A normal person’s guide to encrypting your messages
The cybersecurity community is abuzz about a new Guardian report that claims there’s a backdoor into the Facebook-owned messaging service WhatsApp that “allows snooping on encrypted messages.” Other researchers and experts (who don’t work for Facebook) are pushing back, saying the Guardian has it wrong and there’s no such backdoor.
For most consumers, using WhatsApp is probably a pretty safe option to keep conversations confidential; the civil liberty and technology specialists at the Electronic Frontier Foundation even recommend it. Still, Facebook recently waffled on prior commitments to keep WhatsApp data private from other Facebook services.
But if you’re looking to keep your communications encrypted and your data secure, there are other services besides WhatsApp that you should consider. Here’s a rundown of options:
- Signal: Among journalists, researchers, and technology experts, Open Whisper Systems’ Signal messaging service is the gold standard in consumer-friendly encrypted communications. It’s available on Android, iOS, and Mac OS X.
- iMessage: If you have a device with iOS (like iPhones and iPads), the native messaging service that comes with it is pretty solid. Though iCloud services have a notoriously leaky past, iMessage is widely considered a safe option for most people.
- Ricochet: An experimental project with some particular strengths that our colleagues at Motherboard can you tell you more about. Though you are probably fine to use it, be forewarned that it hasn’t been vetted quite as intensely as other, more established services.
OTR or PGP: If you’re not somebody familiar with computers or in need of extreme privacy, these wonkier options probably aren’t for you. But if you have time, the spirit of adventure, or any other inclination — here’s a guide (Windows, Mac) for setting up “Off the Record” encryption protocols on instant message apps, and here’s a guide for setting up “Pretty Good Protection” (PGP) encryption for your email. Even if you don’t remember what PGP is, you’ve probably heard of it before: It’s what NSA whistleblower Edward Snowden used when reaching out to Glenn Greenwald and Laura Poitras.
Telegram is one of the most popular messaging services in the world, and the company that makes it sure loves to hype its encryption strength. The catch is that “end-to-end encryption” (effectively the industry standard) is not a default Telegram setting, and some experts remain critical of the way that Telegram encrypts user data.
Update: A representative for WhatsApp reached out and provided the following statement:
The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams.** This claim is false.**
WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.