The apps that we use regularly on our mobile devices are not the most suitable channels for sharing sensitive information. If we want to protect the confidentiality of our communications, it is not recommended to use services like WhatsApp or plain old SMS.
 |
|
Image courtesy of Chris Potter at Flickr.com
|
Users have recently become sensitized about the importance of the confidentiality of communications, and they have begun to consider the levels of privacy when choosing one service or another.
Google announced end-to-end encryption between Gmail users precisely to ensure the users of its service that their communications are safe. Following this path, browser extensions such as ShadowCrypt have emerged to encrypt messages, or projects like Dark Mail have been developed to implement a secure email system that is "immune" to espionage and unauthorized interferences.
If we consider that through regular phone conversations, or even through messaging services, we can exchange sensitive information, it makes sense that we take into consideration the privacy of our conversations and, therefore, we look for applications and services to ensure end-to-end encryption in the devices that we use daily.
Just because a service offers encryption between your phone and their servers, that does not guarantee the confidentiality of your communications. There must exist an "end to end" (from one terminal to another) encrypted channel, that is, our conversations should not be accessible on the servers of the service.
Another important detail is the possibility of auditing the services we use, if the source code is accessible, at least it can be reviewed by independent third parties to verify that the declared specifications are met and that there are no undeclared "hidden features".
Encrypted calls from your phone: Android and iOS
Fortunately, day by day there are more options available for both iOS and Android.
Signal is one of the products developed by Open Whisper Systems and it is designed to make secure phone calls between iOS devices, based on end-to-end encrypted communications.
Its usage is extremely simple: install the application and indicate your phone number. Then the application exports your address book to check which contacts use the service and, from there, you can call them.
If you have an Android device, the same company offers the RedPhone app, so you can also make voice calls over a secure communications channel, using your data plan or through a Wi-Fi network.
Signal and RedPhone are interoperable; therefore, from Signal you can make calls to RedPhone users and viceversa. In both cases, the app’s source code is available for audit and communications rely on the ZRTP secure protocol, so we can safely say it’s a reliable service.
Encrypted messaging on desktop and mobile devices
There are several options to protect our messages, some are very well known, such as Telegram, which has a secret chat mode and it offers end to end encryption, and with this option the conversations are not accessible from Telegram’s servers.
Another known and widespread option available on the market are Apple’s iMessage and FaceTime; available on OS X and iOS, these messaging and video calling services also provide end to end encryption but the source code is not available to third parties.
If we want to encrypt SMS, another alternative to communicate securely from Android is Text Secure, but it is only available for text messages.
On iOS, Signal includes both calls and text messages; but on Android you have to use two different apps: RedPhone for calls and Text Secure for text messages.
 |
|
Image courtesy of Yuri Samoilov at Flickr.com
|
Another interesting service, which is also cross-platform, is CryptoCat. It is available for both iOS and desktop browsers, this text service allows you to encrypt messages that users exchange (they come out encrypted and are not decrypted until the information reaches the recipient) and it also is an open source project, so it can be audited to verify its functionality. In principle, the communication channel is safe, but the service is somewhat conservative and it clearly states that this is not an infallible tool that you should trust your life with.
BitTorrent has been developing a decentralized instant messaging system that does not depend on the cloud, making information flow directly between the users without having to go through intermediate servers. Bleep, which is the name of this service, intends to be a safe and decentralized alternative to WhatsApp or Telegram, offering end to end encryption and it is available on both iOS and Android.
The fact that communication takes place directly between the users and is also encrypted, place Bleep as one of the best options to consider when using an application to establish secure communications, since no intermediate servers are used.
Finally, users of Android devices should consider SureSpot, which is a sort of combination of WhatsApp and Snapchat with encrypted communications. The service allows you to exchange images, text or voice messages through a secure channel and the possibility to erase, at will, messages we have already sent, while maintaining control of the information we have exchanged. The SureSpot service relies on intermediate servers, therefore, that’s a factor to consider when evaluating its use.
No comments:
Post a Comment