Safe Messaging Apps part 2: Encrypted Messengers
Finding out that what you send on Facebook isn’t safe came as a shock to some. But other messaging apps are often no better, and email? Forget about it. It’s a security nightmare.
So when you want to talk without being spied on, or you want to move customer information around, share details of contracts with specific third parties or store sensitive information, which applications should you use?
We’ve split this guide into three parts. The first dealt with the messaging apps most of us are already familiar with. This second part looks at the leaders of a different pack, the highly-encrypted tools used by the security-conscious, and the third part of our guide will look at messaging apps based on new technology like the blockchain.
Ready? Let’s dive in.
Cyphr is a free messaging app for iOS and Android. Billed as ‘easy to use,’ the app uses public key end to end encryption to ensure privacy.
Cyphr proudly declares that it’s a ‘zero knowledge’ messenger – Cyphr can’t read or see your messages, and doesn’t have decryption keys for them so it couldn’t decrypt them even if it wanted to.
They’re very upfront about what they do and don’t store on their servers:
And they offer a solid encryption system including verification stamps to show that your messages are from you and not an imposter.
Cyphr is the work of Golden Frog, one of the world’s biggest VPN providers and the brains behind Vypr VPN.
So: is it secure?
Sure looks like it. Cyphr never sees the keys you use to encrypt your messages, so even if Cyphr staff were to take it into their heads to have a quick look – or if they got a court order telling them to – they couldn’t.
Solid encryption protocols, dual key encryption and non-storage even of most metadata makes Cyphr streets ahead of every app in the first part of this guide. Plus,it’s free: just go to the Cyphr site, download the app and generate your keys and you’re good to go.
If Cyphr is looking at the same user base as WhatsApp, Wire is more aimed toward Slack users.
Running on the web in browsers, on iOS and Android and on OSX, Windows and Linux, it offers what has become the standard suite of business collaboration tool functionality.
Conference calls and video conferences, screen sharing and file sharing are all provided – the big difference is, everything is end–to-end encrypted. Wire’s security white paper states that the tool uses the Proteus encryption protocol, and explains that by using asynchronous keys it’s possible to send messages to users who aren’t online without compromising security.
If you’re looking for something to replace Slack or the communication section of Google’s free functionality, this might well be the one. It’s priced at a flat per user/per month rate:
So is it secure?
Wire’s security has come under fire. Wire gives each device registered on the network its own identity, in contrast to most secure apps that give identity to the user and leave the device anonymous. Additionally, Wire counts each reinstall as a new device – even if actually takes place on the same device.
It’s tougher to engage with Wire securely than with other secure messaging apps, the UI has been called difficult to use, and the key verification system is both less secure than it should be and really difficult to use – a,,, but ensuring that it won’t be used and that users will ‘work around’ security on Wire the way they already do on everything else.
As a challenge to these accusations Wire had their e2e encryption protocol independently audited last year. While admitting that a coding flaw affecting security was really there, the company fixed it by January 27.
(If you’re interested you can see the flaw in the code here, and the fix here.)
The bottom line appears to be that Wire isn’t quite the super-secure, super-capable communication app it wants to be – not yet, at least.
Telegram has a lot going for it. Priced at the low price of free, it’s ad-free, open-source and sends encrypted messages across its own worldwide server net. The FAQs on the company’s website says ‘making profits will never be an end-goal for Telegram.’
Documents and media can be sent and stored, and messages can be set to self-destruct after a given period. And if you’re not impressed by its native functionality an API lets you build out your own.
So, is it secure?
Telegram has some publicly available content – sticker sets and bots. It monitors those and will take them down if it gets complaints. Other than that, Telegram doesn’t monitor or have access to the material in private chats.
However secure your messages, the rest of your web presence is a great big target if you don’t use a tool to protect it. It’s long past time to get a VPN – and use it.
Have a look at our third and last part about safe messaging apps, Blockchains.