A normal person’s guide to encrypting your messages

A normal person’s guide to encrypting your messages
By Noah Kulwin

The cybersecurity community is abuzz about a new Guardian reportthat claims a there’s a backdoor into the Facebook-owned messaging service WhatsApp that “allows snooping on encrypted messages.” Other researchers and experts (who don’t work for Facebook) are pushing back, saying that the Guardian has it wrong, and that there is no such backdoor.

For most consumers, using WhatsApp is probably a pretty safe option if you want to keep your conversations confidential; the civil liberty and technology specialists at the Electronic Frontier Foundation even recommend it. Still, Facebook recently waffledon prior commitments to keep WhatsApp data private from other Facebook services.

But if you’re looking to keep your communications encrypted and your data secure, there are other services beyond WhatsApp that you should consider. Here’s a rundown of a few different options to consider:

The Good

  • Signal: Among journalists, researchers, and technology experts, Open Whisper Systems’ Signal messaging service is the gold-standard in consumer-friendly encrypted communications. It’s available on Android, iOS, and Mac OS X.
  • iMessage: If you have a device with iOS (like iPhones and iPads), the native messaging service that comes with it is pretty solid. Though iCloud services have a notoriously leaky past, iMessage is widely considered to be a safe option for most people.
  • Ricochet: An experimental project with some particular strengths that our colleagues at Motherboardcan you tell you more about. Though you are probably fine to use it, be warned that it hasn’t been vetted quite as intensely as other, more established services.

The Difficult

OTR or PGP: PGP: These are wonkier options, and if you’re not somebody familiar with computers or with a need for extreme privacy, you don’t really need to consider these. But if you have time, the spirit of adventure, or any other inclination — here’s a guide (Windows, Mac) for setting up “Off the Record” encryption protocols on instant message apps, and here’s a guidefor setting up “Pretty Good Protection” (PGP) encryption for your email. Even if you don’t remember what PGP is, you’ve probably heard of it before: it’s what NSA whistleblower Edward Snowden usedwhen reaching out to Glenn Greenwald and Laura Poitras.

The Ugly

Telegram is one of the most popular messaging services in the world, and the company that makes it sure loves to hype its encryption strength. The catch is that “end-to-end encryption” (effectively the industry standard) is not a default Telegram setting, and some experts remain criticalof the way that Telegram encrypts user data.

Update: A representative for WhatsApp reached out and provided the following statement:

The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams.** This claim is false.**

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.

January 13, 2017 at 04:08PM
via VICE News http://ift.tt/2jfTQxa