Five simple ways to protect your communications and keep your secrets secret.
I was completely amazed at the popularity of this post about secure email options, and heartened by the idea that a little education was all it took to encourage people to maybe make better choices for themselves. It can be easy to stay in whatever mode of communication you’re used to, and downloading a new app or using a new protocol can seem daunting and irritating.
But these things do make a difference. If nothing else, some of them give you back a little bit of the power and control over your own information that you ceded to Facebook or AT&T when you signed up.
Today we’re going to talk about secure messaging options, and platforms you should avoid using at almost any cost. Before you decide to use any communication tools though, some things you should consider are:
- Is this company outside the United States and therefore not subject to US law?
- Is this service encrypted, end to end?
- Do my messages stay JUST between me and the person with whom I’m communicating?
With those three questions in mind, let’s look at some DOs and some DO NOT DOs for personal messaging.
DO This | NOT That | |
---|---|---|
ProtonMail
As we looked at in this post a few weeks back, ProtonMail is a Swiss company that offers secure, encrypted email services for little or no cost. — ✅ Is this company outside the United States and therefore not subject to US law? ✅ Is this service encrypted, end to end? ✅ Do my messages stay JUST between me and the person with whom I’m communicating?
| AOL, GMail, Yahoo
As we also discussed in that same post, Yahoo has already admitted to scanning the contents of all messages and turning those results over to the NSA. It is highly likely that the other carriers are behaving similarly but are bound by a gag order, since they have not publicly announced otherwise. — ❌ Is this company outside the United States and therefore not subject to US law? ❌ Is this service encrypted, end to end? ❌ Do my messages stay JUST between me and the person with whom I’m communicating?
|
DO This | NOT That | |
---|---|---|
Telegram
Telegram is a widely popular international messaging app with an extremely comfortable and intuitive user interface, no location tracking, and zero logging in Secret Chat mode. Registered in the UK, and utilizing a global network of servers, Telegram is not likely to be subject to US court orders or subpoenas. Telegram allows for late stage deletion, end-to-end encryption, and timer-based self-destructing messages. —
✅ Is this company outside the United States and therefore not subject to US law? ✅ Is this service encrypted, end to end? ✅ Do my messages stay JUST between me and the person with whom I’m communicating?
| Texting
SMS protocol (the way 99% of texting works unless you are in iMessage) is one of the most fantastically unsecure ways of communicating. Not only is it possible for third parties to view and retain your communications, but your carrier (Verizon, AT&T, etc) retains all metadata around SMS messages for whatever period of time they decide is appropriate. You have no say in the matter and cannot access these records yourself. SMS or text messaging offers zero encryption, and may be intercepted without your knowledge at any point. — ❌ Is this company outside the United States and therefore not subject to US law? ❌ Is this service encrypted, end to end? ❌ Do my messages stay JUST between me and the person with whom I’m communicating?
|
DO This | NOT That | |
---|---|---|
Signal
Signal is an encrypted messaging app that offers secure text messaging, as well as encrypted voice calling features. Signal servers only log a finite amount of metadata around sending and receiving messages, and this information is not retained longer than it takes to place each call or transmit each message. — ✅ Is this company outside the United States and therefore not subject to US law? ✅ Is this service encrypted, end to end? ✅ Do my messages stay JUST between me and the person with whom I’m communicating?
|
WhatsApp is Facebook. You shouldn’t need to know more than that to avoid this product. WhatsApp also maintains chat logs, even of secure messages, ad infinitum. Until very recently, these logs were stored in total cleartext. There is also extremely likely to be an association between WhatsApp and any Facebook accounts that may ever have been used on your phone or computer. — ❌ Is this company outside the United States and therefore not subject to US law? ❌ Is this service encrypted, end to end? ❌ Do my messages stay JUST between me and the person with whom I’m communicating?
|
DO This | NOT That | |
---|---|---|
Signal or Telegram
Either of these secure platforms are great for exchanging messages with people you don’t necessarily want to have your actual phone number or other identifying information. They keep your communications just between the users involved, and do not log chats or chat records on proprietary servers. — ✅ Is this company outside the United States and therefore not subject to US law? ✅ Is this service encrypted, end to end? ✅ Do my messages stay JUST between me and the person with whom I’m communicating?
| Direct Message (DM)
Facebook PMs, Twitter DMs, and Instagram DMs, should all be treated the way your work email address is treated: it isn’t yours and the contents of those messages ultimately belong to the provider. They can read, review, and save them forever. So can any apps you may have connected to these services. Even if both users involved in a direct message conversation delete their chats, Twitter, Facebook, Etc, retains forever logs of everything said and when it occurred. Facebook even includes location tracking services when they are available. — ❌ Is this company outside the United States and therefore not subject to US law? ❌ Is this service encrypted, end to end? ❌ Do my messages stay JUST between me and the person with whom I’m communicating?
|
DO This | NOT That | |
---|---|---|
ProtonMail
If you have the option to use encrypted communications, instead of the messaging system of a particular website or organization, always choose encryption. While websites that force you to use their email or chat functions may claim to offer “secure” messaging, there is no guarantee that the site administrators themselves don’t have direct access to your unencrypted communications. — ✅ Is this company outside the United States and therefore not subject to US law? ✅ Is this service encrypted, end to end? ✅ Do my messages stay JUST between me and the person with whom I’m communicating?
| Proprietary Messaging (RentMen Messages, etc)
If you use a site that requires you to use their messaging system (like RentMen, or Grindr, or even OkCupid), the first communications you exchange should be an invitation to connect on an encrypted platform, away from that site. Again, proprietary messaging systems are the property of that site (and anyone with access to it). You do not control who has permission to read/alter/record any communications you send or receive there. You should always be wary of sites that use their own, internal email systems. — ❓ Is this company outside the United States and therefore not subject to US law? ❓ Is this service encrypted, end to end? ❓ Do my messages stay JUST between me and the person with whom I’m communicating?
|
The bottom line is this: There are so many choices you can make that will keep you and anyone you deal with a little bit safer. All it takes is downloading a different thing (and committing to using that thing) instead of the problematic default, like Facebook PMs, or standard text messaging.
It goes without saying that I’m absolutely not advocating any illegal activities, or the use of these platforms to facilitate illegal activities. But in light of the rights and controls that have been taken away from US internet users recently, it is important to understand that there are ways for you to control what information you share, and with whom.
-t
Tyler Dårlig Ulv (@tylerthebadwolf)
Ok! You’ve got the secure email stuff rounded up? Awesome.
Let’s talk about texting (and why you shouldn’t be tex… https://t.co/BUQWFk7EaN
James
Great advice Tyler, and something all of us should be concerned about. Your suggestions are spot on, and I use both ProtonMail and Telegram. Keep up the good work.
@jay_says_that
A good read: https://t.co/8SONhOTPwi
Sigistrix
I only use Telegram & Signal for all my immediate communication. I’m slowly moving over to Protonmail, but I still use GMail for my pr0nz and most other stuff (it’s not like I have a very exciting life that the NSA would be interested in). I’m a bit slow on getting a VPN or using Encrypted DNS, but I should be fairly soon. I’m working on getting a Riseup account, which will give me free access to both (hooray for anarcho-communist tech collectives!).
Also, check your local library for online security & privacy classes. Or, if you live in a place that has a Free Geek (tech reuse & recycling non-profit, I’m an intern for the Portland OR one), they definitely offer free classes open to all, whether you volunteer or not.
tylerthebadwolf
This is great. Ahead of the curve as always, Sigistrix.
Thanks for the tip.
-t
Sigistrix
Thank you! When I am able to give out invite codes on Riseup, I’ll shoot you one. You need two, but you can also write them and ask nicely.
Tyler Dårlig Ulv (@tylerthebadwolf)
Sung to The Power of Goodbye, by @Madonna:
?DMs are not open, so you must go.
Hit me on Proton, or on Signal.… https://t.co/nVK2Cki7w9