Many of our customers have expressed the desire to adopt better practices for security and privacy. We’ve written about whether Facebook is spying on you and whether you should get a VPN (Virtual Private Network) provider. But many of us never give a second thought to expressing sensitive opinions or private details of our lives over text message or Facebook Messenger. We’d like to take a moment to go over ideal practices for private communication.
One rule that remains true no matter how secure your communication channel is: if it would ruin your life to see it printed on the front page of The New York Times, don’t write it down. Don’t take the picture. Don’t film the video.
What to Look for in a Secure Messaging Medium
Instant messaging apps that are cross platform and sync across your smartphone, tablet, and work computer are so convenient. But the fact that your messages are a click away for you means that might also be a click away from a bad actor. Back in 2016, a vulnerability in Facebook Messenger was discovered—and that vulnerability could allow a hacker to modify the contents of your chat history and spread malware. Shortly afterward, Facebook implemented a feature that would allow users to toggle on end-to-end encryption: “Secret Conversations.”
How often do you remember to flip that switch, though? And did you know that anyone on Facebook can look up your name and send you a message? There’s no more bracing way to wake up in the morning than a Facebook death threat, really.
End-to-end encryption is the gold standard for digital communications. With end-to-end encryption, ONLY the person sending the message and the person receiving the message have access to its contents—not the service provider, not the app company, not the manufacturer of your smartphone or computer.
Two Recommended Messaging Apps
WhatsApp:
If you use the most popular messaging app in the world, you’re in luck. WhatsApp offers end-to-end encryption and it does not store your messages on its servers.
Signal:
Signal is the app you’ve likely heard about when reading about DC palace intrigue. Like WhatsApp, it also allows you to circumvent expensive international texting and calling fees, but it also offers some special security features that most messaging apps don’t. With Signal, you can force conversations to auto-delete after a specified time period. And its encryption applies to calls too. And it doesn’t save anything it doesn’t have to—just your phone number, profile info, and random keys. Signal, like any other messaging company, will turn over your data in the event of a subpoena. It just won’t have very much data to give.
You might recall the word “metadata” being thrown around a lot during the Snowden leak story, because it turned out that the CIA was collecting metadata on Americans’ phone calls. One major difference between Signal and WhatsApp is the collection of metadata. Signal, as we stated above, doesn’t store data like your log info, device info, contact info, cookies, or location. WhatApp does. And because it’s owned by Facebook, it also shares data for ad targeting.
By default, WhatsApp backs up your data—including your chat history—to a third party, namely your phone’s iCloud or Google account. We’re big advocates of these types of backups, as you know, so really it comes down to a balancing act. You get to decide whether privacy or data retention is more important to you, and choose your options based on your priorities.