Encrypted Communication Apps

I have discussed this idea in the past, but normally I’ve only gotten excitement about encrypted communication from my fellow libertarians and netsec friends. But with the current Presidential situation, there seems to be more interest in communicating without being overheard by the government, even among my government-loving left-wing friends. And this is excellent! Even if you don’t need privacy, by communicating securely all the time, you make it less notable when you do have to communicate securely, and you create more encrypted traffic that other government targets of surveillance can blend into.

First, let’s go over a very quick summary of encryption. If you’re already familiar with encryption, skip down past this section and the pictures to the list.

Public Key Encryption in 5 Minutes

An encryption algorithm takes information, like text, numbers, picture data (it’s all just 0s and 1s to computers) and outputs different text on the other side. A good encryption algorithm will output text that looks randomly generated so that no information can be gained about the source text. That output is then sent out in the clear (over the internet, where people might be spying) to the recipient. The recipient then reverses the process, decrypting the message and getting the original text, numbers, picture data, etc. However, if an algorithm always created the same output data from the same inputs, bad guys could figure out what you were saying pretty quickly. This introduces the idea of keys. A key is a number the algorithm uses to change the output in a predictable way. If both the sender and the recipient have a secret key, they can use their keys and the algorithm to send messages that only they can read (without the right key, the algorithm won’t reverse the encryption):

Symmetric key encryption. Public domain image.

But we can do better! In our previous scenario, we need to somehow communicate the secret key separately from our message. That’s a problem, since we likely are using encryption precisely because we can’t communicate openly. The solution is something called public key encryption. In this system, each person has two keys, one public and one private. To send someone a message, you can encrypt the message with their public key, and then send it to them. Then only they alone can decrypt the message with their private key.

Public key cryptography. Public domain image.

The reality of the mathematics is slightly more complicated, but for our purposes, what matters is how the public and private keys exist in each messaging app. Messing with these keys is difficult and confusing for users, but loss of the private key means communication is unsecured. Therefore, when using encrypted messaging, it’s important to be aware of how the app uses and manages the keys.

The Best Apps

The following is my ranked order of preferred secure communication:

1. Signal. This the gold standard encrypted communication app. It’s open source, free, has group chat, works on mobile and desktop, and of course is end-to-end encrypted. It even has encrypted voice calls. The one significant drawback is that it requires a phone number. It uses your phone number to distribute your public key to everyone that needs to contact you.  Because of this, it offers excellent encryption (requiring no security knowledge!), but no anonymity. If you want that, check the next entry.

2. PGP Encrypted email. So this one is a bit complicated. OpenPGP (stands for Pretty Good Privacy) is an open protocol for sending encrypted messages. Unlike the other apps on this list, PGP isn’t an app and therefore requires you to produce and manage your own keys. The tools you can find at the link will allow you to produce a private and public key pair. To send a message to someone else, you will have to obtain that person’s public key from them, use the software to encrypt the message with their public key, and then send it to them. Because it is so much work, I have this method second on the list, but there is no better way to communicate securely and anonymously. To better distribute your public key, I recommend keybase.io (use that link to send use encrypted emails!). The good thing about PGP is that it can be used with any email, or really any other method of insecure communication. Additionally, it’s open source, free, and very encrypted. 

Both Signal and PGP are very secure methods of communication. The following apps are good, but they are not open source and thus are not as provably secure. They are still better than just using unencrypted methods like SMS text, email, etc.

3. Whatsapp. WhatsApp is pretty good. It’s free, widely used, implements Signal protocol (and requires a phone number), works on mobile and desktop, has group chat and encrypted phone calls, and is encrypted by default. Moxie Marlinspike, the guy who made Signal, the number one app on this list, actually implemented the same Signal protocol on WhatsApp. That’s great, but unfortunately, WhatsApp isn’t open source, so while Moxie vouches for WhatsApp now, we don’t know what could happen in the future. WhatsApp could push out an update that does sneaky, but bad things, like turning off defaults. It’s also important to acknowledge that WhatsApp’s implementation already isn’t perfect, but it’s not broken. If you use WhatsApp, it’s important to make sure the notifications are turned on for key changes. Otherwise, it’s an excellent, widely used texting substitute.

4. Threema. Threema has an advantage in that it isn’t based in U.S., and it’s more security focused than Whatsapp. Threema is fairly feature rich, including group chat, but it isn’t free, it’s limited to mobile, and it isn’t open source. Threema uses the open source library NaCl, and they have a validation procedure which provides some comfort, although I haven’t looked at it in depth and can’t tell if it proves the cryptography was done perfectly. This paper seems to indicate that there’s nothing obviously wrong with their implementation. Nonetheless, it cannot be higher on this list while still being closed source.

5. FB Messenger secret conversations. Facebook Messenger is a free app and when using its secret conversations options, the Signal protocol is used. The app is also widely used but it takes effort to switch the conversations to secret. An encrypted app that isn’t encrypted by default doesn’t do much good. FB Messenger does let you look at your keys, but it isn’t as easy to check as it is in WhatsApp, and since it isn’t open source, keys could be managed wrong or defaults changed without us knowing. It also doesn’t have other features like group chat or desktop versions.

6. iMessage. Apple has done a good job with an excellent secure protocol for iMessage. It’s also feature rich, with group chat and more, but it’s only “free” if you are willing to shell out for Apple products. While Apple does a good job documenting their protocols, iMessage is not open source, which means we can’t verify how the protocol was implemented. Moreover, we cannot view our own keys on the app, so we don’t know if they change, and we don’t know how Apple manages those keys. It is therefore possible that Apple could either loop government spying into their system (by encrypting all messages with an extra master key) or simply turn over specific keys to the government. The amount you are willing to use iMessage to communicate securely should be determined by the amount you trust Apple can withstand government attempts to access their security system, both legal and technological.

Things I have specifically not listed on purpose:

  1. Don’t use SMS. It’s not encrypted and insecure. It would be good to not even use it for 2-factor authentication if you have a better option.
  2. Don’t use email. It’s not encrypted and insecure.
  3. Don’t use Telegram. They created their own “homemade” crypto library which you should NEVER EVER DO. Their protocol is insecure and their encryption is not on by default. In fact, there are at least two known vulnerabilities.

Leave a comment on the official Reddit thread.

Reasons For Optimism 81-84

81. Airway made by 3D printer saves baby’s life.

82. The global poverty rate has dropped by half since 1990, and the absolute number of the absolute poor has dropped from 1.9 billion to 1.2 billion.

83. 31 Charts That Will Restore Your Faith In Humanity. It’s a bit linkbaity, and some of the info is a little old or ambiguous or may be familiar to you already, but overall it’s pretty uplifting.

84. A solar plane is flying across the United States. It’s making lots of stops and going very slowly, and probably not even saving any energy since the alternating driver has to meet up at the stops, but it’s continuing to break various sorts of distance records and on pace for an around-the-world flight by 2015. Exciting proof-of-concept!

Reasons For Optimism 76-80

76. A new estimate of the Bakken Formation that has been transforming North Dakota says there is more than twice as much recoverable oil as the previous estimate. U.S. oil inventories reached an 82-year-high this week. Meanwhile, demand continues to hold steady even as job growth continues to the best levels in five years.

In other words, we have more oil under the ground and more oil above the ground than ever even as we’re needing to use less of it than ever, making an energy shortage less and less likely as we slowly transition away from fossil fuels.

77. Another nugget of good news on the online patents & innovation front: A judge has thrown out Craigslist’s attempt to sue a competitor for using their submissions to make a better website.

78. Google is innovating in the fast-growing continent of Africa with a payment card called BebaPay (h/t @justinwolfers).

79. Just a few months after introducing 3d printers in their stores for printing, Staples announced they will start selling them as well. Looks like the devices are continuing to follow the personal computer’s path to widespread use.

80. Scientists are making progress on a cure for leukemia.

As always, Expected Optimism has a few more good reasons.

Reasons For Optimism 69-75

69. There has been a lot of momentum in the move to re-legalize the unlocking of cell phones, from a generally supportive White House petition response to calls for reform from industry groups to legislation introduced in Congress. (If you’re interested in progress on this front, follow leading activists @sinak and @DerekKhanna)

70. The Obama Administration has set rules for greater public access to publicly-funded research following a White House petition and open advocate Aaron Swartz’s suicide. There are still limitations, but it is an improvement to the status quo, and should enhance the public goodness that justifies its funding.

71. While federal drone policy is finally in the headlines, about 30 state legislatures have been moving to limit drone surveillance within their borders. Various legislation has been introduced in Alaska, California, Georgia, Hawaii, Idaho, Indiana, Kentucky, Maine, Maryland, Massachusetts, Minnesota, Nebraska, New Jersey, New Mexico, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, and Texas, and has begun completing steps to passage in Arizona, Florida, Illinois, Missouri, Montana, North Dakota, Oklahoma, Virginia, and Washington. (For progress on this front, follow @drones)

Continue reading Reasons For Optimism 69-75

Reasons For Optimism 55-58

55. Africa’s rapid economic development continues. “64 recent major discoveries of fuel deposits” will help the continent meet its growing energy needs, and connecting more Africans to the electric grid will save millions of lives from the respiratory illnesses caused by “kerosene lanterns and charcoal cookstoves,” among many, many other coming improvements to their standards of living.

56. At the other end of the spectrum, obesity may be declining in children of low-income families in the US.

57. Doctors have restored a man’s sight with adult stem cells.

58. SpaceX has successfully test-launched their reusable Grasshopper rocket at a new record height. It’s pretty cool to watch the rocket defy gravity as it calmly hovers and lands. SpaceX is working on fully reusable launch vehicles with the goal of making space travel dramatically cheaper.

See the latest from Expected Optimism for several more reasons for optimism.

Reasons For Optimism 50-54

50. Over Thanksgiving I randomly caught some segments of a (CNBC?) TV program about John Deere and the combines they design and manufacture. They are constantly working on new models that harvest crops more efficiently and more cheaply and are easier to repair and a host of other endless improvements. The show felt like a brief glimpse into the millions of quiet, incremental innovations that capitalism is constantly bringing us, and perhaps part of the reason we are still able to feed an entire planet despite the doomsayers of decades ago. It’s easy to get caught up in the big and more visible bad news and forget the subtle productivity improvements that are quietly advancing in thousands of industries year after year.

Continue reading Reasons For Optimism 50-54

Reasons For Optimism 46-49

46. Poop Transplants Are Saving Lives. Um… self-explanatory.

47. A new report says the Marcellus Shale natural gas reserves are larger than expected. We’re still not running out of energy.

48. Volvo says that by 2014 they will have cars with low-speed autonomous following capability. The driverless revolution is coming.

49. Judge Protects Cellphone Data On 4th Amendment Grounds, Cites Government’s Technological Ignorance. Always nice when the judicial branch blocks the overreach of the other branches. It’s almost like how our government is supposed to work!

Reasons For Optimism 42-45

42. 3D Printers Are Reshaping Modern Medicine. Dude, we can print human tissue! We’re still “at least 10 years away” from literally printing new organs, but I’m amazed that it’s even on the horizon. Meanwhile, they’re figuring out how to help wounds heal quicker and how to use 3D-tissue models to test drugs quicker and cheaper than 2D models.

Continue reading Reasons For Optimism 42-45