Thursday, 26 January 2017

Top 10 best secure messaging apps of 2017

Edward Snowden’s revelations about mass NSA surveillance, combined with the fact that the UK government is now requiring ISP's to record all internet traffic with the infamous snooper’s charter, has made privacy a very precious commodity.

The ability to monitor your traffic means messages you send with many popular apps can be intercepted and read. In some cases, people can even impersonate you or your friends online.

There are messaging apps, however, which buck this trend. Some encrypt your messages before they leave your device, so if they are intercepted, they'll be meaningless. In this article, we’ve highlighted 10 of our favourite secure messaging apps.

1. WhatsApp

In April last year, WhatsApp enabled end-to-end encryption across all platforms, meaning conversations can't be read by anyone but you and the person you're messaging. Not only are your chats protected, but WhatsApp provides a security code so you can verify that someone isn't intercepting your messages and passing them on (this is called a ‘man-in-the-middle’ attack). 

At this point, you might recall earlier this month there was a warning about a vulnerability in WhatsApp’s secure messages, but this was later proven to be false.

WhatsApp is available for both Android and iOS – you'll need to have a verifiable mobile phone number to register initially (it’s also available for desktop computers).

2. Signal

This privacy-conscious messaging app comes from Open Whisper Systems who bear Edward Snowden's seal of approval, no less. Not only is Signal easy-to-use, but like WhatsApp, conversations are encrypted end-to-end.

The source code for Signal is available online so security experts can constantly check it for vulnerabilities, too. In fact WhatsApp uses some of Signal's source code for messaging. 

Unlike WhatsApp, however, Signal doesn't record metadata of messages i.e. the mobile phone numbers of your contacts, the number and time of messages and so on. If you back up your phone, Signal doesn't store a copy of your messages, either. This app is available for both Android and iOS.

3. FrozenChat

Aside from its cool name and funky design, FrozenChat also offers end-to-end encryption with OTR (Off the Record) messaging. This means that not only are your messages protected and you can verify who you're speaking to, but you also have deniability – anyone can forge a message after the conversation is over. In other words, it's impossible to prove any message was sent by you. 

FrozenChat is open source and also supports the open XMPP protocol which is used on thousands of servers. These are run by volunteers so there's no one central server that can be seized or taken down. Sadly, FrozenChat is only available for Android.

4. ChatSecure

Like FrozenChat, ChatSecure supports Off the Record messaging and the open XMPP protocol. The Android version is no longer maintained, but the iOS one is still actively developed.

When starting a conversation you will see a digital ‘fingerprint’ which you can check with your friend to make sure no one is intercepting messages. 

ChatSecure also includes an experimental feature allowing for the use of Tor. This should conceal your location when messaging contacts. Try to use an XMPP server which uses a Tor hidden service to keep your conversation entirely in the ‘dark web’ as this is more secure.

5. Wickr Me

Wickr is available for both Android and iOS. Not only does it feature end-to-end encryption but it can strip out metadata such as the timestamp from conversations. Messages can also be programmed to self-destruct after a certain period of time has expired. The app includes a handy wipe feature to securely erase messages.

Although several security organisations have audited Wickr Me's code, it hasn't been released publicly so there's no way to check it for security bugs or deliberate backdoors. It’s also not very clear how effectively the app can delete data, so Android users should be sure to encrypt their device, too. 

6. Silence

Silence is an awesome replacement for Android’s regular SMS app. It stores all messages you receive in an encrypted database (by default this isn't protected by a password, but you can set one if you wish). 

If two people are using Silence then the app will automatically recognise this and use end-to-end encryption to send text and media instead. Otherwise it can work just like a regular SMS application.

Most importantly Silence is open source so experts can check that its code is free of vulnerabilities, deliberate backdoors or other sneaky stuff.

7. Silent Phone

This app comes from the good people at Silent Circle – industry leaders in mobile security (and makers of the Blackphone). Silent Phone allows for secure messaging with your contacts as well as free voice calls in HD audio, along with file transfers. Other features include a quick shutdown button and a wipe feature to delete all your personal data. 

The app is open source so can be checked by experts for vulnerabilities. It is free to download for iOS and Android, but you need a paid subscription ($9.95 per month – around £8, AU$13) to make use of all the features.

8. Gliph

Gliph is available for Android, iOS and desktop PCs. Its secure messaging feature allows for encryption using SSL and also supports securely deleting messages. There's also a self-destruct feature for messages which can be set to expire after a certain time. Unlike other messengers, Gliph also supports secure group messaging allowing you to talk safely with multiple people. 

Furthermore, Gliph supports Bitcoin payments which allows you to safely send (or receive) cash to (or from) contacts. Do note, however, that the source code for Gliph has not been released, nor has it been audited by any security experts, so there are no guarantees on this front. 

9. Telegram

Telegram is not only a quick and simple messaging client, but has an excellent ‘secret chats’ feature. Conversations are encrypted and can only be accessed on the same device where you started the chat. This app enjoyed some notoriety when it turned out that Islamic State was apparently using Telegram to recruit followers.

Note that the local message database is not encrypted by default so you have to set a password. The encryption algorithm used for secret chats, MTProto, was created by the Telegram developers – so there are no guarantees on the security front here.

 Telegram is available for Android, iOS and Windows handsets.

10. Facebook Messenger

Like WhatsApp – unsurprisingly – Facebook uses the Signal protocol to employ end-to-end encryption with its optional ‘secret conversations’ feature in Messenger. Open Whisper Systems has confirmed this was all implemented correctly.

After starting a secret conversation you can send any content you would in a regular message such as text, a photo or video. Group messaging isn't supported.

You can set messages to disappear. However, if someone reports your conversation it'll be decrypted and sent to Facebook. Messenger is out for Android and iOS, but the source code isn't available so there's no way to check for vulnerabilities or intentionally installed backdoors.

http://ift.tt/2kmCtZG

No comments:

Post a Comment