28.03.2024

Crypto, Encryption and the Quest for a Secure Messaging App

Within the crypto community, debates have been raging about the merits of popular encrypted messaging apps such as Telegram and Signal. Cloud-based platform Telegram has enjoyed tremendous success, with several hundred million downloads; its ambition is to cross the 1 billion threshold by 2022.

Telegram is well known in the cryptosphere, having conducted a $1.7 billion token sale last year. However, because the platform isn’t open-source, users must trust Telegram to honor its assurances that messages are secure from retention and interception.

How confidential is our conversation? This question has come to the fore in recent months, driven by a flurry of news stories detailing the weakening of encrypted messenger apps at the behest of law enforcement. A concerted effort on the part of the state to backdoor messaging apps and spy on our most private conversations is something that should concern every member of the cryptocurrency community, many of whom are desperate for an invulnerable app that won’t leak their secrets.

Finding an Encrypted Messaging App That’s Fit for Purpose

Signal is widely viewed as an upgrade on Telegram, its policy of minimizing data retention having won rave reviews from many privacy absolutists including Edward Snowden. Unlike Telegram, the free app is open source and all messages encrypted end-to-end by default. That said, it’s not as feature-rich as users may like. Some people are also uncomfortable with having to use their phone number for verification, which could spawn further security risks.

Crypto, Encryption, and the Quest for a Secure Messaging App

Debrief

Decentralized messaging platform Debrief is an interesting alternative, as it implements data storage, encryption and authentication on the blockchain. All messages are encrypted by default, and Debrief follows the same policy as Signal in terms of data retention (i.e. no stored chat logs). The platform also acts as an open-source middleware for blockchains and legacy comms tools, which can tap into its blockchain-based encryption protocols to enhance security and internal data privacy. “By refraining from centralized control, we will be removing the weak link from the equation – the third parties”, says co-founder Jeff Pulver.

Dust (formerly known as Cyber Dust) is another blockchain-based, pro-privacy messenger app which utilizes the disappearing message feature to make sensitive data ephemeral. That said, messages self-delete after 24 hours – with some users wondering whether automatic self-deletion would be preferable. Dust went live in March, 2014, meaning it’s a veteran in this space – the fact that it’s still popularly used for text communication is a good sign.

Crypto, Encryption, and the Quest for a Secure Messaging App

A Concerted Anti-Privacy Movement

In February, reports indicated that the EU’s executive branch had urged staff to replace Whatsapp with Signal for all messaging needs, in a bid to enforce the security of communications. Like Whatsapp, Signal is an end-to-end encrypted messaging service, but while the former is owned by Facebook – a company rightly criticized for its history of data harvesting – Signal is an open-source project funded by the non-profit Signal Foundation. Pro-privacy features include the ability to send and receive view-once media, automatic metadata deletion, and the use of “safety codes” for each conversation. Screenshotting messages is disabled.

The European Union’s executive branch determined that Whatsapp was not secure enough to handle sensitive and classified information shared between diplomats (and according to the latest update, even Signal may not be sufficiently secure). Fair enough. Yet it’s telling that the EU sees value in secure encryption, yet wants to retain the ability to undermine such standards when it comes to the general population.

The hypocrisy is staggering but not surprising. The National Security Council recently discussed whether to prohibit encryption without a mandatory backdoor for state access to plaintext. Members of Congress are also debating the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, which promises to strip away Section 230 protections and open up backdoors to encryption.

Law enforcement in the U.K., U.S. and Australia, meanwhile, have urged Mark Zuckerberg to abandon his plan to introduce end-to-end encryption on all of Facebook’s messaging products, while MI5’s director general has urged tech companies to permit spy agencies “exceptional access” to encrypted communication. While this is all in the name of national security, it stinks of one rule for the government, another for the people. We are not entitled to privacy of communications in a free and democratic society, it seems.

On March 6, Matthew Green described the latest bipartisan bill pushed by U.S. senators, EARN IT, as “a direct attack on end-to-end encryption”, writing: “It’s extremely difficult to believe that this bill stems from an honest consideration of the rights of child victims, and that this legislation is anything other than a direct attack on the use of end-to-end encryption.” He added:

My hope is that the Internet community and civil society will treat this proposal with the seriousness it deserves, and that we’ll see Senators rally behind a bill that actually protects children from abuse, rather than using those issues as a cynical attempt to bring about a “backdoor ban” on encryption.

Keep Calm and Encrypt

Against this Orwellian backdrop, the need for end-to-end encrypted messaging capabilities is obvious. This is something the crypto community well understands, as governments are especially determined to learn more about their financial affairs and transactions. And it’s not just governments you might wish to keep your communications safe from; it’s also cybercriminals, data thieves and extortionists.

Securing your communications with end-to-end encryption should be a right, not a privilege, in a digital age. Unfortunately, this quest is becoming increasingly difficult as three-letter agencies and politicians jockey to secure unprecedented access to the everyday affairs of their citizens under the guise of anti-terrorism and child protection. There’s no universal messenger that can provide a panacea to this problem, but there are applications, at least, that will minimize leakage and ensure your private conversations remain that way.

Leave a Reply

Your email address will not be published. Required fields are marked *