Encrypt your messages
- Surging onion, egg, squid costs spice up Asian inflation outlook
- Apple Watch 3 has connectivity glitch, shares take a hit
- Google buys HTC engineers for $1.1 billion to aid hardware push
- Pension crisis looms for India as workers shun sunset savings
- Pakistan PM seeks implementation of UNSC resolution on Kashmir
We live in times when the most critical gadget we own is our smartphone. Our banking details, financial information, emails, instant messages, photos and videos are all on the smartphone. This can be classified as sensitive data, which, if it falls into wrong hands, can be misused. Attacks on online privacy and the dangers of digital snooping as well as data theft are all too real these days, be it from hackers or malware attached to apps which can infiltrate your phone. These threats are perhaps the most relevant to our instant messenger chats, since a major chunk of our communication and information exchange with family, friends and colleagues now takes place on instant communication apps such as WhatsApp, WeChat, Facebook Messenger and Google Allo. According to research firm Statista, as of July, WhatsApp had 1.3 billion monthly active users, Facebook Messenger, 1.2 billion, and WeChat, 963 million active users.
How encryption works
To understand the process of encryption, let us look at an example of a chat between you and a friend. On your phone, your messaging app generates specific keys for you when you log in—one may be a private key and another would be a public key. The private key remains in your phone as your identifier for chats that may be sent to you, while the public key is sent back to the app’s servers and eventually to the receiver of the message. This key encrypts the message you are sending, before it leaves your phone, and can only be unlocked by the receiver signed in on their phone, who would also have their personal encryption key. Unless the receiver’s app unlocks the message, it cannot be accessed or read by anyone else. Second, none of your messages are stored on the app’s servers; the moment a message is sent to the recipient, it is removed from the servers too.
The need for encryption
Simply put, encryption is the method by which the communication can be scrambled in a way that no one else, except the intended recipient of the message, can intercept it or read its contents. However, this isn’t entirely a foolproof solution, and any organization, armed with the right set of software tools, can un-encrypt a message that was not encrypted using end-to-end encryption. End-to-end encryption adds another layer of security, making it harder to be snooped on.
While your favourite instant messenger app may be doing its best to secure your chats, there may still be some weak links. As a basic condition for secure chats, end-to-end encrypted messages require that both ends of the conversation should be using the same system for the chain to complete itself.
First, we all must surely be regularly backing up our messaging app chats—on Google Drive (Android phones) and iCloud (iPhone). The security of these storage mediums, though they claim to have top-notch encryption systems in place, are not in control of the developers of instant messaging apps.
If you haven’t secured your phone with a passcode, chats can be accessed by anyone if the device is left unattended.
Third, if you tend to save or share screenshots of conversations, those shares are not secure, leading to information leaking out.
Finally, there is the whole privacy debate as well about apps themselves sharing user data with third parties. Instant messaging app WhatsApp is currently in the dock for sharing user names, phone numbers, device details, etc., with Facebook, after the popular social media network acquired WhatsApp. For all the complications in that debate, it is the sort of data sharing that as users, we have no control over.
Android, iOS, Windows, web
WhatsApp uses end-to-end encryption, developed by software security firm Open Whisper Systems. The entire chain requires private and public authentication keys for you and your contacts to read the messages. Other apps simply encrypt messages to their servers, WhatsApp encrypts the message till it is delivered to the actual recipient’s phone
Android and iOS
Signal, by Open Whisper Systems, has end-to- end encryption. You can send messages that self-destruct after a specific duration of time. The app also has encrypted voice and video calls. It uses AES-256, Curve25519 and HMAC-SHA256 standards, you can configure an app password and also prevent info theft by disabling screenshots of your chat window.
Android, iOS, Windows Phone, Windows, MacOS, Linux, web
One of the early starters on encryption, Telegram uses dual layers of encryption based on the 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange standards. Secret Chats option has end-to-end encryption, and is an option you need to enable manually.
Android, iOS, web
Facebook Messenger now gets end-to-end encrypted messages, via the Secret Conversations feature. You need to manually opt in for this (Messenger -> Profile -> secret conversations -> enable). You will see all the other devices you have used to sign in to Messenger, giving you the option of revoking private chats feature from them.
Android, iOS, Windows, MacOS, Linux
Chats on Viber get a colour-coded lock icon to indicate chat security—green is for encryption with a trusted contact, grey indicates encryption with other contacts, and red means that the chat isn’t secure. On shared phones or PCs, you can easily hide chats. You get text, voice and video conversations within one app.