A normal person's guide to encrypting your messages

The cybersecurity community is abuzz about a new Guardian report that claims there’s a backdoor into the Facebook-owned messaging service WhatsApp that “allows snooping on encrypted messages.” Other researchers and experts (who don’t work for Facebook) are pushing back, saying the Guardian has it wrong and there’s no such backdoor.

For most consumers, using WhatsApp is probably a pretty safe option to keep conversations confidential; the civil liberty and technology specialists at the Electronic Frontier Foundation even recommend it. Still, Facebook recently waffled on prior commitments to keep WhatsApp data private from other Facebook services.

But if you’re looking to keep your communications encrypted and your data secure, there are other services besides WhatsApp that you should consider. Here’s a rundown of options:

The Good

• Signal: Among journalists, researchers, and technology experts, Open Whisper Systems’ Signal messaging service is the gold standard in consumer-friendly encrypted communications. It’s available on Android, iOS, and Mac OS X.
• iMessage: If you have a device with iOS (like iPhones and iPads), the native messaging service that comes with it is pretty solid. Though iCloud services have a notoriously leaky past, iMessage is widely considered a safe option for most people.
• Ricochet: An experimental project with some particular strengths that our colleagues at Motherboard can you tell you more about. Though you are probably fine to use it, be forewarned that it hasn’t been vetted quite as intensely as other, more established services.

The Difficult

OTR or PGP: If you’re not somebody familiar with computers or in need of extreme privacy, these wonkier options probably aren’t for you. But if you have time, the spirit of adventure, or any other inclination — here’s a guide (Windows, Mac) for setting up “Off the Record” encryption protocols on instant message apps, and here’s a guide for setting up “Pretty Good Protection” (PGP) encryption for your email. Even if you don’t remember what PGP is, you’ve probably heard of it before: It’s what NSA whistleblower Edward Snowden used when reaching out to Glenn Greenwald and Laura Poitras.

The Ugly

Telegram is one of the most popular messaging services in the world, and the company that makes it sure loves to hype its encryption strength. The catch is that “end-to-end encryption” (effectively the industry standard) is not a default Telegram setting, and some experts remain critical of the way that Telegram encrypts user data.

Update: A representative for WhatsApp reached out and provided the following statement: