The three dominating means of communication are also the weakest: e-mail, phone, and physical mail. They were not built with security in mind. If secure communication is important, you may need to look beyond these.
Emails are passed around in plaintext across several middle points between the sender and the recipient. Even if the message itself is encrypted, metadata can end up saved on several unsecured servers.
The best solutions that have been developed so far are implementations of PGP (i.e. OpenPGP) and external systems that tie-in with email.
For the average user, the best bet is looking into PGP. It is an asynchronous encryption technology, where you encrypt something with one key (password) and decrypt with another. You write a message and before sending it, encrypt it with your private key (that, as the name implies, is private and should never be shared), after which the message can only be decrypted with your public key.
PGP works quite well once you have got over the initial hurdle of setting it up, but has failed to take off and reach any major levels of mainstream adoption. It’s not easy to set up and it can be cumbersome to use. In case you lose your private key, you need to generate a new one and send the new corresponding public key out to all your contacts again. If someone loses your public key, they can’t read your message.
And should your public key be compromised, all your messages are at risk of being decrypted.
For corporate users, various systems exist which send “encrypted emails”, which are in fact just regular emails with links to a (supposedly) secure website where the message can be read after the user authenticates somehow. These systems involve a lot of trust on unknown third parties, and should not be considered truly secure. Some banks use them and they usually do a pretty decent job of securing it but it’s still not great.
In recent years, a number of encrypted email providers have popped up. These are only good for internal communication between users of the same service. Emails sent outside are still subject to the same security risks as regular email. They often try to make using PGP easy when communicating with users of other email service providers, but that still requires the recipient to decrypt it somehow.
That’s not to say such email providers are useless. They are probably better than Gmail and other email service providers at protecting your privacy. But if you are after a way to exchange secure, encrypted messages with people, keep reading.
On June 15th, 2018, Ars Technica published an article outlining a “Decades-old PGP bug [which] allowed hackers to spoof just about anyone’s signature”. Full article here.
Of all the apps, Signal is the most tried and tested out there. It is recommended by EFF, journalists, Edward Snowden, and many others. Signal is built on the Signal protocol and is free and open-source software, developed by Open Whisper Systems, which also maintains the servers of the network.
Although it is the best, it’s not perfect. For one, you’re still dependent on your recipient to have secured their devices. Although Signal messages are extremely difficult (for all intents and purposes impossible) to intercept, they are nonetheless stored on the devices from which they are sent and the devices to which they are sent.
If you have Signal installed on both your phone and your laptop, make sure both are encrypted with strong passwords or biometric data. Also make sure to keep your devices updated and take steps to prevent and remove malware. Ask your contacts to do the same.
The biggest downside with Signal is that it’s tied to a phone number. This can make it personally identifiable.
In the news for being banned in Russia, Iran, and China, Telegram must be good, right?
Not necessarily. It has a number of major flaws, the biggest being that it’s not using a well-established encryption algorithm. Instead, Telegram has created its own protocol called MTProto. It’s beyond me to comment on the minute technical details, but people a lot smarter and experienced have voiced concern over this as it creates am attack vector of unknown magnitude and risk.
Telegram stores your private key on their servers along with messages and contacts. Hopefully, it is as secure and encrypted as they say, but there is no guarantee. It’s a case where a $5 wrench potentially can unlock all Telegram messages.
Additionally, Telegram doesn’t automatically enable end-to-end encryption. This can lead to exposed communications.
The app is fine as a messaging app. For security, it doesn’t hold a candle to Signal.
WhatsApp should be praised for being a pioneer in bringing end-to-end encryption to the masses. In fact, WhatsApp uses the Signal protocol. Given its enormous user base of well over one billion, this is a big step in the right direction for mass-market end-to-end encryption.
However, WhatsApp’s implementation of the Signal protocol isn’t entirely as secure as Signal itself. For a brief period in early 2017, there was confusion about there being a backdoor in WhatsApp. The general consensus is that there is no backdoor in WhatsApp’s encryption. It is however a tradeoff. I will borrow from the EFF article linked:
Suppose Alice sends a message to Bob encrypted with Bob’s key K1. Alice’s message is stored encrypted at the server until Bob can connect and download it. This behavior is required for any app that allows asynchronous communications (meaning you can send a message to somebody while they are offline), which nearly all popular messaging apps support.
Unfortunately, Bob just dropped his phone in a lake. Later on, Bob gets a new phone and reinstalls WhatsApp. On this new phone, the app will create a new key K2. There are two possible behaviors here:
- Fail safe: The server can delete the queued message, since it was encrypted with K1, which no longer exists. Bob will never see the message. If Alice has turned on key change notifications, she will be warned that Bob is using a new key. She will be told that her message was not delivered and given the option to re-send it. This is what Signal does.
- Proceed: The server will tell Alice’s phone that Bob has a new key K2, and to please re-encrypt the message for K2. Alice’s phone will do this, and Bob will get the message. If Alice has turned on key change notifications, she will then be warned that Bob’s key had changed. This is what WhatsApp does.
The Signal app will use the fail safe method. WhatsApp took the more user-friendly approach. Luckily, you get to choose which app you want to use (or both).
Generally secure and suitable for the average user. But if you’re the kind of person reading this article, scroll back up to Signal.
Contrary to what the marketing department at Japanese ecommerce giant Rakuten, creators of Viber, wants you to believe, Viber should not be considered a secure messaging service. I’m only listing it here to eradicate any doubt.
Avoid if security is a concern. If someone wants to communicate securely with you using Viber – educate them, or run.
Threema has built a very interesting product. They are trying to position themselves as more secure than its competitors by subjecting itself to Swiss data security law, using a data center that’s ISO/IEC 27001 certified, and encrypting data with AES-256.
It’s not free and it’s not open-source, and that’s a problem.
While the cost itself is trivial, paying is actually a big problem here. It creates a permanent financial link between the license you use and the application. All other apps mentioned are free for the user, with different financial models backing them. Signal relies on donations and fiscal sponsorships, which help keep it independent.
Not being open source means we have to trust Threema. While they may very well be trustworthy, the advantage with open-source is that the code can be reviewed by anyone at any time. Most open-source projects never are subjected to the level of scrutiny that is possible, but major ones (such as Signal) typically are.
Very popular but not secure enough as Slack are able to comply with government requests for information, including full-text messages.
Same as or worse than Slack. It’s probably safe to assume it’s less secure and privacy-minded than Slack, given its target audience and commercial model are different.
I haven’t used it but from what I can gather, a lot of effort has gone into making Wire the security-minded person’s preferred team chat application.
I like that it’s open-source and and that end-to-end encryption is the default.
I’m only mentioning it for the sake of completeness. IRC has been around for decades now. It only supports text messaging (no audio, no video). Encryption can be achieved by requiring TLS/SSL (the stuff that turns HTTP into HTTPS, basically) to connect to the server, but messages aren’t encrypted on the client side. The clients (the users) would have to take additional steps to encrypt the logged messages on their end, making IRC generally a poor fit for anything of a truly sensitive nature.
On a server not under your control, be aware that users might be able to connect without TLS/SSL in which case all messages seen by that user aren’t encrypted and your entire communication is exposed.
Phone calls cannot be encrypted without advanced, synchronized devices on both ends.
If you’re willing to go that far, you might find it a lot easier to just use an app like Signal. It’s practically difficult to wire tap any VoIP or voice chat service. Depending on the nature of and commitment from your counterpart (that you wish to hide from), it might even be enough to use Skype in low-risk situations.
WhatsApp is a good middle ground in terms of how widespread it is and the degree of security, the latter again being dependent on your opponent.
Unless you know and trust the party carrying the document from origin to destination, you are placing your trust in unknown third parties.
Physical mail has a lot in common with email. There can be a lot of middlemen and you have to trust each one to not intercept your correspondence.
Couriers are generally preferred by law firms and others who sent sensitive information physically. DHL has the best coverage in the world, reducing the risk that the courier will hand over the letter to a third party for last-mile deliveries.
The best risk mitigation is to ensure a trusted party carries the document the whole way, but because that’s obviously impractical in nearly all cases, the second best risk mitigation is to use an electronic correspondence such as Signal, encrypted email, or an encrypted external storage device such as a USB drive. But sometimes, neither of those are viable options either.
Should a physical document have to be transported by a third party, use a reputable courier service and take precautions:
- Use tamper-resistant envelopes made of plastic. They are hard to tear, but can still be cut relatively easily. It reduces the risk of accidental opening.
- Put the documents in a plastic sheet and bookend the documents inside the plastic sheet with thick, opaque sheets. Aluminium foil can be useful here (funnily satisfying the paranoid stereotype). With this, it’s harder to subject the letter to steam or high-brightness lamps to expose the contents without leaving a trace.
- Seal envelopes in a way that will make it obvious to the recipient that tampering has taken place, such as wax or special tape for closing the envelope.
- Don’t send everything at once. Or, even more extreme, pad important documents with non-obviously nonsense documents to throw an attacker off. Not very sophisticated and won’t work against a dedicated opponent.
- Old school, but if the letter is purely text, consider agreeing on a cipher with the recipient. Extremely cumbersome and on its own not terribly secure, but it can work. In lieu of a cipher, an obscure natural language can work (see Code talkers).
- If you have the right connections and the circumstances are right (i.e. your opponent isn’t your country), piggyback on an diplomatic bag and have the recipient collect the letter at the embassy or consulate. Sometimes, you can ask your embassy to help with this, especially if you are sending letters to a difficult, high-risk jurisdiction. They may insist on seeing the contents.
- Self-destructing envelopes exist but often trigger security scanners (or, worse, are triggered by such scanners). The self-destruction mechanism usually consists of drenching the document in an ink, paint, or other liquid to render the contents unreadable or at least less readable. These are accident-prone and generally not used outside of specialised circumstanced.