Emails and messages are the lifeblood of your online activities. Unfortunately, for many people, they are unwittingly sent and received in an insecure manner. This has great privacy implications. It is a very disturbing fact that a lot of private and confidential information is transmitted insecurely by people every day, with very little regard for their privacy.
If you have to trust your life to keep your messages private, which one should you use?
Before we can delve further, there are a few concepts you need to understand:
Transport Security
Most of the time, messages don’t travel directly from the sender to the recipient. They have to go through an intermediary. Even traditional snail mail requires an intermediary, which is the postal service. Likewise, most messaging service providers have servers on the Internet for routing your messages to the correct recipient and holding messages temporarily if the recipient is not yet connected online.
Transport layer security ensures your messages are secured on the way to the messaging server and from the server to your recipient. To put it simply, whoever looks at the traffic between you and your messaging server from the outside (e.g. the NSA) can only see gibberish. But once your messages arrive at the server safely, the server can read your messages. So, how do you protect your messages from the prying eyes of whoever controls the server? That requires end-to-end encryption.
End-to-End Encryption (E2EE)
This means that before your message leaves your device/computer, it is encrypted with a key that only you and your recipient know. Then you send that encrypted message to the server with a layer of transport security. Once your encrypted message arrives at the messaging server, whoever controls the server still cannot read your message because it is encrypted. Then the server forwards the encrypted message to your recipient. Your recipient can read your message because both of you have engaged in a cryptographic protocol to ensure that he/she has the decryption keys to read your message.
To put it simply, with E2EE, the messaging server receives and forwards gibberish for its users.
Perfect Forward Secrecy (PFS)
Imagine the situation where the NSA secretly seize control of the messaging server. It will then be able to collect all the gibberish (encrypted messages) that both you and the recipient are exchanging. Let’s say the NSA has been collecting your gibberish for the past 10 years.
Next, let’s say one day, the NSA seize or hack your device and obtain the encryption key that you use for E2EE encryption. In one swoop, they will then be able to decrypt all the gibberish that they have been collecting for the past 10 years. In other words, all the private communication between you and your recipient in the past 10 years is compromised. So, how do you stop this from happening?
The solution is to use a Perfect Forward Secrecy (PFS) cryptographic protocol. In this protocol, the encryption keys in E2EE are used once only and discarded and lost forever. So, that means even if the NSA hacks your device and steal your encryption keys, they cannot decrypt your past communications with your recipient. They may be able to compromise your future communications, but all the messages that you had sent for the past 10 years are still safe.
Now, let us look at each messaging service one by one.
1. Email
Email and privacy is an oxymoron.
There may be Transport Security when you transmit your email to your email server. But once it arrives at your email server, all bets are off. You have no control over how your email will be kept private. Therefore, as I wrote in my book, Digital Security & Privacy for Dummies, emails are as private as postcards.
2. ProtonMail
Take note of this: only emails sent between ProtonMail users are protected with E2EE. Once you send emails to non-ProtonMail users, you lose the protection of E2EE.
However, emails sent to non-ProtonMail users can be encrypted with a password. The recipient must know that password. But then, the question is, how do you communicate to your recipient to pre-arrange the password? If you use a secure online communication channel to pre-arrange that password with your recipient, then you may as well send the content of the email using that channel in the first place. That makes ProtonMail redundant.
There are a couple of other problems with ProtonMail. Firstly, there is no PFS with ProtonMail. Secondly, as this Tech Crunch article reported, you are anonymous until you are not when ProtonMail is forced by the Swiss authorities to reveal your IP address.
3. iMessage
Apple claimed that iMessage has E2EE. But as their Apple Platform Security white paper revealed, they still control the distribution of encryption keys. So, that cannot be truly E2EE. Furthermore, iMessage does not have PFS.
But my biggest reservation with iMessage is the strength of the cryptography that they use. I have written in-depth about this at Can you trust Apple’s iMessage encryption with your life?.
4. Telegram
I am NOT in favour of Telegram.
Their crypto is unproven and messy
They rolled their unproven cryptographic protocols. As cybersecurity expert Steve Gibson said,
Telegram’s crypto is a godforsaken mess. I’ve never used it and never would!
The problem with using unproven cryptographic protocols is that you never know what security problems are waiting to be discovered in future. Recently, the future has already arrived. A security researcher has analysed their protocol and found some weaknesses:
We performed a detailed security analysis of the encryption offered by the popular Telegram messaging platform. As a result of our analysis, we found several cryptographic weaknesses in the protocol, from technically trivial and easy to exploit to more advanced and of theoretical interest.
For most users, the immediate risk is low, but these vulnerabilities highlight that Telegram fell short of the cryptographic guarantees enjoyed by other widely deployed cryptographic protocols such as TLS.
The last sentence is yet another serious problem with Telegram.
Usually, messaging services uses TLS in their Transport Security, which is a proven, time-tested industry-standard cryptographic protocol. TLS has been analysed, scrutinised, poked and taken apart for many long years. It is ubiquitous because it stands the test of time. What you are reading now on the website is secured with TLS. Your Internet banking is secured with TLS.
But what does Telegram use for their Transport Security? They use their unproven protocol called MTProto. And now, the above-mentioned security researcher found some problems with it.
Group chats are not E2EE
Next, group chats in Telegram are not secured with E2EE. Telegram can see all your group chat messages.
One-on-one chats are not E2EE by default
By default, when you chat with a person on Telegram, it is not secured with E2EE. By default, Telegram can see all your one-on-one chat messages.
If you want to send a private message, you have to use their “Secret Chat” feature to turn on E2EE using Telegram’s discredited MTProto cryptographic protocol.
Next, I find a usability problem with their “Secret Chat” feature. Before you can send an E2EE message to the recipient, you have to wait for him/her to come online on Telegram. So, as long as your recipient has not logged into Telegram, you cannot establish an E2EE chat session. You have to wait. The awkward usability problem arises from the way they implement PFS in their “Secret Chat”.
5. Signal
Signal is my favourite private messaging app. They use proven time-tested cryptographic protocols. Their software is open-sourced, which means their software code is exposed to the public to scrutinise. In fact, Signal’s cryptographic protocol is the gold standard that is so good that other messaging apps (e.g. Google’s encrypted RCS chat, Facebook Messenger, WhatsApp, Skype) are adopting it too. However, Signal’s implementation of their cryptographic protocol is the most private.
All messages, be it one-on-one chats and group chats are E2EE. You cannot turn off E2EE. Not only that, every message that you send is protected with PFS using their Double-Rachet algorithm. The beauty of their Double-Rachet algorithm is that you can have PFS without the awkward usability problem that Telegram has. That is, you can send an E2EE message without having to wait for your recipient to log in to Signal first.
Now, what if the NSA secretly seize control of Signal’s server, then pretend to be your recipient in front of you and then pretend to be you in front of your recipient? That is the classic Man-In-The-Middle (MITM) attack. You could then be sending an encrypted message to the NSA, who then read it before re-sending it to your recipient. In that case, the Signal app provides a means for you to find out about this ruse. The next time you meet your recipient face-to-face, both of you can compare the “Safety Number” of the chat session in the Signal app. If they both match in both of your smartphones, then that conversation is private. If they don’t match, you know that someone is listening in.
Another feature I like about Signal is its “Disappearing Message” feature. You can set all messages in a chat session to automatically disappear after a specific period of time after it is read by the recipient. If you combine this feature with PFS, your chat is as close to ‘off-the-record’ as you can get for an online messaging service. NSA cannot decrypt your past messages and all decrypted messages residing in everyone’s phone will disappear eventually.
In terms of privacy, Signal collects very little information about you. One notable privacy feature is “Sealed Sender”. In this feature, the identity of the sender of every encrypted message is also encrypted along with the message content. As a result, only the recipient knows who the sender of the message is. When Signal receives an encrypted message to forward to the recipient, it does not know who the sender of the message is. Hence, not even the government can force Signal to reveal who is sending messages to who because they made it technically impossible to know.
There is, however, one problem with Signal. To use Signal, you need to link your phone number to the service. Your phone number can be linked to your identity. Therefore, you cannot use Signal anonymously.
6. WhatsApp
Now, let’s come to the biggest messaging service: WhatsApp.
WhatsApp is a paradox. On one hand, they adopt Signal’s cryptographic protocols to implement E2EE and PFS. That should make WhatsApp very good for privacy right? Unfortunately, no.
WhatsApp is owned by Facebook. But the words “privacy” and “Facebook” is an oxymoron. Even though Facebook cannot read the contents of your WhatsApp messages, they ‘compensate’ by collecting all other information about you. To show you the difference between Signal and WhatsApp, below is Apple’s App Store’s privacy report for the various messaging apps:
Basically, anything that is not the content of your encrypted messages will be hoovered up by Facebook’s powerful data collection machine. In contrast, Signal wants to collect as little information about you as possible.
There is another thing to note about WhatsApp. If one of your recipients reports one of your messages to Facebook, that message, along with four previous messages, will be decrypted and sent to Facebook for review.
7. Threema
Threema is an obscure messaging app that I like too. It has E2EE and in my opinion, a more user-friendly design. Unlike all the other messaging apps, Threema is not free. And unfortunately, hardly anyone is using Threema.
The advantage of Threema over Signal is that you can use it anonymously. You don’t need to use your phone number or email address to open a Threema account.
The disadvantage of Threema is that it does not have PFS.
So, which messaging apps should you use? It depends on what is most important to you.
- If anonymity is very important to you, then don’t use Signal. On the other hand, if privacy is very important to you, and you want your messages to be as close to ‘off-the-record’ as possible, Signal is an ideal choice.
- ProtonMail is supposed to be anonymous, but the latest incident shows that your anonymity can be blown away by law.
- WhatsApp can keep your message content private, but all your other information is fair game for Facebook to collect. So, you don’t really have privacy with WhatsApp.
- iMessage is private as long as you trust Apple and you are not specially targeted by an attacker with the resources of a nation-state.
- If anonymity is very important to you but you can’t care less about privacy, then you can use Telegram.
- If you want privacy and anonymity but is willing to forgo PFS, then Threema is the choice. However, since hardly anybody is using Threema, you can’t use to communicate with most people.
One final point: if your device or messaging app ever gets hacked, all bets are off in terms of security and privacy. In such an event, the hacker can circumvent all the encryption, security and privacy features of your messaging app.