We have all used some type of instant messaging app. This can include early apps like Yahoo messenger, AIM, and IRC, all the way up to the most modern messaging apps with GIFs, images, video, and cutting-edge encryption.
There are many people jumping on the encrypted message app bandwagon, but they may not know exactly why they need to use them. Some people are using them simply because their friends have them, without realizing how powerful these tools are. Worse, people are using messaging apps with minimal protections in hostile environments. Learn why you need encrypted messaging apps now, who you need to be protected from, and how these apps work.
What is the point of encrypted message apps
Most people feel that their messages are unimportant, that they have nothing to hide, and that their information is not worth protecting. I don’t mean to be rude, but these people are fools. There is plenty of information which they should protect that poor messaging apps can share:
- Physical location: Nothing like a stalker showing up at your door, and your location can easily be revealed online by either your metadata or by you telling someone where you are and that being intercepted.
- Banking information: Unless you like donating money to hackers, everything about your banking must be secure. Credit card numbers, bank account sign in details, passwords, communication with account managers, this is huge and it all ties into online shopping as well.
- Identifying numbers: Maybe you enjoy giving out your social insurance number so that someone can commit identity fraud against you—I won’t judge if that’s your thing, no kink shaming—but the rest of us really like keeping that private. SIN/SSN, driver’s license numbers, passport numbers, and every other identifying number could be stolen and used for identity theft.
- Private information: A significant other of yours has sent you a photo at some point that you would rather keep private. If not that, how about that recent bout of intestinal discomfort you had? Still have nothing to hide? Look at how fearless you are. What about others in your circle? That time you told your daughter to meet you somewhere at a certain time…wouldn’t that be a nice piece of information for a child abductor to steal? Now you’re understanding.
- Work data: You may not work for NASA, but data can be stolen from you and either leveraged against you or the company in a blackmailing scheme. Corporate espionage is also a big issue, and you don’t want to be the person who compromised the entire company.
I wanted to underscore the fact that you may not have anything to hide from the good guys, but you have plenty to hide from the bad guys. Here’s an innocent video from a guy who wants to help people remember the location of their family photos:
Now imagine sharing that photo live from your hotel over an unencrypted messaging app while a hacker intercepts it using a man-in-the-middle attack against the person receiving it. This isn’t even hard for anyone to do, and there are your exact GPS coordinates at that moment.
Which jobs require encrypted messagge apps
The points raised above are issues that every person should be concerned about, but there are those in professions where encrypted message apps are absolutely vital:
- Journalists: They deserve to be protected from those they are reporting on, especially criminal elements…but let’s not forget corrupt politicians as being among those criminal elements.
- Doctors: They have access to sensitive information which I’m sure their patients would appreciate keeping private. HIPAA even requires encryption of messages.
- Lawyers: A fair legal system allows for private communication between lawyers and their clients.
- Mining industry: The hard work of those out in the field should not be compromised by poor communication security.
- Protesters: Not only are protesters at risk of actual physical harm from those who oppose them, but they are also sensitive to corrupt government surveillance. We don’t all live in a ‘free’ country.
- Activists: Those who leave their own country to go to another country and send out information about how corrupt the country is face very real needs for encrypted messaging.
This list could go on further, and does in our Use Case series, but I think I have shown the need private citizens, and those in sensitive professions and positions, have for encrypted message apps. There is no way to argue that encrypted messaging apps are unnecessary. They are a vital aspect of not just government-level protection, but they help protect every single citizen out there.
Who is spying on messaging apps?
There are a wide variety of people out there who are spying on you online. Digital spying is incredibly easy to do as a number of entities have access to your data, unlike the analog days when no one knew what you were reading unless they were looking over your shoulder. With people reading everything digitally, the following people are likely looking over your shoulder right now:
- Government: Every level of government is spying on you. Maybe not your local mayor, but certainly police, state police, and the federal agencies just love listening in on everyone’s internet chatter—even the innocent. Recall the Snowden biopic when he first learned about the NSA’s incredible powers as an operative spies on an innocent woman tangentially linked to a target as she gets undressed in front of her disabled webcam.
- ISP: The very company providing you with your internet connection is fully capable of spying on you, and is doing so for advertisers. They collect your data and then sell it to anyone paying. The assurances that your data is protected are at about zero. They don’t care about your privacy the way that we do.
- Apps: This includes messaging apps, browsers, games, and productivity apps. They all track what you’re doing in order to…serve you better ads. This data, of course, can be stolen by the next group…
- Hackers: You may think that these people are high-knowledge folks with access to the latest computer hardware, but that simply isn’t the case. There is a wide variety of pre-built tools available to anyone with the money to buy them, or even use them for free, including a collection of 10 spyware apps for phones just sitting on the regular web, not even the dark web.
The first three are all doing their job, to various levels of nefariousness, while the last one is trying to exploit the work of the first three. Having someone spy on you is unsettling enough, but how easy it is for some of this data to be stolen by hackers is a huge problem. There seems to be a new hack every week, and ordinary people are becoming victims of it. Snapchat has had many issues lately:
To everybody who has me added on Snapchat it’s hacked so just disregard anything that’s being posted— Brother Nature (@BrotherNature) August 27, 2019
Anyone using Snapchat for sensitive chats, ahemeveryonecough, can be compromised as their encryption standards are so low…not to mention the disaster which was The Snappening where a third-party app compromised all of the data shared by everyone who used it. WhatsApp stores their messages unencrypted on their servers. SMS messages are entirely unencrypted. These are all very vulnerable beyond the tracking discussed above.
Why encrypted message apps work
While it’s not essential to understand the math of encryption, it is helpful to see how an encryption program actually turns your text into ciphertext. Below is a secret message I created and then encrypted using AES 128 bit encryption:
You cannot possibly understand that, and neither could anyone who intercepted my communication if I sent it as a message. Both the receiver and the attacker would need the secret key which decrypts that information.
In real life, I would never give the secret key to a hacker. To show you that encryption works I will give you the secret key for this example and ask that you put them into this website with these settings:
- Base 64
- 128 bit
- Secret key: 1234567890123456
You aren’t allowed to cheat, but the answer is at the very end of this article. If you were shown my secret message to you then you have proven that encryption works to protect messages. Make sure you push “Decrypt to plain text” for the final step!
Other considerations for truly encrypted message apps
Having end-to-end encryption, such as that used by WhatsApp and Signal, is the very basic first step of an encrypted app. There are other issues along the communication chain which need to be considered which are often ignored:
- Server encryption
- Phone storage encryption
- Device security
- Data tracking and retention
- Metadata encryption
- Deleting sent messages
There are very few messaging apps which cover half of those, and even fewer which tackle all of them. Covering all of these bases is difficult, it’s a lot of extra work that many manufacturers would rather skip, but we took the time when we built SKY ECC.
How these security gaps should be addressed
When you look for an encrypted message app, make sure that they are at least following the high security standards we have set. Here’s how we handled the six points above:
- Server encryption: Everything stored on our servers is stored as it was sent by the user’s device, meaning it is stored using 521 bit ECC. It should be noted that all data is only stored when it can’t be immediately delivered to a SKY ECC recipient customer, and then it is only stored in its encrypted form for 48 hours before it is deleted.
- Phone storage encryption: Everything stored on the phone is locked down under the device’s encryption. This is part of our strategy to fully use the available features of every OS we operate on. SKY ECC itself is within a separate encrypted container with locks on the app itself, as well as a separate lock on the Vault feature.
- Device security: Kernel rollback protection, which prevents older forms of the OS, which are vulnerable, to not be ‘rolled back’ to by an attacker looking to exploit the vulnerability of the past OS. We also use brute force password protections, limiting wrong guesses to as many as 10 or as few as three, before the device deletes itself on the last failed incorrect guess.
- Data tracking and retention: A truly secure messaging app doesn’t know anything about you, and we don’t know anything about our customers. Seriously. We have no idea. There is no data we keep to track them, no names connected to SIMs, no names attached to phone numbers. All you have is your randomly generated SKY ECC ID which is, you guessed it, not attached to your name.
- Metadata encryption: Most messaging apps fail at encrypting metadata, which includes basic data like where you are and who you’re talking to, which is a real issue. We have mitigated this risk by encrypting all metadata using AES 256 bit encryption.
- Deleting sent messages: Messages which stay for a long time are nice when talking to your mom, but some need to be read and ‘burned’ immediately. We have two ways of dealing with this. The first is every chat will expire in seven days at the longest, or two hours at the shortest. The user can choose this, and this means everything in the chat is deleted according to the lowest time used by anyone in the chat. The second is flash messaging, which is a message which expires within 30 seconds of being read.
If your messaging app doesn’t use settings and features similar to those above it isn’t as secure as it should be. If truly secure and encrypted messaging matters to you, this is the standard which you need to have.
Use a truly secure encrypted message app now
There are a number of apps out there with end-to-end encryption, and they succeed in that. You can view our comparison page as it grows for examples of these apps. What you need is the next step in secure messaging, and it has to be a tool that meets the standards of SKY ECC if you wish to be truly secure.
Your valuable data, no matter how inconsequential it may seem, can be stolen and exploited. For those in high-risk occupations, you could easily become a target of the people we mentioned in this post. The only way to stay protected is with an app which is more than end-to-end encrypted.
SPOILER FOR THE SECRET MESSAGE
Hey you, internet reader, below is the secret message I encrypted above.
Did you do your homework?
Here’s Deadpool saying the secret message for me:
Did you get it right? Then this is one of your four or five moments to prove that you are A Hero…