Safe messaging apps part 3: Secured by blockchain
In the first section of this guide, we looked at some standard messaging apps – Slack, WhatsApp. Section Two moved on to more powerfully encrypted options, for people who don’t mind going a little off the beaten track.
But if you saw those choices and you weren’t impressed, maybe we can help you now.
These are the most powerfully encrypted messaging apps around. I’m not going to tempt fate and say ‘unbreakable encryption,’ but they’re as safe and secure as it gets. The downside is how difficult it can be to get anyone to use them with you!
1: Mercury Protocol
Mercury Protocol uses blockchain. If that sets off alarms about sketchy cryptocurrency guys, #hodlgang or whatever, I don’t blame you – but there’s more to blockchain than crypto.
Since it’s going to come up again in this guide, let’s stop and briefly explain what a blockchain is.
What is a Blockchain?
At its heart, it’s a database: a spreadsheet. A ‘block’ is a collection of changes to the spreadsheet that all users agree on. A ‘blockchain’ is just a chain of those blocks. Everything that happens on the blockchain is encrypted so only users can see it. Obviously, there’s more, but that’s the basics.
Knowing that, you can see how blockchain technology could be used to send messages, store messages and much more.
Mercury Protocol uses a tool called tokenization, where a blockchain has its own internal scrip.
It’s a way of getting around the ‘freemium’ model that we’re familiar with from web apps. When a tool is free to use, that’s typically because its business model revolves around collecting and hawking your data. But premium prices don’t sell to people who are used to not paying and might not want all those fancy features anyway.
Mercury’s solution is to use tokens to allow people to buy exactly the services they want while the basic messaging functionality remains free.
The network has also approached the adoption issue, which it refers to as the ‘no other choice problem.’ If you use a great, secure messaging app but everyone else still just wants to use Messenger, what do you do?
Well, Mercury thinks apps will share messages – much like ISPs now share traffic, or power companies trade off gigawatts, so it’s not such a crazy idea. The only reason not to do it before was because when you sent a message via an application you were trusting that app with the contents of the message. (And you were probably wrong to.)
Mercury’s plan just might work, because all the messages it carries will be encrypted. They can safely be app-agnostic, because no app can read them, just transmit them.
It does have its own messenger app, Dust, but allows others to use its network and aims at restoring the initial idea of the internet – a network of networks, rather than a maze of walled gardens.
Users can send documents, movie clips and any other media, and there’s a range of Snapchat-like customizable functionality available via token.
But is Mercury Protocol secure?
It uses the Ethereum blockchain as a substrate, so all messages, metadata (like information about who sent a message to whom) and – well, basically, all everything – is encrypted with Ethereum’s ECDSA (Elliptic Curve Digital Signature Algorithm) encryption. So, is it totally and utterly safe? The NSA might be able to get in, and where someone can get in, anyone can. The encryption standard has been compromised in the past and may be compromised now. But so far, it’s the most secure application we’ve reviewed.
2: Crypviser
Another messaging tool, another blockchain.
Crypviser offers more features than Mercury, but it’s a similar proposition: blockchain based, it encrypts data in a modular fashion. Imagine a spreadsheet where each cell was encrypted with a different key. Even if you hacked one cell, you’d only get the information in that cell, not the whole sheet. Crypviser does that with messages and metadata, so there’s no central reservoir of user data to attack.
That’s true of anything blockchain-based. But Crypviser isn’t just secure. It’s downright short-haircut-and-black-suit, opsec, scanning-the-room paranoid about security.
First, it encrypts everything automatically. Big whoop, right? Except this is real, no-one-else-has-your-key encryption. Even if they get a court order from God, Crypviser can never give up your information: they never had it. That’s true across devices, where your data is both secure and synced.
Plus, it has a built-in security snooper that actually checks if someone else is up to no good – trying to hijack your phone’s camera or carry out a Trojan attack. It’s so privacy-positive it actually stands gaurd over you, instead of spying on you like most messenger tools (looking your way, Messenger!).
So, is Crypviser secure?
Cryviser uses the BitShares blockchain, so it’s faster than Ethereum – without getting into the technicalities, they’re set up differently, and Ethereum’s model is slower and older. Its cryptography looks pretty hardcore:
3: Echo
Echo is a strange addition to this list. It’s not really up and running yet – that’s how bleeding edge we are at VPNAdviser, so I hope you’re suitably impressed. Four proof-of-concept versions have been released and the full-size free encrypted tool is being crowdfunded.
It’s intended to save data usage, battery use and time as well as offer bulletproof security.
Echo will save time by using a file system called IPFS, which stands for ‘Inter Planetary File System.’ Essentially, this file system is a kind of blockchain-based, encrypted BitTorrent. (If you’re interested in how it actually works, here’s a guide.) By using IPFS, and by being built on the Graphene blockchain, Echo expects to be able to live-encrypt and live-stream video, audio and files. Face to face chat over a modular encrypted network? Sounds good.
The rest of Echo sounds good too. Saving data and battery is music to the ears of anyone who’s ever watched a CPU-hungry, energy-guzzling application chow down on what could have been hours of battery life. And when you pay for your data, keeping that trim is a huge value prop all by itself.
How, though?
Echo CEO Christoph Hering says:
‘We have developed a specific light client for the Bitshares platform. So you just download the user specific data, not the whole chain. That saves battery, data and time.’
(Note for the confused: Graphene and BitShares are kind of the same thing.)
This is important: it means users get the security of blockchain without the tiresome necessity of lugging the whole thing about, making it easier on your CPU, your battery and your relationship with your ISP. (Plus, because it’s heavily encrypted, you can use public wifi if you like.)
But is Echo secure?
More knowledgeable heads than mine will have to tell you if the lightweight BitShares client exposes your information in some way that wouldn’t happen if youjust downloaded the whole chain. Absent that kind of gaping flaw, this is about as good as it gets and the only real edge Crypviser has is that it’s already out and up.
Conclusion
Our secure messaging guide has walked you through your options from the mainstream (easy, not secure) to the more unusual offerings (less easy, more secure) and then past a new and, in some cases, future array of blockchain-based tools that promise unparalleled security.
Where you choose to stand on that spectrum is up to you; but you should have security in mind when you choose a messaging app. Don’t use one that spies on you and sells your data!