Secure Communication Apps
By Cody Shultz and Alec Harris
“Three may keep a secret, if two of them are dead.” — Benjamin Franklin
This quote by one of the founding fathers represents one of the greatest challenges of privacy — other people. It’s not always the ever-present adversary “prowling around like a roaring lion, looking for anyone he can devour,”[1] but sometimes the very person you are communicating with. During my time at CIA, there were plenty of folks who made their careers collecting information that other people swore an oath to keep secret. How then, in our globalized world, are we able to securely communicate with others that may be hundreds or thousands of miles away?
There are two problems to address: trusting the parties involved, and trusting the platform being used. Using one-time ciphers is wholly secure, but if the recipient just can’t help themselves with sharing the gossip, then you’re out of luck. Similarly, if you use an insecure channel, say a public Facebook post, to share a secret with a tight-lipped friend, you end up with the same result. We can’t solve your choice of friends, but there are some options for secure platforms; noting, of course, that no digital communication method is perfect.
Applications such as Signal or WhatsApp claim to be end-to-end (“e2e”) encrypted, but there is an assumption that the encryption is solid, and the device-side key generation is trustworthy. Remember that use of any platform requires some inherent trust in the developers and administrators behind them, and their authorship of security into the core infrastructure of the platform. As any countersurveillance course will teach you, you should always alter your times and routes, or in this case, the secure communication apps you use.
Consider the struggle these secure communication apps have. Security and privacy are inconvenient by their very nature, but if users are inconvenienced too much, they won’t use an app. Without users, the app becomes useless for communication. Further, development and updates aren’t free, costing considerable time and resources, especially as the user base expands. When fighting against Google, Facebook, and Apple, that offer free apps that are convenient, multi-functional and good looking, there is a huge hurdle to overcome. In our experience, there are some clear winners and losers in the commercial messaging application (“CMA”) world:
Winners:
iMessage/FaceTime — Perhaps surprisingly, the default Apple messaging app offers e2e encryption and the contents of messages and calls are unknowable by Apple. The corporate response to subpoena requests has been publicized in the press, and the notice to law enforcement is clear:
“Q: Can Apple intercept customers’ communications pursuant to a Wiretap Order? A: Apple can intercept customers’ email communications, upon receipt of a valid Wiretap Order. Apple cannot intercept customers’ iMessage or FaceTime communications as these communications are end-to-end encrypted.”[2]
Wickr — More opaque than its open-source competitors, Wickr boasts alumni from In-Q-Tel (the CIA’s investment wing) among its investors, it has very strong cryptography, clean account instantiation, and custom data retention options, like ephemeral messaging. A particularly noteworthy feature is that if the user with whom you are communicating takes a screenshot of the conversation, Wickr automatically and immediately sends a copy of that screenshot to you. While it does not prevent screenshots from occurring, it does alert you to the fact it’s been done.
Wire — Touted by the infamous Edward Snowden, Wire has both open-source bona fides and transparent security reporting. Wire is well known for its “Perfect Forward Secrecy” meaning each message has different encryption keys.
Matrix — While not a messaging app, Matrix is a decentralized messaging protocol which allows developers to build client-side applications, and users the option to run their own home server and own their data.
Halo Privacy — Halo’s secure communications application, CommLink, combines strong cryptography with advanced obfuscation techniques so that its users are hard to find before they are hard to hack.
Losers:
Facebook Anything — As we’ve discussed before, Facebook’s business model is your data, so it is no surprise this applies to their communication platforms: Facebook Messenger, Instagram, and WhatsApp. If you must use them, consider them actively hostile and never send anything sensitive.
Telegram — Popularized by the blockchain crowd, Telegram is not private by default. For the common user then, few will take the steps to opt-in to privacy, thus eliminating one of the primary benefits of the app.
Viber — Viber is closed source, but unlike Wickr, it has some questionable requirements : “A free app, Viber’s business model becomes crystal clear when one looks at its terms of use: Users must agree to allow the company to use their personal data, such as a user’s address lists, for years, and even allow Viber to sell it to third parties.”[3] Furthermore, Viber does not share security reporting with its users.
It is worth repeating that no secure communication app is perfect, and all are vulnerable to keystroke loggers, screen scrapers, or other exogenous attack vectors — not to mention that guy looking over your shoulder. With the uncertainty involved in trusting a third-party application, the best approach is not to converge risk into a single application. We suggest switching applications even in the middle of a conversation. Unconventional, yes, but imagine the frustration of your adversary when they discover that getting a full understanding of your communications requires penetration of a half dozen or more CMAs.
[1] 1 Peter 5:8
[2] https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf
[3] https://www.dw.com/en/security-lapses-plague-messaging-and-video-apps/a-53139720
