The goal of this post is not to assess which messenger provides the best "security" features by certain technical standards, but to help you think about precisely the kind of security you need.
This statement was originally published on eff.org on 28 March 2018.
All the features that determine the security of a messaging app can be confusing and hard to keep track of. Beyond the technical jargon, the most important question is: What do you need out of a messenger? Why are you looking for more security in your communications in the first place?
The goal of this post is not to assess which messenger provides the best “security” features by certain technical standards, but to help you think about precisely the kind of security you need.
Here are some examples of questions to guide you through potential concerns and line them up with certain secure messaging features. These questions are by no means comprehensive, but they can help get you into the mindset of evaluating messengers in terms of your specific needs.
Are you worried about your messages being intercepted by governments or service providers?
Are you worried about people in your physical environment reading your messages?
Do you want to avoid giving out your phone number?
How risky would a mistake be? Do you need a “foolproof” encrypted messenger?
Are you more concerned about the the “Puddle Test” or the “Hammer Test”?
Do you need features to help you verify the identity of the person you’re talking to?
We can’t capture every person’s concerns or every secure messaging feature with a handful questions. Other important issues might include corporate ownership, country–specific considerations, or background information on a company’s security decisions.
The more clearly you understand what you want and need out of a messenger, the easier it will be to navigate the wealth of extensive, conflicting, and sometimes outdated information out there. When recommendations conflict, you can use these kinds of questions to decide what direction is right for you. And when conditions change, they can help you decide whether it’s time to change your strategy and find new secure apps or tools.
This post is part of a series on secure messaging.
Find the full series here.
Are you worried about your messages being intercepted by governments or service providers?
End-to-end encryption ensures that a message is turned into a secret message by its original sender (the first “end”), and decoded only by its final recipient (the second “end”). This means that no one can “listen in” and eavesdrop on your messages in the middle, including the messaging service provider itself. Somewhat counter-intuitively, just because you have messages in an app on your phone does not mean that the app company itself can see it. This is a core characteristic of good encryption: even the people who design and deploy it cannot themselves break it.
Do not confuse end-to-end encryption with transport-layer encryption (also known as “network encryption”). While end-to-end encryption protects your messages all the way from your device to your recipient’s device, transport-layer encryption only protects them as they travel from your device to the app’s servers and from the app’s servers to your recipient’s device. In the middle, your messaging service provider can see unencrypted copies of your messages – and, in the case of legal requests, has them available to hand over to law enforcement.
One way to think about the difference between end-to-end and transport-layer encryption is the concept of trust. Transport-layer encryption requires you to trust a lot of different parties with the contents of your messages: the app or service you are using, the government of the country where the service is incorporated, the government of the country where its servers sit. However, you shouldn’t have to trust corporations or governments with your messages in order to communicate. With end-to-end encryption, you don’t have to. As a matter of general privacy hygiene, it is generally better to go with services that support end-to-end encryption whenever possible.
Are you worried about people in your physical environment reading your messages?
If you are concerned that someone in your physical environment – maybe a spouse, teacher, parent, or employer – might try to take your device and read your messages off the screen directly, ephemeral or “disappearing” messages might be an important feature for you. This generally means you are able to set messages to automatically disappear after a certain amount of time, leaving less content on your device for others to see.
It’s important to remember, though, that just because messages disappear on your device doesn’t mean they disappear everywhere. Your recipient could always take a screenshot of the message before it disappears. And if the app doesn’t use end-to-end encryption (see above), the app provider might also have a copy of your message.
(Outside of messenger choice, you can also make your device more physically secure by enabling full-disk encryption with a password.)
