Encrypted Communication Apps

I have discussed this idea in the past, but normally I’ve only gotten excitement about encrypted communication from my fellow libertarians and netsec friends. But with the current Presidential situation, there seems to be more interest in communicating without being overheard by the government, even among my government-loving left-wing friends. And this is excellent! Even if you don’t need privacy, by communicating securely all the time, you make it less notable when you do have to communicate securely, and you create more encrypted traffic that other government targets of surveillance can blend into.

First, let’s go over a very quick summary of encryption. If you’re already familiar with encryption, skip down past this section and the pictures to the list.

Public Key Encryption in 5 Minutes

An encryption algorithm takes information, like text, numbers, picture data (it’s all just 0s and 1s to computers) and outputs different text on the other side. A good encryption algorithm will output text that looks randomly generated so that no information can be gained about the source text. That output is then sent out in the clear (over the internet, where people might be spying) to the recipient. The recipient then reverses the process, decrypting the message and getting the original text, numbers, picture data, etc. However, if an algorithm always created the same output data from the same inputs, bad guys could figure out what you were saying pretty quickly. This introduces the idea of keys. A key is a number the algorithm uses to change the output in a predictable way. If both the sender and the recipient have a secret key, they can use their keys and the algorithm to send messages that only they can read (without the right key, the algorithm won’t reverse the encryption):

Symmetric key encryption. Public domain image.

But we can do better! In our previous scenario, we need to somehow communicate the secret key separately from our message. That’s a problem, since we likely are using encryption precisely because we can’t communicate openly. The solution is something called public key encryption. In this system, each person has two keys, one public and one private. To send someone a message, you can encrypt the message with their public key, and then send it to them. Then only they alone can decrypt the message with their private key.

Public key cryptography. Public domain image.

The reality of the mathematics is slightly more complicated, but for our purposes, what matters is how the public and private keys exist in each messaging app. Messing with these keys is difficult and confusing for users, but loss of the private key means communication is unsecured. Therefore, when using encrypted messaging, it’s important to be aware of how the app uses and manages the keys.

The Best Apps

The following is my ranked order of preferred secure communication:

1. Signal. This the gold standard encrypted communication app. It’s open source, free, has group chat, works on mobile and desktop, and of course is end-to-end encrypted. It even has encrypted voice calls. The one significant drawback is that it requires a phone number. It uses your phone number to distribute your public key to everyone that needs to contact you.  Because of this, it offers excellent encryption (requiring no security knowledge!), but no anonymity. If you want that, check the next entry.

2. PGP Encrypted email. So this one is a bit complicated. OpenPGP (stands for Pretty Good Privacy) is an open protocol for sending encrypted messages. Unlike the other apps on this list, PGP isn’t an app and therefore requires you to produce and manage your own keys. The tools you can find at the link will allow you to produce a private and public key pair. To send a message to someone else, you will have to obtain that person’s public key from them, use the software to encrypt the message with their public key, and then send it to them. Because it is so much work, I have this method second on the list, but there is no better way to communicate securely and anonymously. To better distribute your public key, I recommend keybase.io (use that link to send use encrypted emails!). The good thing about PGP is that it can be used with any email, or really any other method of insecure communication. Additionally, it’s open source, free, and very encrypted. 

Both Signal and PGP are very secure methods of communication. The following apps are good, but they are not open source and thus are not as provably secure. They are still better than just using unencrypted methods like SMS text, email, etc.

3. Whatsapp. WhatsApp is pretty good. It’s free, widely used, implements Signal protocol (and requires a phone number), works on mobile and desktop, has group chat and encrypted phone calls, and is encrypted by default. Moxie Marlinspike, the guy who made Signal, the number one app on this list, actually implemented the same Signal protocol on WhatsApp. That’s great, but unfortunately, WhatsApp isn’t open source, so while Moxie vouches for WhatsApp now, we don’t know what could happen in the future. WhatsApp could push out an update that does sneaky, but bad things, like turning off defaults. It’s also important to acknowledge that WhatsApp’s implementation already isn’t perfect, but it’s not broken. If you use WhatsApp, it’s important to make sure the notifications are turned on for key changes. Otherwise, it’s an excellent, widely used texting substitute.

4. Threema. Threema has an advantage in that it isn’t based in U.S., and it’s more security focused than Whatsapp. Threema is fairly feature rich, including group chat, but it isn’t free, it’s limited to mobile, and it isn’t open source. Threema uses the open source library NaCl, and they have a validation procedure which provides some comfort, although I haven’t looked at it in depth and can’t tell if it proves the cryptography was done perfectly. This paper seems to indicate that there’s nothing obviously wrong with their implementation. Nonetheless, it cannot be higher on this list while still being closed source.

5. FB Messenger secret conversations. Facebook Messenger is a free app and when using its secret conversations options, the Signal protocol is used. The app is also widely used but it takes effort to switch the conversations to secret. An encrypted app that isn’t encrypted by default doesn’t do much good. FB Messenger does let you look at your keys, but it isn’t as easy to check as it is in WhatsApp, and since it isn’t open source, keys could be managed wrong or defaults changed without us knowing. It also doesn’t have other features like group chat or desktop versions.

6. iMessage. Apple has done a good job with an excellent secure protocol for iMessage. It’s also feature rich, with group chat and more, but it’s only “free” if you are willing to shell out for Apple products. While Apple does a good job documenting their protocols, iMessage is not open source, which means we can’t verify how the protocol was implemented. Moreover, we cannot view our own keys on the app, so we don’t know if they change, and we don’t know how Apple manages those keys. It is therefore possible that Apple could either loop government spying into their system (by encrypting all messages with an extra master key) or simply turn over specific keys to the government. The amount you are willing to use iMessage to communicate securely should be determined by the amount you trust Apple can withstand government attempts to access their security system, both legal and technological.

Things I have specifically not listed on purpose:

  1. Don’t use SMS. It’s not encrypted and insecure. It would be good to not even use it for 2-factor authentication if you have a better option.
  2. Don’t use email. It’s not encrypted and insecure.
  3. Don’t use Telegram. They created their own “homemade” crypto library which you should NEVER EVER DO. Their protocol is insecure and their encryption is not on by default. In fact, there are at least two known vulnerabilities.

Leave a comment on the official Reddit thread.

The Election Doesn’t Change Trump’s Bad Policies

The Trump Issues

In the Trump election aftermath, many on the left have discussed how best to approach this new challenge. Many have talked about trying to understand the concerns of Trump voters. This is a worthwhile undertaking. The people who voted for Trump have several worries spanning cultural differences, economic hardship, and perhaps even existential fear for the country as a whole. First, let’s go over those concerns.

The first, and perhaps most important concern for Trump voters was that the alternative was Hillary Clinton. This blog had an extensive discussion on Hillary’s shortcoming including her flaunting of the law, her foreign policy, her defense of Obamacare, her tax increases, and her slant towards government power in every sphere. I would argue some of these flaws are also present in Trump, but many Trump voters could at least hope the Trump unknown would deliver something more to their liking than the known failure of a Hillary presidency.

Granting all of Hillary’s problems, why did they think a Trump unknown was worth risking? Broadly, one area we did know where Trump stood was on the culture wars, and for that he was initially hailed as a hero against the left. I think the left has to shoulder a huge part of the blame here, because people have been trying to tell progressives their culture is intolerant for years.  See: Scott Alexander on tribalism and tolerance in 2014, Clarkhat on Gamergate in 2014, this blog last year, another blog, and Robby Soave did a good job summing it up after the election. I don’t think there’s much to add here.

On economic hardship, the more stereotypical Trump supporters (Trump won older voters, rural voters, and uneducated voters) have something to complain about as well. If you want to be depressed, please read this ridiculously long piece called “Unnecessariat “ (or skim this American Conservative piece for some key points). The takeaway is that Trumpland is hurting because it has been economically abandoned, not just culturally isolated. With services dominating the economy, the prospects for those living outside of cities has diminished as well. We are seeing increased suicides, drug addiction, and hopelessness in these areas.

Finally, combine these worries with media that feeds panic about disasters and internet echo chambers, and you get stark existential panic about entirely separate threats.

Cracked had an interesting piece on Trumpism and how we got here, and what caught my eye was the idea of urban culture slowly making its way out to the country. Cracked claims that older, less educated, rural folks saw the abandonment of Christian traditional culture in these hedonistic wonderlands of coastal “liberal” cities and thought there would be dire consequences for the nation. Low and behold, they see: “Chaos…Blacks riot, Muslims set bombs, gays spread AIDS, Mexican cartels behead children, atheists tear down Christmas trees.”

The Trump Solutions

The problem is that many of these perceptions are just wrong. We are healthier, less likely to be murdered, and safer than ever before. Maybe we blame clickbait media, maybe we blame gullible people for believing it, but living in cities just isn’t that scary.

Last year, I met an acquaintance who had grown up in a smaller town in the South, but was now moving to another state near a major urban center. He found out I had grown up in his destination city, and despite having just met 5 minutes prior, he peppered me with bizarre questions about whether I thought it was safe to live there. I assured him that it was a major metropolitan area where millions live and work without a problem every day. He made it seem like he was moving to Afghanistan. Look, I’m sure it was pretty hairy to live in New York/Miami/Chicago/LA in the 80s, but crime rates have collapsed over the last 25 years. The amount of people murdered in the first season of Daredevil in Hell’s Kitchen likely exceeds the total number of murders in all of Manhattan last year. Our perspective is all off. And if we are imagining that law and order is collapsing, our solution is going to vastly over-correct.

That’s part of a bigger point I’ve already made: Trump’s political victory doesn’t mean his supporters have any good ideas about improving the country, or even their own situations. It just means enough people thought there were enough problems for more voters to cast a ballot for Trump over Hillary in Michigan, Wisconsin, and Pennsylvania. For instance, I think there is a real basis for complaining about the intolerant left-wing culture that has grown more bold over the last 10 years. But the Trump response has been his own version of intolerance, just copying the left and doing nothing to improve the situation.

On the economy, Trump’s plan is at best a mixed bag. Experts are mediocre at predicting economic growth, so figuring out the best economic policies to help growth may also be difficult. Trump and his supporters might blame globalism for their woes, but putting tariffs on imports and striving to shut down commerce with some of our largest trade partners will hit the poor the hardest. Price increases on low cost imported products will harm low income earners much more than upper middle class households with savings and easier means of substitution. Maybe in the long run this will spur some industrial investment, but I think it’s just as likely to speed up automation. In 4 years, many economic problems scaring Trump voters could easily be exacerbated.

More to the point, the government can’t reverse the decline of manufacturing jobs in the United States. Short of seizing control of the economy via a 5 year plan, the world has changed. Manufacturing jobs peaked in the early 80s (BLS), and while globalization has accelerated the trend, it didn’t start it. Of course, “globalization” isn’t really an entity either; decisions that changed where firms do business were made by millions of individuals looking at cost-benefit analyses and comparing prices. The government didn’t say “move these factories to Mexico”, the government said “Technology is making it easier to communicate and do business in other countries, so we will reduce taxes and import quotas to make it easier for businesses and shareholders to do things they already want to do”. Trump can’t come back and order companies to make bad business decisions unless he wants a Soviet-style command economy with capital controls.

The United States has such a strong economy due to many factors, including its large, diverse, and skilled working populace, an abundance of natural resources, heavy investment in research and capital, and strong and interconnected financial markets. Our consumer market is the largest in the world, our trade dominates the globe in both goods and services. International economic institutions from the New York Stock Exchange to the World Bank and International Monetary Fund are based in (and often dominated by) the United States.

Trump’s push to cut us off from strong trade ties will certainly harm the American centrality to the global economic system. Obviously, to many Trump fans, this is a bonus, not a problem. But long term decline in American trade would likely be connected to more sluggish growth as native industries are protected from competition; for example, Apple has pushed innovation in the smartphone market since 2007 which radically changed the status quo of what phones could do. It has had ripple effects throughout the economy as the spread of widely accessible powerful mobile computers has changed everything from transportation to social interaction to navigation and even shopping. But we should remember that the smartphone revolution was made possible by cheap global supply chains, and without them, we are likely to see stagnation.

And those older, rural, lesser educated Trump voters? No one is going to want to hire them unless the economy is clicking and demanding more workers. Sluggish growth with no competition bred by protectionist policies won’t help them.

Maybe Trump’s tax cuts and deregulation pushes will jumpstart the economy enough to overcome his bad trade polices. It’s possible, but I’m not betting on it. If it doesn’t work, in four years we will simply have the same economic problems just with tons more debt. That’s a big risk he’s taking. And it’s made more risky by Trump’s plan to expand the police state and start deporting at least two million people  (not to mention increasing military spending from the $500 billion a year we spend already).  The ACLU has gone into detail about the difficulties we face if Trump attempts to carry out his campaign promises. It’s very difficult to deport millions of people without doing away with probable cause; how do you find and arrest only the people here illegally? If they aren’t caught by the police while engaged in crime, then by necessity the police must come to them, requiring sweeps of entire residential areas, stopping people with no probable cause at all. At the very least this is grossly expensive, and more likely it will harass and catch thousands of innocent American citizens in a dragnet. And none of this even touches on registration of Muslims, continued mass surveillance, and use of torture.

In four years if the economy hasn’t improved much, debt has accumulated, and the police state has been vastly expanded, will Trump admit his policies haven’t worked? This seems unlikely as Trump has never really apologized for any stances he’s taken or mistakes he’s made. It seems far more likely that he’ll use this built up police state to harass his political enemies.

If Trump is willing to place trade barriers and dramatically reduce the world-leading $2.4 trillion worth of goods imported, how much will he be willing to use government subsidies to pay companies to “invest” in the United States? Does this sound like government direction of the economy? If things aren’t going well, will he seize more control of the economy?

I should note, I haven’t even brought up Trump’s extensive conflicts of interest, where representing American diplomatic interests may run counter to his profit-seeking ones. I also haven’t mentioned that someone who is extremely thin-skinned will be in charge of the nuclear launch codes. Many of the concerns of Trump voters don’t make much sense, many of the policy solutions of Trump and his voters are bad and would make things worse, and on top of that, Trump is irresponsible, incompetent, authoritarian, and many other things I’ve argued before. Continued opposition to Trump’s policies is vital over the next four years.


Comment on the official reddit thread.

Banning Unbreakable Smartphone Encryption is Stupid

At least two states, New York and California, have introduced legislation that would ban smartphones sold in those states if those smartphones could not be searched under request from law enforcement.  This would likely mean no phones would be sold with unbreakable encryption, although I suppose Apple or Samsung could manufacture two types of phones and then just sell all the encrypted ones from New Hampshire or something. These bills are still somewhat controversial, and as it has gotten press coverage, there has been a House bill introduced that would prevent state legislation like those bills introduced in New York and California. Continue reading Banning Unbreakable Smartphone Encryption is Stupid

Links 20160224

Marginal Revolution has a post about an event that occurred on Shark Tank. The pitch on the show was an alternative to bee honey, made from apples. Part of the pitch was that this would save the bee population by reducing the industrial demand for it (yes, really). Spoiler from Professor Tabarrok: “Reducing the demand for honey, reduces the demand for bees”.

Politico has a nice article about the potential of Bernie Sanders’ campaign, even if he doesn’t win a majority of delegates. The way the Democrats set things up, he will be in an excellent position to make demands on the party platform, possibly reshaping the Democrats’ economic policy for many years to come.

A recent Quinnipiac poll found that head-to-head, Sanders beats Trump by 10 points in a national survey (he does better than Clinton against Trump). Things could change of course, but it seems that Trump really isn’t who I should be worried about becoming president right now, as he’s still not likely to win the Republican nomination, and it seems the Democrats poll well against him.

SCOTUSblog has a nice write up on the next court nomination fight, now that Scalia is gone, what factors will be in play, and how can the Obama administration find a nominee with a spotless record that fires up the base and ensures a left-of-center court for a long time. I doubt they nominate a classical liberal.

Tyler Cowen writes about the benefits market monetary policy can bring, as well as the shortfalls of its approach when critiquing Fed policy.

Apple CEO Tim Cook posted a public letter to Apple customers detailing a demand made by the FBI. Law enforcement wants the company to create a new version of their operating system which they could then install on a criminal’s seized phone. The new OS would have a backdoor allowing the FBI to more quickly access it.  I liked Apple just fine as a company, but this is pretty awesome. This week, it turns out the FBI was lying about this being a one-time request as the DoJ is already pursuing orders to force Apple to unlock about a dozen other phones, according to anonymous sources.

Nostalgia Critic on Channel Awesome on YouTube has a great video detailing the absolutely horrible copyright abuse rampant on YouTube.   Claimants have no repercussions for false claims, even on self-evident fair use cases because YouTube’s system is entirely automated with no oversight.  Copyright battles are not something of the past, there are still huge problems today.

An NBER study from last year found government subsidies more than account for increases in tuition. H/t Slate Star Codex.

The German government gives us another example of how you can’t have government surveillance without fundamentally breaking security. Hacker News discussion.

Second link from Alex Tabarrok, this time on drug prices and the FDA. Apparently the US has the lowest generic drug prices of any developed nation. I feel like we should switch to a prize system where drug companies are awarded $X million for successfully passing approval, and then that drug is immediately released with no patent into the market. X could be set based on the amount of patients in the previous 5 years who could have used the drug.

People like to talk about the “Uber” of some industry, trying to say a company is disrupting their space like Uber did to taxis (also in the interest of fighting monopolies, Lyft is great too).   How about Uber for welfare? The left often opposes “workfare”, or ways which incentivize welfare recipients to work, since finding jobs for everyone isn’t practical “…but today the gig economy offers the solution: It can easily and quickly put millions of people back to work, allowing almost anyone to find a job with hours that are flexible with virtual locations anywhere.”  There’s also some data that working is a really good on a cultural level, teaching discipline and responsibility. This sort of goes against my attraction to a basic income, but could go hand in hand: you get a basic income allowance if you can prove you engaged in the gig economy recently. Really cool idea.

From EconLog, some praise for the Free State Project. Apparently they’ve already got over a dozen people elected to the state legislature? Tried to find somewhere else this is being tracked, but I didn’t see anything. If you have info on this, tweet at me.

Also from EconLog, Bryan Caplan finished his summarized his extended discussion of ancestry and long run growth literature.  In sum, we can’t say that people with more advanced culture thousands of years ago had that much better outcomes today. It’s likely other institutional decisions are more important (like having stable free markets).