Whether it’s protecting your banking information from potential hackers or making sure some nefarious government agent doesn’t intercept sensitive data, there are a ton of reasons to use basic encryption technologies for your communications.
Last month we talked about the role encryption plays in protecting sensitive data in general. Today we present 3 tools you can use to protect yourself and your messages personally.
Facebook-owned WhatsApp boasts a huge 1 billion global users, making it the world’s most popular instant messaging app. In April 2016, WhatsApp added end-to-end encryption as the default state for its users. This ensures that no one other than the sender and receiver of the encrypted communication can read the content of the messages in question.1
This kind of encryption gives users protection from WhatsApp itself. Even if a hacker compromises the company’s data, or if a government forces the company to hand over the communications of its users, WhatsApp simply won’t have the keys to unlock them.
This makes it impossible for WhatsApp to comply with any request to violate their users’ privacy. The only people who can decrypt the encrypted communications are the sender and receiver, because they’re the only ones with the encryption keys.
But note that this does not prevent a government from obtaining certain metadata pertaining to the conversations. Basically, the government (or whoever is snooping) can tell which phone sent a message to which phone, even though they can’t tell what the content of that communication was.
Furthermore, new allegations have surfaced that WhatsApp’s encryption protocol contains a “backdoor” vulnerability that would allow Facebook, and presumably others, to read the contents of your messages. WhatsApp and some tech researchers have argued that these allegations are false, and that there is no backdoor. But I plan to stick with Signal until that controversy is clearly resolved.
Overall, WhatsApp may be pretty good, but for better security I would recommend our next tool: the Signal app. But don’t take it from me. Edward Snowden also agrees.
Signal is probably the leading phone-communication encryption technology out there, because of its ease of use and transparency. The app allows you to send end-to-end encrypted text messages and phone calls.
The code for Signal is open-source, meaning that developers from around the world can easily see the code and make edits to continually improve the security of the app over time. As soon as some hacker or government agency (or both) attempts to exploit a potential weakness, developers can make the necessary improvements to head those exploitations off. This creates a strong tick in Signal’s favor both for transparency’s sake, and also for the sake of rapid security updates.
Furthermore, Signal doesn’t track metadata related to the time and place that messages or phone calls are placed.
Signal also comes with other tools to protect your sensitive information, like the ability to set a self-destruct timer for texts to expire after a certain preset time limit.
Signal is probably the champion for secure messaging and phone calls. But for email, you’ll need another program altogether. That’s where ProtonMail comes in.
What’s cool about ProtonMail is similar to what’s cool about Signal, simply applied to email. Communications are encrypted end-to-end, and ProtonMail themselves has no access to user data. As ProtonMail’s security details page puts it, “With ProtonMail, privacy isn’t just a promise, it is mathematically ensured.”
This level of security doesn’t come without its risk. If you forget your password or passphrase, you will essentially be locked out of your email with no way of regaining access.
Another cool perk of ProtonMail is that its servers are all located in Switzerland, meaning what little data they do store on their servers is protected by Swiss law, including the Swiss Federal Data Protection Act and the Swiss Federal Data Protection Ordinance, which might just be the strongest privacy protections in the world.
Now, ProtonMail (like other secure email clients) takes a bit more work for you to set it up than an app like WhatsApp or Signal does.
For a quick 101 guide with screenshots and an exercise to test your encryption abilities, head over to this link. I went ahead and made my public key available on that page, in the event that some of you want to try and send me an encrypted email. ProtonMail is great on its own, but combining the use of ProtonMail with PGP encryption (as the above link will show you how to set up) will take your security to the next level.
Privacy and Freedom
There’s a common, yet mistaken, mindset out there that privacy is not something law-abiding people need. The common refrain goes, “If you aren’t doing anything wrong, then you have nothing to hide.”
But there are innumerable scenarios where a law-abiding citizen might want to conceal their communications from governments as well as from potential criminals that may be snooping on online networks.
Maybe you’re a journalist communicating with a government whistleblower, or you need to send confidential legal documents to your lawyer, or you need to send sensitive medical documents to an insurance company.
Preserving the integrity of communications like these is not criminal. Instead, it’s essential to life in a free society.
A free society needs this kind of fundamental privacy. And privacy in the 21st century means access to encryption.
1 By the way, for those of you still wedded to Facebook Messenger itself, it’s worth pointing out that Facebook recently rolled out a “Secret Conversations” feature for the Messenger App.