During the past two days I have seen many articles regarding the use of encrypted communications by government representatives. Ergo, I think it is time to do an eval of the many apps available and what I like and don’t like about each of them.
What are the key features I look for?
End-to-end encryption is paramount. This means that the encryption keys are generated locally on each devise and the private key never leaves the deceive. This ensures that only the intended recipient can read your messages.
Transport Layer Security (TLS) to prevent the man-in-the-middle attack. If you have been following my blogs, you probably remember that I recommend using a virtual private network (Expressvpn.com) at all times to prevent man-in-the-middle attack. If the communication app has a built it one, it is a double plus.
Content is never stored in a server, even if it is encrypted in that server or deleted later.
The organizational and pedigree structure of the company. Who are the company executives and board of directors? You are rendering your trust by using the technology this group of people designed, and you do not want your normative privacy violated. Do they have a transparency page of information?
Which app is the winner in my humble opinion and analysis?
Wickr me - https://www.wickr.com/security/how-it-works Wickr has a personal and a business model. It clearly states its transparency protocol when it comes to responding to court orders and search warrants. It does not require the user to associate a phone number or email address with the account.
Most commonly used encryption apps and my second choices...
Signal - https://whispersystems.org/
If you talk with the geek community, many will tell you that this has the best layers of encryption. I do not like that you need to associate your phone in order to use the app. I prefer to use the apps that do not leave footprints.
Confide - https://getconfide.com/
It states that nobody can take a screen shot of the message. Well, with the device that has the message but you can take a photo of the device with an iPad or any other device has a camera. Do not get caught thinking that you can type whatever here and be 100% safe.
I do not like that you need to use your email address to use this app, then confirm that email address. Too many footprints in the process.
TigerText - https://www.tigertext.com/videos/
You must use an email attached to your domain. As with Confident, I do not like that you need to use your email address to use this app, then confirm that email address. Too many footprints in the process.
The ones I would not use even if you pay me to do so...
Telegram; Whatsapp; Snapchat; Cyber Dust
That is all for now. Thank you for reading and remember that I can bring this training to your organization. See below.
Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization.
About the Blog
This blog is updated on a bi-weekly basis and it will address a variety of topics concerning cybertechnology, privacy and ethics in the cyberspace domain.