How to keep messages secure - via TeenVogue

TeenVogue magazine is making quite a name for itself beyond the stereotype of makeup tips and boy-band gossip.  Nicole Kobie has an excellent explanation of the considerations when choosing a messaging app.

The article explains ‘threat model’ or who might be interested in your messages.

If you’re only worried about casual snooping from nosey friends or relatives you have a relatively low ‘threat model’.   The popular WhatsApp is probably enough for most of us.

Someone who might be hacked by a government or corporation (never forget corporate espionage) has a much more stringent ‘threat model’.  Politicians, journalists, activists and others who handle ‘sensitive’ information should use a more secure messenger like Signal.

Same encryption but very different

Most of the major messaging apps now use Signal’s core technology for encryption but the way they implement it is different.  That’s why some apps are considered to be less secure even though they use the same encryption.

WhatsApp saves a lot more information about its users including when and where messages are sent/received.  It’s the equivalent to a phone company having call logs.  WhatsApp doesn’t know the content of your messages, but it knows who you are messaging, when and roughly where you were.  All that information can and is supplied to a government agencies.

Compare that to Signal which has no message logs and only a bare minimum of information about each user.

Sending documents

With our ‘Microsoft Office nerd’ hat on, we have to prefer WhatsApp over Signal.

While WhatsApp isn’t as secure or private as we’d like, it does allow sending of documents.

Signal is the better, more private, choice if you don’t need to send documents.

Secure your phone

…privacy invasion may not come from the NSA or security services, but the people in your life — if you want to keep your parents or siblings from seeing your messages, you don’t need a secure app so much as a PIN to unlock your phone.

There’s not much point in having encrypted messaging if anyone can pick up your smartphone and read it!

Modern smartphones have various screen locking options.  PIN codes, drawing a pattern or even face recognition.  Make sure you’re using one of these to stop casual snoopers and annoy thieves.

The recent Wikileaks disclosures suggest that the major spy agencies have not broken the encryption on Signal, Wickr or WhatsApp messages.  The risk is from extra software on your device which can ‘read’ the messages before encryption or after decryption by a receiver.

Be careful what you install on your phone.  For most of us that means only installing apps from the iTunes Store or Google Play.