Robert's blog
Robert Važan

Secure messaging apps

Instant messaging (or chat) security has advanced considerably, but it's still hard to pick something really secure. Here I go through the available options as well as the reasoning behind their design. The good news is that secure messaging is finally an (almost) solved problem and you even get to choose an app by personal preference.

TL;DR

Use Signal on the phone, wire if desktop or in-browser chat is required, WhatsApp to talk to the masses, and ProtonMail as an email fallback. Avoid everything else.

Who needs secure messaging anyway?

Or more technically, what's the threat model? Let's first address this elephant in the room.

People sometimes think that security doesn't matter, that security is for nerds and maybe whistleblowers. They couldn't be more wrong. Poor messaging security can seriously screw up one's life. Leaked chats can destroy careers, marriages, or land people in jail. Bad guys can use stolen chat history for blackmail, doxing, untimely outing, or just plain ridicule. It's like having your whole life recorded and the best parts published on local radio. Are you scared enough already?

Okay, okay, let's say that some security is useful. Could we get away with some basic security? All modern chat apps surely implement at least the basics of security and we could then avoid all this fancy advanced trickery, right? Well, yes, to some degree. Personal devices make sure that local chat logs are only yours. Encryption between chat client and chat server prevents spying on WiFi and local ISP level. Finally, chat servers are operated by professionals, often big businesses, who can surely secure their stuff, right?

Keep dreaming. The central servers are anything but secure.

A chat server full of personal data is a bad guy magnet, be it hackers, data smuggling employees, advertisers, or power-hungry politicians. Governments in particular are in a unique position to use lead pipe cryptanalysis on server operators. You might be thinking that's alright since it's the government, the good guys, right? Well, government isn't always the good guys, but more importantly, governments delegate their powers to police officers, divorce courts, intellectual property owners, and whoever else can find some excuse to perform deep anal inspection on you.

At this point, many people shrug and point out that the government can get them anyway, so why bother? One could ask which government, but let's pretend for a while that Internet spying is somehow magically local. To use colorful metaphor, even though you always risk your ass on the street, you wouldn't willingly stand in the street overnight with your ass naked and carrying neon sign "please rape my ass", would you? You might not be able to escape targeted attacks, but modern secure messaging apps can still protect you from trickle-down surveillance by ordinary cops and lawyers, not to mention bad guys.

What went wrong with email?

There is one universal messaging service that everyone uses: email. Email, being as old as the Internet, started out completely insecure, but later received security upgrades mostly through S/MIME and PGP. These security measures aren't perfect, but they could be upgraded. Unfortunately, there is nothing to upgrade, because nobody uses PGP. Everyone just uses the original insecure email. Why? Some poeple think it is the difficulty of using PGP, but people get used to unpleasant tools all the time when they have to. And that's the problem. They don't have to. PGP is completely optional and nobody cares. Difficulty of using PGP might be a part of the reason why it's optional, but usability can be fixed. What cannot be fixed is the reluctance to make email security mandatory or even widespread.

Optional security measures are enabled only by people who understand them, which is hardly 10% of the population. Since messaging requires at least two participants, this means that less than 1% of conversations will be secured on both sides. In case of email, the best you can do is to join an email service that encrypts everything by default, for example ProtonMail. Messages sent within ProtonMail network are end-to-end encrypted. Outside messages are at least dropped in your personal encrypted storage. This provides ProtonMail with some legal protection on top of being based in Switzerland, because they can claim they simply don't have the data, so they cannot hand it over to authorities.

Signing up for ProtonMail won't solve the problem though. When you publish your email addresses, you might be advertising ProtonMail (if not hidden behind your own domain), but most people will sign up for insecure webmail services instead. The email network as a whole remains hopelessly insecure. This is why change of protocol is needed to achieve network security and that's why the new messaging services are interesting. Aside from improving security, the new networks also fix email's usability issues.

Comparison of chat apps

Now that you want a secure messaging app, you might be wondering which apps qualify and which one should you pick. EFF used to have a secure chat client scoreboard, but they took it down when they realized it's not that simple. Wikipedia has a nice overview of secure chat clients. We can ignore all that have only optional end-to-end encryption (like Telegram's secret chats) for the same reasons we don't take PGP seriously. We will only consider apps with mandatory end-to-end encryption.

Signal app is currently the gold standard of security. It is designed to be truly secure. It was extensively reviewed by security researchers. And it is fully opensource, developed by a non-profit. It will run on many different platforms. There is no web client though. Signal's developers argue that web clients are inherently insecure, because they cannot be signed and verified the same way desktop and mobile apps are. This is true, but for people using more exotic platforms (including myself) that don't have a native client, this means looking for an alternative. Another issue with Signal is that it is tied to a phone number, resulting in numerous issues including poor dual SIM support, unavailability on WiFi-only tablets, and secondary status for desktop clients that must be linked to a phone.

For business use, especially on desktop, wire is a better option. Wire collects more metadata on its servers, but messages themselves are still end-to-end encrypted. It is based in Switzerland, which adds to its legal protection. Its main advantages include the availability of true web client and a separate account system independent of phone numbers. This makes wire particularly useful in business environment. Wire developers are apparently aware of this, which is why they are offering a paid business service with some extras. The free personal version is nevertheless perfect for everyday use. The for-profit nature didn't prevent wire from opensourcing both client and server code.

The issue with both Signal and wire is that they have a small audience, which makes them primarily useful inside closed groups like families, friends, and businesses. Something more popular would be desirable, but all the more popular messaging apps have some issues. I will mention WhatsApp here, which is similar in technology to Signal (even using Signal's communication protocol) and in business model to wire. On the flip side, it is not opensource, it is based in the US, and it is owned by the data-hungry privacy-trampling Facebook. It shares Signal's downside of being tied to a phone number.

There are some other clients that fall in the end-to-end encrypted category, but I didn't find any of them interesting enough to include here. The market changes quickly though. I will be posting updates.