We’re currently living in what some people call the digital age, meaning that computers have become essential in our day to day lives – and with them, so did many applications. Instant messaging apps are just one such example, and thanks to capitalism we now have literally hundreds of platforms to choose from.
If you dig through your favourite app store, you will quickly find a number of competing providers – all of which likely promise a ‘new twist’ on the familiar medium. While it might be tempting to pick an app based on its appearance or an enticing new feature, it’s also important to keep in mind that not all messaging apps are created equal, especially when it comes to security and user privacy.
Let’s take a look at Google for example. Last week, the data hungry tech giant unveiled their freshly baked messaging app called Allo. While the platform definitely introduced a number of interesting features, security experts worldwide strongly urged users to pass on the download.
I covered the issue in more depth last week, but in short – Google broke a number of very important security promises, leaving their privacy conscious users frustrated.
“Opt-in” End-to-end Encryption
Although Allo does have an option for users to turn on end-to-end encryption, the configuration is not immediately obvious. Google’s explanation for the “opt-in” approach is based around their desire to make Allo “smart,” which they claim wouldn’t be possible if their users’ communications were encrypted.
There are a few other companies (like Facebook Messenger) that also choose to sacrifice their users’ privacy for the sake of more and better “features,” but security experts are wary of the trade-off.
For starters, lack of end-to-end encryption means that these companies can be court-ordered to hand over their data (including chat transcripts) to law enforcement and other government agencies. If for some reason you’re not concerned with prying eyes, you might at least want to consider the integrity of your data. Channels that are encrypted end-to-end will help protect your personal information from being stolen.
As mentioned earlier, both Allo and Facebook Messenger offer end-to-end encryption to users that go looking for it. That said, the vast majority of people using either of these platforms don’t even realize that this option exists, and ultimately end up going without.
“In transit” Encryption
Other messaging apps, like WeChat and Snapchat, encrypt their users’ messages while they’re being delivered, but retain the encryption keys. In essence, this means that your messages will be unreadable in case they’re intercepted by a third party, but the company will be able to access your chats under a court order.
Both Snapchat and WeChat say that they delete messages from their servers as soon as they’re delivered, but both companies retain logs of previous communications which contain metadata about the messages, but not their content.
“Always on” Encryption
Although much more rare, there are several big players that offer end-to-end encryption by default. Apple has been very vocal on the issue in the past and remains an avid advocate of user privacy. Their proprietary messaging service (iMessage) encrypts all communications with two sets of keys – 1 public (sent to Apple’s servers), and 1 private (stored on your device). In short, this means that no one other than the intended recipient can read your messages, not even Apple themselves.
Other companies offering this level of encryption are Open Whisper Systems’ Signal and Facebook’s WhatsApp. Although both of these providers can’t read your messages, WhatsApp does share your personal information with its parent.
In conclusion, it’s important to understand that messaging platforms offer varying degrees of privacy. And although there is no system that is 100% “unbreakable,” end-to-end encryption is as good as it gets.