That article recommends Tor for browsing without mentioning the dangers involved. Malicious exit nodes are not hypothetical. It's easy to make mistakes with Tor, so I'd be wary of a general recommendation to use it. People who know more about this than me seem to agree: https://twitter.com/thegrugq/status/797608924606173184
edit: I'm also unsure about the warning against fingerprint authentication. I use Touch ID with a long passcode and consider that the best trade-off. It prevents everyday attempts to get into the phone and offline cracking. The passcode is required after a longer time of inactivity. If you're paranoid you can touch your pinky against it five times in predictable situations (border controls etc). It's not perfect, but I think it makes the best tradeoff between convenience and security for most "normal" people.
The exact same dangers exist with normal browsing. Intermediate nodes on your route can do whatever they want unless you use proper encryption. In fact, things like sniffing your traffic are routinely done by $ThreeLetterAgency.
Your argument is a classical example of "correct in theory, wildly misleading in practice". As you can see on https://trac.torproject.org/projects/tor/wiki/doc/badRelays (list isn't updated any more, so the real list is likely much longer) or http://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf, there have been several cases where relays actively interfered with user traffic in a malicious way. Malicious exit nodes are used to MitM connections and sniff sensitive data.
Note that Tor doesn't mitigate the three-letter agency problem, as they can just sniff the exit node's target (I certainly would, there's bound to be lots of interesting traffic there).
An alternative is to just turn the device off before you walk up to a potential issue. That way you're assured that the TouchID won't be accepted (last thing you'd want is to learn it only registered X presses rather than the Y required to disable). In the event you are caught off-guard, disabling TouchID is as simple as just holding in the power button until the screen goes black. If you practice this a few times, you could accomplish this even in a stressful situation.
A recent post about Wickr's bug bounty program painted them in a pretty poor light. The company appears to have invited security researchers to contribute to a bug bounty program and then, after researchers found and reported dozens of issues, the company fixed the bugs and never paid or credited the researchers.
It has text (one-on-one and groups) and voice calls. Things that could use improvement: group management, switching to a new device. It doesn't have some of the features some people like (stickers and whatnot), but personally I don't care much about those. Video calls would also be nice.
I'm curious if you have some real insight on this, because my understanding is that Facetime video calls are end-to-end encrypted, and the battery drain seems to be pretty minimal even on older devices.
What's your definition of "pretty minimal"? FaceTime has noticeable battery usage in my experience, but it's not excessive. I'm not sure how it compares to unencrypted video chat, but I doubt it's much higher. Crypto is typically accelerated in mobile devices these days. I would guess that the screen and network (Modem/wifi active all the time) are the battery-draining bits, and while encoding and encryption don't help, they're hardware-accelerated. That's only a guess, though, and I'd appreciate it if anyone had data on this.
Video calls in general are CPU/battery heavy operations, I've done pretty long ones with Wire (my employer) and yes, the phone gets warm but no issues with performance (iPhone 6).
The only remaining option would be to question whether iOS is secure/insecure.
Apple claims:
"Apple does not log messages or attachments, and their contents are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple cannot decrypt the data."
The issue with iMessage is that it doesn't warn you when a contact's key changes. That opens the door for MitM attacks. Signal and WhatsApp (with a setting) do much better on that front.
The attack is not super-spectacular, but the more worrying thing is that the design is not sound. They use an ad-hoc crypto construction that fails to follow usual best practices. And they haven't really fixed it, they just put some duct tape over it to avoid the attack.
Yes, but all software may have bugs. The attack you referred to was fixed in 9.3, and going forward there are no known attacks as far as I know. I think it's safe to assume a lot of people out there are continuously trying to break the iMessage crypto. For attacks that are not disclosed to the public (e.g. intelligence agencies that would like to keep it secret), this can really apply to any of the other competitors including Signal.
This is a vague question: it depends entirely on the protocol you're about to use. I'll try to give a few answers anyway.
First of all, if you want total encryption, you'll need to make sure your connection is encrypted and secured as well (meaning following you back is not trivial), so the whole messaging should go through Tor[1].
There are plugin solutions for bitlbee[2], for Pidgin[3], and many other clients supporting OTR and similar encryptions.
If you want all-in-one solutions, you probably should look at Tox[4], which is a protocol, not just an app, built to be encrypted by default. It's complicated and nasty to use and set up, but it's pretty secure.
Other ideas might be drawn from the prism-break Communications list[5], listing apps like Chatsecure[6] or Xabber[7], both encryption-capable jabber apps.
Wire was in the middle of a shitstorm a while back iirc because it falsly advertised that it encrypted everything end-to-end, when in actual fact only text was so.
That was indeed the case in December, 2014 (before I joined the team). Legal docs were quickly fixed. Tech was fixed in March 2016 when everything (text, assets, calls) were moved to E2EE and open sourced.
I like the signal mobile app better, but wire has a proper desktop client along with video calls, so wire is what I ended up with. Of course that's only with those close friends I can convince to join me on wire.
I did read that facebook messenger now has end to end encryption, but as far as I can tell this is only for "secret" conversations - which are only available from the device you initiate the conversation from. Whatsapp would probably be a good choice if you (OP) have a lot of friends already using it.
At the moment, Signal and Wire seem to be the best options. They have open-source clients, end-to-end encryption, are easy enough to use that even less-computer savy people can be realistically convinced to use them and they seem to offer decent protection for metadata (not technical, but policy-wise).
There are, however, some upcoming developments which will change the situation in the next couple of months:
1) The main matrix.org client, Riot (https://riot.im) has end-to-end encryption now in beta. This will offer Signal-strength encryption, but in a decentralized, e-mail-like system with federated servers. This will create an ecosystem where people are no longer dependent on the goodwill (and solvency) of a single entity to use a good, encrypted messaging app.
2) Briar (https://briarproject.org) is a new (Android-only) app, designed for people with an especially high need for privacy. It works without central servers (through Tor hidden services, but hides the complexity of that), even works when the internet is down (e.g. when mobile networks are shut down during a protest) via Bluetooth and direct Wi-Fi connections, and it offers extra features, like a panic button that deletes all your data. It's in beta at the moment, with a planned release early next year.
TL;DR: Use Signal or Wire for now, but be ready to switch to a better system when available.
Wikipedia says that Open Whisper Systems has received a significant amount of funding [1] from the Open Technology Fund, run by Radio Free Asia [2], a US-government-run propaganda organization.
Of course, this is the arm of the US government that very actively doesn't want back doors, because they operate in territories controlled by other not-necessarily-friendly governments. They need communications to be reliably secret, and they have no need to tap those communications. It's the same reason that government funding for Tor isn't inherently a problem for Tor's security, and you see other parts of the US government, like the FBI, trying to hack it.
It's definitely worth worrying that the government could decide that this part of its mission is no longer worth funding. But it isn't likely to be a risk of back doors. (Especially compared to all the other usual risks, notably simple bugs like Heartbleed and Weak DH.)
The best way to go is Threema, IMO. Can be used completely anonymously. Servers are located in Switzerland. Uses NaCl. Recommended by Steve Gibson. Not free, though.
- "requires payment" and "completely anonymously" seem at odds; especially when the person you're communicating with will likely have purchased it from an app store. i understand that there is a way to purchase it with btc at their own site, but that doesn't really help with licencing and GCM
- proper implementation of e2e means where the servers are shouldn't matter
- threema uses GCM too -> whole google play services framework
The most secure app is Biocoded: https://biocoded.com/home. The reason we claim it is the most secure is:
- Encrypted local on-device storage. We have an always-on mechanism and never store the entire local storage decryption key on the device. It's half on the device and half on the server. In case of lost or stolen device, all data is still safe. In fact you can effectively "wipe" your biocoded app data even if the device is offline by deleting the server part of the decryption key.
"Biocoded source code, security protocols and implementations are audited by independent security agencies. Open source is not a guarantee or even an indicator of security. For sensitive governmental and corporate use, open source solutions are often dismissed outright."
> Open source is not a guarantee or even an indicator of security.
This is true.
> For sensitive governmental and corporate use, open source solutions are often dismissed outright."
But this is a false argument. Open source solutions aren't dismissed because they are open source per se, but because they generally lack predictable longer-term support.
I am working on a messaging & email encryption platform (for the reason you mentioned) which will finally make encryption easy to use for non tech savvy people. It is based on PGP, source will be available. If anyone is interested in helping, giving feedback or learning more send me an email (in my bio or my username at gmail.com)
Situation: Us "techies" know or easily can learn how to set up encryption and protect ourselves, the general public will not. Everyone needs encryption but most will only use it if:
-their friends are using it
-it is so easy a cave man can do it
-it is beautiful
Complication: Current products are hard to use and are built for hackers. Encryption products need to build in vitality and understand the use cases of most users. To be successful this must be built with usability and UX first, not security methods first. Sormthing pretty decent that people use is much better than a great system that most people don't use.
Solution: Browser plugins that act like they are a part of the current email experience. Beautiful phone apps that give users the same functionality that they are used to having with much better security. More info below, this is my current thought process and work, not perfect I'm sure, would love input.
UX: Most users use email via browsers and default phone app. Initial plan is browser plugins + standalone phone app. Browser plugins exist for pgp but are too complex for the general public to understand and set up and require a user to get the recipient's key. We streamline the process by just having the user click "encrypt", enter a passphrase (will get to this in tech section), and click send. We take care of setting up the recipient with their account if they don't have one to be able to view their message. As for mobile messaging, users will enter their passphrase when launching the app and then be able to freely message, call, video chat until the switch to another app or exit.
Tech: Encryption using private/public key pairs according to pgp spec, of which implementation is gpg. Encryption/decryption happens on device or browser. We host last known good info for user public keys to prevent MITM attacks and will only use other sources if we don't have info of a user. Private keys are stored on our platform for cross device compatibility and so they are not stored on the users device. However these keys will be encrypted/decrypted on the users device using symmetric key encryption implemented as a complex passphrase.
They have iOS and Android clients, along with a subscription available for Outlook (Windows), and planned desktop versions for Apple Mail, Thunderbird and Web Browsers (Safari, Mozilla, Chrome and IE).
This is only partly true for telegram and the fact that people repeatedly get it wrong is more harmful than if Telegram wasn't encrypted at all and everybody would know it.
Telegram use end-to-end encryption only on so called "Secret Chats".[0] And in my experience very few people use "Secret Chats". This is the main reason I don't use it anymore and recommend against using it to others.
Retroshare's private messaging tools, upgraded to coco20 end-end and able to be routed optionally via I2P as well as via Tor anonymous networks. Retroshare also has a optional VOIP plugin.
89 comments
[ 5.2 ms ] story [ 172 ms ] threadedit: clarification
edit: I'm also unsure about the warning against fingerprint authentication. I use Touch ID with a long passcode and consider that the best trade-off. It prevents everyday attempts to get into the phone and offline cracking. The passcode is required after a longer time of inactivity. If you're paranoid you can touch your pinky against it five times in predictable situations (border controls etc). It's not perfect, but I think it makes the best tradeoff between convenience and security for most "normal" people.
try to stay within tor network or just rely on ssl and assume adversaries know the site but not the content you access.
Note that Tor doesn't mitigate the three-letter agency problem, as they can just sniff the exit node's target (I certainly would, there's bound to be lots of interesting traffic there).
Personally I use Signal and Whatsapp from that list.
https://www.vulnerability-db.com/?q=articles/2016/10/27/wick...
It has text (one-on-one and groups) and voice calls. Things that could use improvement: group management, switching to a new device. It doesn't have some of the features some people like (stickers and whatnot), but personally I don't care much about those. Video calls would also be nice.
Mobile only, paid, end-to-end encrypted with in-person verification. Team and infrastructure is based in Switzerland
https://threema.ch/en/
Accounts not tied to phone number, available on IOS, Android and Windows Phone, perfectly working group chats.
Happy to walk you through it (I'm siim@wire.com).
Refer to http://www.apple.com/business/docs/iOS_Security_Guide.pdf which specifies that RSA 1280-bit keypairs are used, and the private key is held on the device. So in terms of transit - the protocol should be secure.
The only remaining option would be to question whether iOS is secure/insecure.
Apple claims: "Apple does not log messages or attachments, and their contents are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple cannot decrypt the data."
Why's that? (I'm asking seriously, because I don't understand how people get this impression.)
iMessage has some very fundamental design flaws that led to this attack: https://blog.cryptographyengineering.com/2016/03/21/attack-o...
The attack is not super-spectacular, but the more worrying thing is that the design is not sound. They use an ad-hoc crypto construction that fails to follow usual best practices. And they haven't really fixed it, they just put some duct tape over it to avoid the attack.
—Tanenbaum, Andrew S.
First of all, if you want total encryption, you'll need to make sure your connection is encrypted and secured as well (meaning following you back is not trivial), so the whole messaging should go through Tor[1].
There are plugin solutions for bitlbee[2], for Pidgin[3], and many other clients supporting OTR and similar encryptions.
If you want all-in-one solutions, you probably should look at Tox[4], which is a protocol, not just an app, built to be encrypted by default. It's complicated and nasty to use and set up, but it's pretty secure.
Other ideas might be drawn from the prism-break Communications list[5], listing apps like Chatsecure[6] or Xabber[7], both encryption-capable jabber apps.
[1]: https://www.torproject.org/ [2]: https://wiki.bitlbee.org/bitlbee-otr [3]: https://developer.pidgin.im/wiki/ThirdPartyPlugins#Securitya... [4]: https://tox.chat/ [5]: https://prism-break.org/en/protocols/ [6]: https://chatsecure.org/ [7]: https://www.xabber.com/
http://gizmodo.com/why-you-should-stop-using-telegram-right-...
My mistake. Text isn't end-to-end, only calls are.
[1]: https://wire.com/privacy/
I did read that facebook messenger now has end to end encryption, but as far as I can tell this is only for "secret" conversations - which are only available from the device you initiate the conversation from. Whatsapp would probably be a good choice if you (OP) have a lot of friends already using it.
There are, however, some upcoming developments which will change the situation in the next couple of months:
1) The main matrix.org client, Riot (https://riot.im) has end-to-end encryption now in beta. This will offer Signal-strength encryption, but in a decentralized, e-mail-like system with federated servers. This will create an ecosystem where people are no longer dependent on the goodwill (and solvency) of a single entity to use a good, encrypted messaging app.
2) Briar (https://briarproject.org) is a new (Android-only) app, designed for people with an especially high need for privacy. It works without central servers (through Tor hidden services, but hides the complexity of that), even works when the internet is down (e.g. when mobile networks are shut down during a protest) via Bluetooth and direct Wi-Fi connections, and it offers extra features, like a panic button that deletes all your data. It's in beta at the moment, with a planned release early next year.
TL;DR: Use Signal or Wire for now, but be ready to switch to a better system when available.
I did not know about Briar, that seems useful, even for cases where you are just of the grid with your friends.
Of course, this is the arm of the US government that very actively doesn't want back doors, because they operate in territories controlled by other not-necessarily-friendly governments. They need communications to be reliably secret, and they have no need to tap those communications. It's the same reason that government funding for Tor isn't inherently a problem for Tor's security, and you see other parts of the US government, like the FBI, trying to hack it.
It's definitely worth worrying that the government could decide that this part of its mission is no longer worth funding. But it isn't likely to be a risk of back doors. (Especially compared to all the other usual risks, notably simple bugs like Heartbleed and Weak DH.)
[1] https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding
[2] https://en.wikipedia.org/wiki/Radio_Free_Asia
The best way to go is Threema, IMO. Can be used completely anonymously. Servers are located in Switzerland. Uses NaCl. Recommended by Steve Gibson. Not free, though.
- proper implementation of e2e means where the servers are shouldn't matter
- threema uses GCM too -> whole google play services framework
- this steve gibson? http://attrition.org/errata/charlatan/steve_gibson/
- Encrypted local on-device storage. We have an always-on mechanism and never store the entire local storage decryption key on the device. It's half on the device and half on the server. In case of lost or stolen device, all data is still safe. In fact you can effectively "wipe" your biocoded app data even if the device is offline by deleting the server part of the decryption key.
- We allow private servers (not for free).
- Double ratchet algorithm for communication.
https://biocoded.com/faq#0
This is true.
> For sensitive governmental and corporate use, open source solutions are often dismissed outright."
But this is a false argument. Open source solutions aren't dismissed because they are open source per se, but because they generally lack predictable longer-term support.
Not for governments. Some are pragmatic, others will not even consider it if open source.
That is, of a government entity that explicitly rejects software products made by recognized (for-profit) companies because it's an open source.
Situation: Us "techies" know or easily can learn how to set up encryption and protect ourselves, the general public will not. Everyone needs encryption but most will only use it if: -their friends are using it -it is so easy a cave man can do it -it is beautiful
Complication: Current products are hard to use and are built for hackers. Encryption products need to build in vitality and understand the use cases of most users. To be successful this must be built with usability and UX first, not security methods first. Sormthing pretty decent that people use is much better than a great system that most people don't use.
Solution: Browser plugins that act like they are a part of the current email experience. Beautiful phone apps that give users the same functionality that they are used to having with much better security. More info below, this is my current thought process and work, not perfect I'm sure, would love input.
UX: Most users use email via browsers and default phone app. Initial plan is browser plugins + standalone phone app. Browser plugins exist for pgp but are too complex for the general public to understand and set up and require a user to get the recipient's key. We streamline the process by just having the user click "encrypt", enter a passphrase (will get to this in tech section), and click send. We take care of setting up the recipient with their account if they don't have one to be able to view their message. As for mobile messaging, users will enter their passphrase when launching the app and then be able to freely message, call, video chat until the switch to another app or exit.
Tech: Encryption using private/public key pairs according to pgp spec, of which implementation is gpg. Encryption/decryption happens on device or browser. We host last known good info for user public keys to prevent MITM attacks and will only use other sources if we don't have info of a user. Private keys are stored on our platform for cross device compatibility and so they are not stored on the users device. However these keys will be encrypted/decrypted on the users device using symmetric key encryption implemented as a complex passphrase.
https://www.prettyeasyprivacy.com/
They have iOS and Android clients, along with a subscription available for Outlook (Windows), and planned desktop versions for Apple Mail, Thunderbird and Web Browsers (Safari, Mozilla, Chrome and IE).
Telegram use end-to-end encryption only on so called "Secret Chats".[0] And in my experience very few people use "Secret Chats". This is the main reason I don't use it anymore and recommend against using it to others.
[0]https://telegram.org/faq#q-so-how-do-you-encrypt-data
Encryption, fantastic stickers, photo editor, tons of interesting channels, probably the best bots platform out there.
+ all mobile platforms and desktop version (as well as web based)
You can also find it's code on github.
Correct me if I'm wrong though