This post gives you a roadmap to selecting a privacy-focused encrypted instant messaging tool; a list of potential products; a list of product reviews; and concerns about roadblocks.
Risks of phone text messaging (SMS) and unencrypted internet messaging apps
Use of text messaging via SMS technology provided by phone carriers as well as instant messaging apps has become widespread over the last two decades. More recently, there has been prevalent concern that digital conversations are not really private. Many messaging tools have lacked important privacy-ensuring features (see next section below), including true “end-to-end encryption” (encryption of messages on the vendor’s servers as well as encryption of messages while they are in transit) and “zero knowledge” on the part of the tool providers regarding their users. Concerns have mounted in recent years regarding risks of hackers, malware, vendor access to messages, messages appearing in law suits, surveillance by governments, identity theft, exploitation of text messaging for targeted ads, or embarrassment of private conversations being exposed.
Sample incidents of exposure of messages were documented as follows: a) an example of hacking a messaging app through past product vulnerabilities: CNBC’s A security flaw in China’s TikTok app was found, b) a publicized hack of Facebook’s messages: The Verge’s Private messages from 81,000 hacked Facebook accounts were for sale, c) exposure of a database of SMS messages due to security lapse: Techcrunch’s Millions of SMS messages exposed in database security lapse, d) subpoenas of text messages widely used in litigation: 4 Steps to Acquiring Text Messages by Subpoena in Divorce Cases, or e) Findlaw’s Legal how-to: using text messages as evidence.
A number of internet-based encrypted instant messaging apps for smartphones and tablets have emerged in recent years in response that provide end-to-end encryption and other features to enhance privacy.
What features promote privacy in an encrypted instant messaging app?
Privacy is not a single feature, but is a cluster of capabilities that together provide a degree of privacy. Not all products that claim encryption or privacy are the same. The following are features you should look for in a messaging app that would enhance privacy:
End-to-end encryption: Does the tool provide encryption of messages on the vendor’s servers as well as encryption of messages in transit? This is important because if hackers were to penetrate the messages’ repository, with encryption they would not be able to read the messages.
Decryption keys only with the user: If the vendor has the decryption keys, then you run the risk of the vendor turning over your messages to governments or parties in law suits, or a dishonest employee of the vendor leaking messages. For true privacy, you are better off with a messenger product where only the user has the decryption keys. In the reviews or product descriptions, this feature would sometimes be regarded as part of true “end-to-end encryption.”
Anonymity and zero-knowledge: Look for a product that does not require your personal data, such as your name, your email, or your phone number in order to download and sign up; i.e. has “zero knowledge” of its users, their content, or even their meta-data (see next item). If you insist on a fee-based instant messaging product, then note that using your standard credit card reveals your identity.
No collection or storage of meta-data, such as date/time messages were sent, the IP address or phone number of the sender or recipient, and geographic information. Meta-data reveals much more information than most people realize. Imagine that you messaged a suicide hotline at midnight, a support group in the morning, or a particular political action organization in the afternoon.
Encryption by default: With some products, you need to turn on encryption. Since many users never change defaults, it is better if the encryption is on by default.
No targeted ads based on meta-data or contents: Ensure that the tool does not utilize personal data or meta-data, if collected, as the basis for targeted advertising.
Self-destruction: Some messaging apps destroy messages after a set amount of time and/or upon their receipt by recipients; in some cases the amount of time is configurable.
Verify identity of message sender: Does the messaging app provide you a way to verify the identity of the sender (but does not identify it to the vendor)?
Screen shot prevention or notification? Does the instant messaging tool have a mechanism to prevent screen shots or at least notify the sender that a screen shot was taken via the software (note that nobody can prevent a screen shot via a separate camera)?
Compliant with GDPR: Is the tool compliant with Europe’s General Data Protection Regulation (rights for users to access and delete data collected by providers, limitations on what can be collected, etc.)
Open source or some other code audit: Is the code for the software “open source” (as distinct from proprietary software) or does it have some other way for experts to audit its security and privacy measures?
Other core selection criteria for instant messaging apps
In addition to privacy-enhancing features, here are some other differentiating factors in choosing a messaging app:
Free or paid: what is the price? There are plenty of adequate free or low-cost tools.
SMS or Internet: Does the app run on traditional SMS or is it an internet-based app? If it runs on traditional SMS, you need a phone connection (with possible charges) and it may not have all the features of an app; on the other hand, an app requires an internet connection.
Synchronization: Does the app synchronize across your multiple devices?
Work with other messaging systems: Most encrypted messaging apps work only with other users of the same app; a few will send messages to other messaging systems, but not encrypted. This has implications discussed further below under “roadblocks.”
Platform: Does the app run on iOS iPhones/iPads? Android devices? Windows? MacOS? Choose an app that runs on many platforms, so it is more likely to be available on your associates' phones too
Ease of use: not all products are equally easy to use.
Message types: Beyond one-to-one text messages, does it support group messages? Sending images/GIFs? voice messages? video messages?
Beyond messages: Is messaging part of a larger communications package that includes voice calls; video conferencing; instant “walkie talkie” voice messaging; file sharing; group calls? team collaboration?
Separate accounts: does the app let you, for example, have separate work and personal accounts?
No single app is going to get a 100% score on all privacy features listed above, but the above list can help you evaluate existing apps, weight the factors that are important to you, and choose a tool that addresses privacy better than what you use now.
Reviews of instant messaging apps from a privacy perspective
Providing detailed reviews of each potential product is beyond the scope of this post, but there are several good reviews of messaging apps from a privacy and security viewpoint, such as the following:
Tom’s Guide Best encrypted messaging apps
Engadget’s The Safest Messaging Apps
NextOfWindows’ Top 3 Encrypted Instant Messaging App for Windows
Instant Messaging Apps that offer some degree of privacy
The following is an alphabetic list instant messaging apps reviewed by at least one of the publications above, with some degree of privacy provisions; those reviewed by at least two of the articles above are in bold face.
Cypher by Golden Frog
iMessage by Apple
Pryvate by Criptyque Ltd
Signal Private Messenger by Open Whisper Systems
Viber by Rakuten
Wickr Me by Wickr Inc.
Wire by Wire Swiss GmbH
At least three of the four reviews of iOS and Android apps for encrypted messaging rated Signal, Telegram, Threema, and Silence as high in privacy marks, and iMessage with its private messaging is used widely by iOS users as it comes pre-installed with iPhones/iPads.
Roadblocks to adoption of encrypted instant messaging apps
There are two concerns we raise about the adoption of instant messaging apps:
1. Lack of interoperability with other messaging apps: if a messenger product can only send messages to other users of the same app, then it limits the usability. That may lead to several thoughts:
Acquire a widely-used messaging app that has an acceptable level of privacy. For example, WhatsApp has a huge installed base. However, think about this: it is owned by Facebook, which has a huge targeted-advertising business that could potentially utilize meta-data collected by WhatsApp.
Acquire a messaging tool that meets more of the privacy criteria list above than WhatsApp, has a reasonably-sized installed base, but equally importantly is used or can be acquired by your contacts whose conversations with you require a high degree of confidentiality and privacy.
Acquire multiple messaging apps for your phone. That way you can chat with users across multiple platforms. I personally have 5 messaging apps on my smartphone, and each one chimes with a slightly different ringtone when an incoming message arrives. It’s not hard to figure out which messaging app to open.
2. Anti-privacy measures afoot in Washington DC. There is a proposed bill in the US Congress called EARN-IT. It is perhaps a well-intentioned bill to provide law enforcement tools to fight sexual abuse of children. However, aspects of it may require vendors of messaging, as well as social media and cloud storage apps, to provide a “backdoor key” to law enforcement to decrypt messages of suspects. We will write more about this bill in the next blog post, including possible advocacy steps you could take if you share concerns about the current form of the bill. Signal, one of the leaders in end-to-end encrypted and private messaging and ranked highly for privacy by several reviews above, has already announced (see Signal’s 230 or not 230: that is the EARN-IT question) that they will withdraw from the US market if this bill passes in its current form.
Choose one or more of the numerous available instant messaging apps that could vastly increase the privacy of your messaging.