Getting started with Signal and other encrypted messaging apps - PCWorld

Getting started with Signal and other encrypted messaging apps - PCWorld

Getting started with Signal and other encrypted messaging apps - PCWorld

Posted: 11 Mar 2021 03:00 AM PST

Right now. That's always the best answer to the question, "When is it a good time to start using an encrypted messaging app like Signal?" Ever since Edward Snowden became the world's most famous whistle blower, concerns about digital privacy have been front and center, and apps like Signal can help protect the wary. But what is Signal and other encrypted messaging apps, and how do they work?

How Signal provides secure messaging

There are several end-to-end encrypted messaging apps for both Android and iOS. The one we'll focus on here is Signal, which is developed by Signal Messenger LLC and funded by the Signal Technology Foundation, a non-profit foundation.

Another option is WhatsApp, which is now owned by Facebook, and uses the same basic encryption scheme that was developed for Signal. Telegram is another popular choice with an optional encrypted messaging feature. This app started life in Russia, though Telegram now operates from the United Kingdom and its operations center is in Dubai.

signal9 IDG

A freshly installed version of Signal.

The common thread to all these apps? It's encryption, which just means your digital correspondence is scrambled to be indecipherable to third parties. The key selling point for these apps is that they use end-to-end encryption, which means the messages are encrypted on one device and then decrypted on another.

Once encrypted, the message travels across the Internet, and only the person you're sending the message to can unscramble it. Even the servers that transmit those messages have no ability to see what they actually say. That is not the case with regular text messages, for example, or even regular email.

Encrypted communication can be anything digital such as an email, a text, an image, a voice call, or a video chat. 

The other thing to note is that both sides of the transmission need to be using the same app. For example, you cannot send a message from WhatsApp and receive it in Signal. WhatsApp users communicate with other WhatsApp users and the same goes for Signal users. And so on.

Why use encrypted messaging?

Few of us are spies, political activists, or journalists working on high-stakes stories, so why would we want to use encrypted messaging in the first place? Well, despite claims to the contrary, the right to keep your own private business completely private is foundational to a free society. By extension, the ability to communicate with others without being spied on is critical for sharing personal views and ideas (whatever the subject) with others.

What is the Signal messaging app and how does it work? – Bestgamingpro - Best gaming pro

Posted: 11 Mar 2021 04:30 AM PST

Proper now. That's all the time the very best reply to the query, "When is it time to begin utilizing an encrypted messaging app like Sign?" Ever since Edward Snowden grew to become the world's most well-known whistle blower, issues about digital privateness have been entrance and heart, and apps like Sign may also help defend the cautious. However what's Sign and different encrypted messaging apps, and the way do they work?

How Sign offers safe messaging

There are a number of end-to-end encrypted messaging apps for each Android and iOS. The one we'll deal with right here is Signal, which is developed by Sign Messenger LLC and funded by the Sign Know-how Basis, a non-profit basis.

An alternative choice is WhatsApp, which is now owned by Fb, and makes use of the identical primary encryption scheme that was developed for Sign. Telegram is one other in style selection with an optionally available encrypted messaging function. This app began life in Russia, although Telegram now operates from the UK and its operations heart is in Dubai.

signal9 IDG

A freshly put in model of Sign.

The widespread thread to all these apps? It's encryption, which simply means your digital correspondence is scrambled to be indecipherable to 3rd events. The important thing promoting level for these apps is that they use end-to-end encryption, which implies the messages are encrypted on one machine after which decrypted on one other.

As soon as encrypted, the message travels throughout the Web, and solely the particular person you're sending the message to can unscramble it. Even the servers that transmit these messages don't have any capability to see what they really say. That isn't the case with common textual content messages, for instance, and even common e mail.

Encrypted communication could be something digital comparable to an e mail, a textual content, a picture, a voice name, or a video chat. 

The opposite factor to notice is that each side of the transmission should be utilizing the identical app. For instance, you can not ship a message from WhatsApp and obtain it in Sign. WhatsApp customers talk with different WhatsApp customers and the identical goes for Sign customers. And so forth.

Why use encrypted messaging?

Few of us are spies, political activists, or journalists engaged on high-stakes tales, so why would we need to use encrypted messaging within the first place? Effectively, regardless of claims on the contrary, the proper to maintain your individual non-public enterprise fully non-public is foundational to a free society. By extension, the power to speak with others with out being spied on is crucial for sharing private views and concepts (regardless of the topic) with others.

What Is Secure Email, and Should You Switch? - How-To Geek

Posted: 11 Mar 2021 03:40 AM PST

A padlock and an envelope symbolizing an email message.
Feng Yu/Shutterstock.com

Email was invented in 1971 and has changed very little since then. In that time, it's managed to become a major security risk to individuals, governments, and private companies around the world. This might explain the rising popularity of so-called "secure email" providers.

So what exactly makes secure email different from regular email?

What Is Secure, Encrypted Email?

Secure email is essentially regular email with a few security enhancements on top. The technology behind the scenes is ultimately the same, which means that you already know how to use a secure email provider. You still send messages to named addresses with an @ and a domain, and you still get plenty of spam.

For that reason, anyone can call themselves a secure email provider. There's no dictionary definition, and most major email providers like Gmail and Outlook would also consider themselves "secure" despite falling short of the mark.

Most providers who use the term to describe their service go much further than requiring a strong password or using two-factor authentication. Security, in this sense, isn't only about stopping someone from gaining access to your account, it's also about keeping your data and identity safe.

A truly secure email provider is unable to read your email conversations. They should ideally be located in a jurisdiction that's not subject to data sharing between intelligence agencies. The technology itself would ideally be built on open standards for a "crowdsourced" approach to security. The service shouldn't profile you, serve personalized ads, or log metadata.

This is why Gmail, Outlook, Yahoo, and most other free, mainstream email providers are not regarded as being truly secure. A secure email provider is "better" than Gmail in terms of data security, but you will miss out on Google's features and deep integrations. Let your priorities decide which is the better option.

How Do Secure Email Providers Protect You?

End-to-end encryption is essential in building a truly secure email system. While services like Gmail encrypt the connection between your computer and the server, any information you send to the server (including the contents of your messages) is not encrypted when it gets there.

Any private conversations (or state secrets) you're discussing will sit on Google's servers in an unencrypted format. If that data is stolen, for example, in a data leak, it doesn't need to be decrypted before it can be read. A secure provider will encrypt data on the server, making it useless to any third parties.

The lack of end-to-end encryption means that email providers can access the contents of your messages, and they've used this access in the past. Google previously scanned the contents of Gmail messages for advertising purposes but stopped the practice in 2017. The company continued scanning email to power services like (the now-defunct) Google Now. How else will Google's assistant be able to remind you about the trip you've got coming up?

Gmail logo.

Where those servers are located could also impact how that data is treated. As is the case with VPNs, the most secure email services are usually located in remote or historically neutral countries. ProtonMail, for example, is located in Switzerland, where privacy laws are notoriously strict.

Email services located in the United States can be challenged in court to hand over data. The United States is a part of the Five Eyes intelligence alliance, alongside Australia, Canada, the United Kingdom, and New Zealand. Data is routinely passed between different authorities in different jurisdictions under the guise of national security.

The kind of data that is logged alongside your email can also say a lot about you. Metadata is essential "data about data," like timestamps on an email or the user agent "signature" left by the browser you are using. You don't consciously create metadata, but it serves as a paper trail for almost anything you do online.

Secure email services will be sure to strip as much metadata out of the email being sent as possible. This makes it harder to trace the origin of a message and further protects the identity of the person sending it.

Some secure email providers also integrate tools like Pretty Good Privacy (or PGP for short) into their interfaces. PGP lets you "lock" the contents of a message so that it can only be read by someone with the correct private key. When set up correctly, your email will look normal, as legible plain text. If someone without the key were to intercept the message, it would look like gibberish.

Finally, there's an argument to be made for building security-focused products on open-source software. Source code that has been released to the public can be put to the test in a way that closed source code cannot.

RELATED: What Is End-to-End Encryption, and Why Does It Matter?

Which Secure Email Service Is the Best?

There is no one-size-fits-all approach to secure email. There are many different providers, all offering differing levels of security at a variety of price points. Budget is something you will likely have to consider since most services do not offer a generous free option like Gmail or Outlook.com.

ProtonMail Inbox

ProtonMail (free account available) is one of the best-known encrypted providers, and one of the most mature. Data is encrypted on servers located in Switzerland, with the company conducting audits to ensure that users can trust its protections. The service is built on open-source technology, and there's a dedicated mobile app for iPhone and Android (but no support for default mail apps, unfortunately).

Tutanota (free account available) is another highly recommended secure email provider, with a feature set (and auditing) that's similar to ProtonMail. Servers are located in Germany (the company has explained why), and the service is built on many open-source foundations. There's a similar caveat with mobile access in that you need to use a dedicated app to decrypt your email.

Tutanota Inbox

Posteo (no free accounts) is also located in Germany and has made a bit of a name for itself for being a cheaper alternative to both ProtonMail and Tutanota. Everything is encrypted end-to-end, with support for PGP implementation to provide additional peace of mind. There's also no need for a name, backup email, or other identifying information to create an account.

There are many other secure email providers to choose from (way too many to list here), including Mailfence, mailbox.org, Fastmail, and CounterMail. You should give some serious thought to the secure email service you choose, just as you would if you were picking a VPN.

It's best to choose an established provider with a solid track record given the nature of this kind of service. One such Iceland-based provider, called UnSeen, disappeared without a trace in late 2020, only to reappear with a Taiwanese domain name, which has led to all sorts of speculation and distrust.

Do You Need a Secure Email Provider?

If you need a secure email provider, you probably already know it. Maybe you're a journalist and are worried about subpoenas exposing sources and private materials. Maybe you're the next Edward Snowden.

For most people, a secure email provider probably isn't necessary. It will provide peace of mind at the cost of some features, convenience, and money. Your email provider won't be able to see the contents of your messages, and it will be easier to communicate with people with end-to-end encryption. (You could, of course, just use Signal to communicate with end-to-end encryption, too.) Whether that's worth it is up to you.

But if your primary motivation is security, understand that you're more likely to fall victim to social engineering attacks than email data breaches.

RELATED: What Is Signal, and Why Is Everyone Using It?
-

Comments

Post a Comment

Popular Posts

6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

Image
6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
Read more

How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf

Image
How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Mobile Encryption Market – Key Players, Size, Trends, Growth Opportunities, Analysis and Forecast To 2027 – The Courier - The Courier Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram - WIRED How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Posted: 23 Feb 2021 12:00 PM PST [unable to retrieve full-text content] How to Encrypt Your iPhone or iPad Backup    MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Posted: 24 Feb 2021 06:14 AM PST Share this: Covering certain stories–such as human rights abuses, corruption, or civil unrest–can place you at a higher risk of arrest and detention, particularly...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more