5 best secure messaging app | Encrypted messenger Apps you can trust - proprivacy.com

5 best secure messaging app | Encrypted messenger Apps you can trust - proprivacy.com

5 best secure messaging app | Encrypted messenger Apps you can trust - proprivacy.com

Posted: 14 Jan 2020 12:00 AM PST

Secure messaging services have seen a rise in popularity over the past couple of years, with many claiming to have an increased focus on preserving privacy. This is thanks to the introduction of end-to-end encryption via Signal Protocol, but not all messengers that include it are built equally. There is still plenty to choose from, however, and here's where to start.

Popular services such as WhatsApp and Skype proudly boast that they use the Signal Protocol, but being proprietary technology and, therefore, closed source, it is impossible to check how it has been implemented. In some cases, it isn't even universal. Facebook enjoys stating that it includes the protocol's end-to-end encryption but this is only true with its 'Secret Conversations' feature.

While Facebook CEO Mark Zuckerberg is going above and beyond to reinvent the social network as a privacy advocate, none of these companies are known for their focus on user privacy. They all continue to be pressured by government entities to develop "backdoors" into their applications, giving authorities unfettered access to user information without the need for a warrant.

There is nothing to say that these demands haven't already been met or won't be met in the future, but there are alternative secure services you can use that exist right now. If you want to be sure that claims of end-to-end encryption are true, simply choose one of the best private and secure messengers currently available:

  1. Signal - Platforms signal supports - Android, iPhone, Windows, macOS, Debian-based Linux. On the desktop, communication is only possible with other Signal users (not via insecure regular SMS to non-users).
  2. Wire - Platforms Wire Supports - Android, iOS, Windows, macOS, Linux, and via web application.
  3. Riot.im - Platforms Riot.im supports - Android, iOS, and via web application. On Android, the app is available from the Play Store and F-Droid.
  4. Tox - Platforms: Windows, macOS, Linux, BDS, Android (alpha-only), iOS
  5. Ricochet - Platforms: Windows, macOS, Linux.

5 Best Secure and Private Messenger apps

After robust testing and research, our experts have found the five most secure messaging apps out there. All of these apps have excellent features and also provide a high level of encryption.

After robust testing and research, our experts have found the five most secure messaging apps out there. All of these apps have excellent features and also provide a high level of encryption.

After robust testing and research, our experts have found the five most secure messaging apps out there. All of these apps have excellent features and also provide a high level of encryption.

1. Signal

  • Free option

    Yes

Signal is the name of both an app and a secure messaging protocol developed by legendry entrepreneur, cryptographer, and privacy activist Moxie Marlinspike. The open-source Signal protocol has been incorporated into a large number of third party products, many of which, such as Facebook Messenger, WhatsApp, and Skype, are themselves closed source.

The Signal app is the pure expression of Signal. It is fully open-source and has been formally audited for security vulnerabilities.

And unlike closed source implementations of the protocol, the only metadata information retained by the Signal app or its developers is "the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service." This is a claim which has been proven in court.

All text messages, voice, and video calls are protected using an amalgamation of the Extended Triple Diffie-Hellman (X3DH) key agreement protocol, Double Ratchet algorithm, and pre-keys. Signal uses Curve25519, AES-256, and HMAC-SHA256 as cryptographic primitives.

Signal is widely regarded as the most secure e2ee messaging protocol ever invented. Although it is available through the Play Store, Google-phobic Android users can download a Google Play Services-free APK version of the app via the official Signal website.

Another feather in Signal's cap is its ease of use. Signal replaces your phone's regular SMS client. Text messages to and from non-Signal contacts are sent using regular SMS text messaging and are not secure. But messages sent to other Signal users are encrypted using the Signal protocol. You can also initiate secure voice and video conversations with other Signal users.

The beauty of this system is that Signal is almost transparent in use, which should make it easier to convince friends, family, and colleagues to actually use the app!

This ease of use, however, is also where Signal receives most criticism. Because it is designed to replace your regular SMS client, Signal requires that you register with a valid phone number which it uses to match up contacts.

Signal, however, cannot see your contacts, and your contact list cannot be accessed by anyone other than you. The truly paranoid can sign-up using a disposable "burner" phone or SIM card, since once registered the Signal app does not need to run on the phone it was registered with.

Please see our full Signal Review for an in-depth look at this important messaging app.

2. Wire

  • Pricing

    From $5.00 - $10.00

Wire is an open-source e2ee messaging, voice, and video chat platform developed by Swiss-based Wire Swiss GmbH. It is particularly noted for its strong group chat and video conferencing support, and for its very snazzy user interface.

Supporters prefer Wire over Signal mainly because it does not require a phone number to register. You can opt to provide your phone number so that other users can easily find you, but you can use a (potentially disposable) email address instead, and identify yourself with a username of your choosing.

On the other hand, Wire collects far more metadata than Signal does in order to ensure smooth syncing across platforms – notably plaintext logs of users a customer has contacted.

This is a legitimate trade-off between security and convenience, but it does mean that people should carefully access their threat model before using Wire. For what it's worth, Ed Snowden only recommends two private messengers – Signal and Wire.

Messages in Wire are encrypted using Proteus, which is an early iteration of what went on to become the Signal protocol. Like Signal, it uses OTR with a Double-Ratchet algorithm (ChaCha20, HMAC-SHA256, Elliptical curve Diffie-Hellman key exchange, and HKDF in key generation).

As is always the case with browser-based JavaScript cryptography, there is a danger of the server pushing compromised and malicious code when using Wire in your browser. This is not a problem when using a dedicated app.

Early criticisms of Proteus damaged public confidence in Wire. But these have been addressed, and the conclusions to a series of independent audits of Wire products are highly reassuring.

Although open-source, Wire is a commercial product. It is free for personal use, but paid enterprise plans are also available.

3. Riot.im

  • Free option

    Yes

Riot.im is an open-source e2ee text, voice, and video platform. What sets it apart from apps such as Signal and Wire is federation is using the Matrix communications protocol.

Federation means that instead of connecting to centralized servers run by the platform's operators, users can set up their own servers or connect to any of the many Matrix servers that others have set up.

Another strength of Matrix is that it allows commination between users of different messenger software, as long as they all support Matrix. Matrix servers are also interoperable, so connecting to any Matrix server allows you to communicate with any Matrix user

Indeed, Matrix servers can even run "bridges" which allow communication between Matrix users and users of other messaging platforms such as Signal, Slack, IRC XMPP, and even the likes of Facebook Messenger, WhatsApp, and Google Hangouts!

This decentralized approach fixes a problem that Ed Snowden has himself identified with his more centralized private messenger recommendations. But while federation as a privacy feature has many fans, the idea remains controversial.

As with Wire you can register using a phone number or email address. You can also add an email address to your account in order to let other users find you more easily, or you can opt to just be identified by your chosen username.

The default option is to connect to the large public server run by matrix.org, but you can instead connect to any user-created Matrix server. It is even possible to deploy your own secure chat service in seconds using Modular hosted Matrix servers.

Matrix uses the Olm implementation of the Double Ratchet algorithm, with Megolm (an AES-based cryptographic ratchet) for group communications. Cryptographic primitives used include Ed25519 and Curve25519 keys, AES-256-CBC, and HMAC-SHA256, with forward secrecy provided by a Triple Diffie Hellman exchange.

Neither Riot nor Matrix have been fully audited, although Olm and Megolm have been. Riot.im has been criticized the past for its rather basic user interface, but this no longer true. It still lags behind the futuristic flashiness of Wire, but Riot is now a highly capable messenger with functionality often compared to the corporate messaging workhorse, Slack.

4. Tox

  • Free option

    Yes

Tox is a protocol, rather than an actual app or client. A number of open-source apps exist, however, which use the Tox protocol.

Tox takes the idea of decentralization even further than Riot.im by providing true peer-to-peer (P2P) communications network which operates without any need to route data through centralized servers (federated or not).

Users are identified with a Tox ID, but one consequence of being a P2P platform is that Tox contacts can see other contacts IP addresses. The official documentation suggests a workaround for this being to route your Tox connections through Tor, although we can't see why routing it through a VPN wouldn't also work (with the proviso that a using a VPN does not provide the anonymity Tor does).

If you do route Tox over Tor then the speed limitations of the Tor network mean that communications will, realistically, be text only. Otherwise, most Tox clients support a full range of voice and video chat, file sharing, and group chat features.

Tox uses the cryptographic primitives present in the NaCl crypto library, via libsodium. It employs curve25519 for its key exchanges, xsalsa20 for symmetric encryption, and poly1305 for message authentication.

These are well-established primitives, but neither the Tox protocol nor any apps based on it have been properly independently audited. Indeed, the Tox website itself clearly states that Tox is still under heavy development, so expect to run into some bugs.

5. Ricochet

  • Free option

    Yes

If you need true anonymity on the internet then Tor, as always, is your best bet. Ricochet is a cross-platform (desktop only) messenger which allows anonymous communication with contacts via a Tor Hidden service.

This means that there is zero need to trust anybody, and (as with Tox) there are no servers that can be hacked, monitored or censored. Users are identified solely by their screen name (for example: ricochet:hslmfsg47dmcqctb), which is auto-generated when first starting Ricochet.

Connections are secured by Tor, which uses a complex encryption scheme. Despite numerous high-level attacks (a few of which have good some limited success), Tor remains highly secure. Please see our Tor Review for more details.

Ricochet has itself been audited, the results were "reasonably positive," and most of the "multiple areas of improvement" have since been patched (including the one critical vulnerability discovered).

As its website makes clear, Ricochet is an experiment, which a fact that users should include in their threat model when deciding whether to use it. But for those who require anonymous zero-trust commination, Ricochet is arguably the best option available (and is certainly better than routing Tox through Tor).

Ricochet is a text-only messaging client, but real efforts have been made to provide an attractive and functional user interface.

Note: Before anyone asks, we have deliberately not included Telegram on this list because we do not consider it to be a sufficiently private and secure messenger. Please see our VPNs for Telegram article for more details.

End-to-end encryption

Also called client-side encryption, end-to-end encryption (e2ee) means that your messages (and voice and video chats) are encrypted on your device and can only be accessed by the intended recipient. 

In other words, you are not trusting a third party to do the encrypting for you, and who therefore has access to the unencrypted messages. Until recently most messaging app were like this and were fundamentally insecure and non-private. 

But as we have already mentioned, this situation has changed dramatically over the last couple of yours or so, to the point that it can almost be assumed that messenger apps use e2ee. If they are doing what their developers say they are.

Mobile phone with encrypted messenger

Open-source

Nobody claims that open-source is perfect, but having code which can be looked at and audited at any time is the only guarantee possible that an app is doing what it supposed to be doing, and only what it is supposed to be doing.

For this reason, we only consider open-source messenger apps to be worthy of consideration in this article.

What is demystifying mobile encryption and its necessity - ITProPortal

Posted: 23 Mar 2020 12:00 AM PDT

Celebrities like Jennifer Lawrence, Emma Watson, Miley Cyrus, and Holly Willoughby amongst others have become victims of hackers who have stolen private images off their cell phones and released them on the internet. With smartphones being an integral part of every individual's everyday life, the threat of having any information stolen is very much real. It is essential that every individual has a basic knowledge about cybersecurity and encryption, which is lacking amongst the public at large. 

Once a cyber-criminal gets hold of your smartphone, a whole pool of knowledge about yourself, ranging from casual conversations to your bank information, becomes available to him. It becomes very easy for that cybercriminal to get information about life and your choices. Thus, it is of utmost importance that a smartphone is protected by encryption, thus protecting your sensitive data in case your device falls in the wrong hands. 

What is encryption?
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more