves exchanging your fingerprint (or a screenshot) through another channel, such Twitter, Facebook, or email, and assuring they match. (The Intercept’s Micah Lee provides a straightforward tutorial on how to confirm someone’s identity.)

You won’t need to reverify someone once you confirm their identification.

Your app may alert you if the fingerprint of a receiver has changed for an innocent cause, such as if they have a new phone number or used a different device to send you a message. However, it can also indicate that someone is attempting to pass for the other person in your chat. You should exercise caution and make another attempt to confirm their identification.

Some applications make absolutely no effort to confirm a user’s identity. For instance, there is no way to verify that someone isn’t surreptitiously listening in on your iMessage discussions since Apple doesn’t let you know if someone is listening in on your conversation or if the receiver of a message hasn’t been changed in any other manner.

Read more to learn how Signal, WhatsApp, Telegram, and Wire let you check your keys and get alerts when they change. (Spoiler: The safest option is Signal.)

You should also be aware of the following advice:

Encrypted message backups are usually not encrypted in the cloud:

The fact that your encrypted communications are often not encrypted when they are backed up to the cloud is crucial. Therefore, the government has the authority to request that your cloud provider, such as Apple or Google, extract and give the government with your encrypted communications. If this worries you, you shouldn’t backup your communications to the cloud.

Beware of desktop apps

The fact that many encrypted messaging applications are compatible with a wide range of platforms, devices, and operating systems is one of their advantages. Many also provide desktop versions for quicker responses. But during the last several years, problematic desktop software has been the source of most significant vulnerabilities. Keep an eye out for app updates. You should immediately restart the programme or your computer whenever an update calls for it.

Set your messages to expire

There is no magic about encryption; it just takes awareness and thought. If your phone is hacked or stolen and its data are accessible, end-to-end encryption won’t help you. Setting an expiration period for your discussions is a good idea to make sure that older messages are erased and no longer visible.

Keep your apps updated

Making sure your desktop and mobile applications are updated is one of the greatest methods to ensure your security (and get new features!). While security flaws are often discovered, you may not always hear about them. The best method to ensure you get security updates as quickly as possible and reduce the likelihood that your communications may be read or stolen is to keep your applications updated.

Leave a Reply

Your email address will not be published. Required fields are marked *