![](\"https://cdn.crimethinc.com/assets/articles/2017/03/21/crypto-options-1.png\")
\nSo, you’ve decided to encrypt your communications. Great! But which tools are the best? There are several options available, and your comrade’s favorite may not be the best for you. Each option has pros and cons, some of which may be deal breakers—or selling points!—for you or your intended recipient. How, then, do you decide which tools and services will make sure your secrets stay between you and the person you’re sharing them with, at least while they’re in transit?
\n\nKeep in mind that you don’t necessarily need the same tool for every situation; you can choose the right one for each circumstance. There are many variables that could affect what constitutes the “correct” tool for each situation, and this guide can’t possibly cover all of them. But knowing a little more about what options are available, and how they work, will help you make better-informed decisions.
\n\n\nPros: \nSignal is free, open source, easy to use, and features a desktop app, password protection for Android, secure group messages. It’s also maintained by a politically-conscious nonprofit organization, and offers: original implementation of an encryption protocol used by several other tools,1 ephemeral (disappearing) messages, control over notification content, sent/read receipts—plus it can encrypt calls and offers a call-and-response two-word authentication phrase so you can verify your call isn’t being tampered with.
\n\nCons: \nSignal offers no password protection for iPhone, and being maintained by a small team means fixes are sometimes on a slow timeline. Your Signal user ID is your phone number, you may have to talk your friends into using the app, and it sometimes suffers from spotty message delivery.
\n\nSignal certainly has its problems, but using it won’t make you LESS secure. It’s worth noting that sometimes Signal messages never reach their endpoint. This glitch has become increasingly rare, but Signal may still not be the best tool for interpersonal relationship communications when emotions are heightened!2 One of Signal’s primary problems is failure to recognize when a message’s recipient is no longer using Signal. This can result in misunderstandings ranging from hilarious to relationship-ending. Additionally, Signal for Desktop is a Chrome plugin; for some, this is a selling point, for others, a deal breaker. Signal for Mac doesn’t offer encryption at rest,3 which means unless you’ve turned it on as a default for your computer, your stored saved data isn’t encrypted. It’s also important to know that while Signal does offer self-destructing messages, the timer is shared, meaning that your contact can shut off the timer entirely and the messages YOU send will cease to disappear.
\n\nPros: Wickr offers free, ephemeral messaging that is password protected. Your user ID is not dependent on your phone number or other personally identifying info. Wickr is mostly reliable and easy to use—it just works.
\n\nCons: Wickr is not open source, and the company’s profit model (motive) is unclear. There’s also no way to turn off disappearing messages.
\n\nWickr is sometimes called “Snapchat for adults.” It’s an ephemeral messaging app which claims to encrypt your photos and messages from endpoint to endpoint, and stores everything behind a password. It probably actually does exactly what it says it does, and is regularly audited, but Wickr’s primary selling point is that your user login is independent from your cell phone number. You can log in from any device, including a disposable phone, and still have access to your Wickr contacts, making communication fairly easy. The primary concern with using Wickr is that it’s a free app, and we don’t really know what those who maintain it gain from doing so, and it should absolutely be used with that in mind. Additionally, it is worth keeping in mind that Wickr is suboptimal for communications you actually need to keep, as there is no option to turn off ephemeral messaging, and the timer only goes up to six days.
\n\nPros: Threema is PIN-protected, offers decent usability, allows file transfers, and your user ID is not tied to your phone number.
\n\nCons: Threema isn’t free, isn’t open source, doesn’t allow ephemeral messaging, and ONLY allows a 4-digit PIN.
\n\nThreema’s primary selling point is that it’s used by some knowledgeable people. Like Wickr, Threema is not open source but is regularly audited, and likely does exactly what it promises to do. Also like Wickr, the fact that your user ID is not tied to your phone number is a massive privacy benefit. If lack of ephemerality isn’t a problem for you (or if Wickr’s ephemerality IS a problem for you), Threema pretty much just works. It’s not free, but at $2.99 for download, it’s not exactly prohibitively expensive for most users. With a little effort, Threema also makes it possible for Android users to pay for their app “anonymously” (using either Bitcoin or Visa gift cards) and directly download it, rather than forcing people to go through the Google Play Store.
\n\nPros: Everyone uses it, it uses Signal’s encryption protocol, it’s super straightforward to use, it has a desktop app, and it also encrypts calls.
\n\nCons: Owned by Facebook, WhatsApp is not open source, has no password protection and no ephemeral messaging option, is a bit of a forensic nightmare, and its key change notifications are opt-in rather than default.
\n\nThe primary use case for WhatsApp is to keep the content of your communications with your cousin who doesn’t care about security out of the NSA’s dragnet. The encryption WhatsApp uses is good, but it’s otherwise a pretty unremarkable app with regards to security features. It’s extremely easy to use, is widely used by people who don’t even care about privacy, and it actually provides a little cover due to that fact.
\n\nThe biggest problem with WhatsApp appears to be that it doesn’t necessarily delete data, but rather deletes only the record of that data, making forensic recovery of your conversations possible if your device is taken from you. That said, as long as you remain in control of your device, WhatsApp can be an excellent way to keep your communications private while not using obvious “security tools.”
\n\nFinally, while rumors of a “WhatsApp backdoor” have been greatly exaggerated, if WhatsApp DOES seem like the correct option for you, it is definitely a best practice to enable the feature which notifies you when a contact’s key has changed.
\n\nPros: This app is widely used, relies on Signal’s encryption protocol, offers ephemeral messaging, and is mostly easy to use.
\n\nCons: You need to have a Facebook account to use it, it has no desktop availability, it’s kind of hard to figure out how to start a conversation, there’s no password protection, and your username is your “Real Name” as defined by Facebook standards.
\n\nFacebook finally rolled out “Secret Messages” for the Facebook Messenger app. While the Secret Messages are actually pretty easy to use once you’ve gotten them started, starting a Secret Message can be a pain in the ass. The process is not terribly intuitive, and people may forget to do it entirely as it’s not Facebook Messenger’s default status. Like WhatsApp, there’s no password protection option, but Facebook Secret Messages does offer the option for ephemerality. Facebook Secret Messages also shares the whole “not really a security tool” thing with WhatsApp, meaning that it’s fairly innocuous and can fly under the radar if you’re living somewhere people are being targeted for using secure communication tools.
\n\nThere are certainly other tools out there in addition to those discussed above, and use of nearly any encryption is preferable to sending plaintext messages. The most important things you can do are choose a solution (or series of solutions) which works well for you and your contacts, and employ good security practices in addition to using encrypted communications.
\n\nThere is no one correct way to do security. Even flawed security is better than none at all, so long as you have a working understanding of what those flaws are and how they can hurt you.
\n\n— By Elle Armageddon
\n\nWhatsApp, Facebook Messenger’s “Secret conversation,” Google Allo’s “Incognito mode” ↩
\nOf course, it’s always best not to have relationship processing conversations via text at all, if you can avoid it! ↩
\nEncryption at rest means that your saved data is also encrypted, not just encrypted across the wire. By default, MacOS doesn’t encrypt hard drives. ↩
\nIf you’ve used the internet at any point since May 2013, you’ve probably heard that you should use encrypted communications. Edward Snowden’s revelation that the National Security Agency logs all of our calls, texts, and emails sparked a surge in the development and use of encryption apps and services. Only a few years later, encryption is widely used for daily communication. If you use any of these encryption tools, you’ve probably also heard the phrase “end-to-end encryption,” or “E2EE.” The name seems straightforward enough: end-to-end means content is encrypted from one endpoint (generally your phone or computer) to another endpoint (the phone or computer of your message’s intended recipient). But what level of security does this promise for you, the user?
\n\nSince the beginning of Trump’s administration, the US Customs and Border Protection (CBP) has stepped up its invasions of travelers’ privacy. The CBP has been demanding that both US citizens and visitors log into their phones and laptops and hand them over to the CBP for inspection. They’ve also demanded that travelers provide their passwords or log into their social media accounts. Travelers who don’t comply face the threat of being denied entry.
\n\nYesterday, Wikileaks publish a trove of leaked CIA documents including knowledge of security vulnerabilities and exploits that the CIA paid for and kept secret from the general public. Now that this information has leaked, it’s no longer just the CIA that knows these vulnerabilities—it’s everyone. The New York Times and others misreported that the CIA had broken the encryption in apps like Signal and WhatsApp, when in fact what the CIA did was target and compromise specific people’s Android devices.
\n\nIn short, this revelation confirms the importance of using end-to-end encrypted communications, which hinder state-level actors from performing broad spectrum dragnet surveillance. E2EE is still important.
\n\n\n\n\nMany reports around Vault 7 have given the impression that encrypted apps like Signal have been compromised. In fact, the compromise is at the device level—at the endpoint. There is no reason to believe the encryption itself does not work.
\n
First, it’s important to understand that if you can read a message, it is plaintext—that is, no longer encrypted. With end-to-end encryption, the weak links in the security chain are you and your device, and your recipient and their device. If your recipient can read your message, anyone with access to their device can also read it. An undercover cop could read your message over your recipient’s shoulder, or the police could confiscate your recipient’s device and crack it open. If there is any risk of either of these unfortunate events taking place, you should think twice before sending anything you wouldn’t want to share with the authorities.
\n\nThis particular limitation is also relevant to the recent “Vault 7” reveals, which demonstrate how apps like Signal, WhatsApp, and Telegram may not be useful if an adversary (like the CIA) gains physical access to your device or your contact’s device and is able to unlock it. Many reports around Vault 7 have been somewhat misleading, giving the impression that the apps themselves have been compromised. In this case, the compromise is at the device level—at the endpoint. The encryption itself is still good.
\n\nConsidering that you can’t control the security conditions of your message’s recipient, you should consider the possibility that any message you send them might be read. While rare, there are cases of state powers targeting people with direct surveillance. In these cases, targets may be working with malware-infected devices intended to log all of their incoming and outgoing communications. This compromise functions at the endpoint level, rendering E2EE useless against these specific adversaries. Because it is difficult to know whether you (or your message recipient) are the target of this type of attack, it is always best to default to not sending overly-sensitive information via digital communications. Currently, such attacks appear to be rare, but one should never take risks needlessly.
\n\nThe third thing you should know about E2EE is that it doesn’t necessarily protect your metadata. Depending on how communications are transmitted, logs may still show the time and size of communication, as well as the sender and recipient. Logs may also show the location of both sender and recipient at the time of communication. While this is not typically enough to land someone in jail on its own, it can be useful in proving associations between people, establishing proximity to crime scenes, and tracking communication patterns. All these pieces of information are useful in establishing larger behavioral patterns in cases of direct surveillance.
\n\nSo, if end-to-end encryption doesn’t necessarily protect the content of your communications, and still gives up useful metadata, what’s the point of using it?
\n\nOne of the most important things E2EE does is ensure that your data never hits someone else’s servers in a readable form. Since end-to-end encryption starts from the moment you hit “send” and persists until it hits your recipient’s device, when a company—like Facebook—is subpoenaed for your logged communications, they do not have any plaintext content to give up. This puts the authorities in a position in which if they wish to acquire the content of your communications, they are forced to spend a significant amount of time and resources attempting to break the encryption. In the United States, your right to a speedy trial may render this evidence useless to prosecutors, who may not be able to decrypt it quickly enough to please a judge.
\n\nAnother use of E2EE serves is to make dragnet surveillance by the National Security Agency and other law enforcement agencies much more difficult. Since there is no point in the middle at which your unencrypted communications can be grabbed, what is grabbed instead is the same encrypted blocks of text available by subpoena. Dragnet surveillance is generally conducted by collecting any available data and subjecting it to automated sorting rather than individual analysis. The use of encryption prevents algorithmic sifting for content, thus making this process much more difficult and generally not worthwhile.
\n\nIn addition to NSA’s data collection, federal and state law enforcement agencies around the country have, and frequently use, cell site simulators known as “IMSI catchers” or “Stingrays.” IMSI catchers pretend to be cell towers in order to trick your phone into giving up identifying information, including your location. Cell site simulators also grab and log your communications. As with other methods of interception, encryption means that what is retrieved is largely useless, unless the law enforcement agency is willing to go to the trouble to decrypt it.
\n\nIn addition to using end-to-end encryption to protect the content of your messages while they’re being sent, you can use full-disk encryption to protect your information while it’s stored on your device. Proper full-disk encryption means that all of the information on your device is indecipherable without your encryption key (usually a passphrase), creating a hardened endpoint which is much more difficult to compromise. Although encrypting your endpoints is not necessarily protection against some of the more insidious methods of surveillance, such as malware, it can prevent adversaries who gain possession of your devices from pulling any useful data off of them.
\n\nEnd-to-end encryption is by no means a magical shield against surveillance by nation states or malicious individuals, but Vault 7 highlights how using it can help force a procedural shift from dragnet surveillance to resource-intensive targeted attacks. When paired with good sense, encrypted devices, and other security practices, E2EE can be a powerful tool for significantly reducing your attack surface. Consistent, habitual use of end-to-end encryption can nullify many lower-tier threats and may even cause some higher-level adversaries to decide that attacking you is simply not worth the effort.
\n\n— By Elle Armageddon
\n\n" } ] }