Care About WhatsApp’s End-To-End Encryption? Then Try These….
With WhatsApp’s recent move to implement end-to-end encryption, the topic of security has received a fresh new injection of debate and discussion. In fact, the team here at Panoply Digital have spoken about the topic in recent weeks here and here. ICTworks have also just posted an excellent article on practical applications for privacy protection and digital security in development here. I have always taken a fairly liberal approach to people’s rights and online security. I supported the mission of WikiLeaks to ‘bring important news and information to the public’ (although perhaps not my fellow Australian’s seemingly narcissistic motivations); I cheered Edward Snowden along (whilst incredulously observing his naivety); I abhorred the NSA spying scandal; and was pleasantly surprised by Apple’s recent stand against the FBI. What I hadn’t spent a lot of time doing however, was securing myself!
Along with the increasing amount of media coverage the topic is getting, I have personally had reason to become more interested (concerned?) about my own means of online activity and communication. One, my ‘baby’ brother has recently graduated high school and is studying for a degree in Internet Security and Criminology (proud big sister right here!). And two, I have been working with my colleague Michael Sean Gallagher on developing a training course around secure communications and useful tools that can be easily implemented for personal or business use with minimal cost. For anyone hot on the topic, these probably won’t be news to you, but for those who may not have looked into the topic beyond headlines, you will hopefully find something here that might be of use for you. (Please note, this article is not sponsored – I just wanted to give some airtime to some really great products and services that I think should be even more mainstream than they are!)
Tutanota: Having been around since 2011, Tutanota seems to be standing the test of time, unlike one of its competitors Lavabit. (Lavabit was served with a warrant from the US federal government demanding that it hand over the private SSL keys to its service impacting all Lavabit users. Lavabit did not comply and subsequently shut down its operations. Lavabit’s founder is now working on Dark Mail which promises to be email 3.0.) Tutanota is a free service with upgrades available, and has the ability to set passwords when sending emails to non-Tutanota users. It’s German-based and open source – and its impossible for Tutanota to decrypt emails meaning governments can’t strong-arm them into handing over data. Whatever you do though, do not forget your password as there is no way for Tutanota to recover it for you!
ProtonMail: Developed by some uber-geeks from CERN and MIT, ProtonMail is probably the most secure option against NSA spying and surveillance issues and is fast becoming the most popular. It offers two layers of security with a login and mailbox password. ProtonMail is best used by a whole organisation, however you can encrypt non-ProtonMail user emails with a password. The level of security is incredibly high with little to no chance of anyone being able to view your emails if they don’t the password from the sender. You can also set emails to expire at a certain time so the emails do not sit on servers. For ProtonMail to ProtonMail users, encryption is end-to-end so there is no need to set additional layers of security although these options are still and there is a cost. Slightly more than Dropbox. For legal compliance, ProtonMail is based in Switzerland. They have a great blog giving details on why this is important, for the key thing to know is that under Swiss law, ProtonMail cannot be compelled to backdoor their email system.
MESSENGER
Telegram: Many of you may have heard of or even used Telegram. Based on its features, it should have the user base of WhatsApp and has even had end-to-end encryption well before WhatsApp were hailed for adding it to their service. In fact, it’s likely that WhatsApp addition of end-to-end encryption was in response to the offering Telegram already provided to its users. So why is it still better than WhatsApp (besides not being owned by Facebook)? Two features in particular: auto-destruct messages and secret chats. Auto-destruct is quite self-explanatory. Secret chats mean only you and the recipient can read those messages and nobody else can decipher them, including Telegram themselves. Messages cannot be forwarded from secret chats and when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well. Pretty cool, huh!
STORAGE
SpiderOak: Released in 2007, SpiderOak seems to be here to stay. It’s available on a free trial but for effective use, the service costs are just slightly above those of Dropbox. Perhaps SpiderOak’s most impressive feature is its ‘zero knowledge encryption’ meaning it knows nothing about the encrypted data stored on its servers – the meta-data is all under your own control. Like Tutanota, you can never retrieve your password if you lose it so hide that thing somewhere safe. Not just one of those ‘put it away somewhere for safe-keeping’, but really DO NOT LOSE it!! The service avoids duplication of files which saves on storage space. Sharing is not as straight forward as, for example, Dropbox, however it’s not designed to be. Security and not necessarily convenience is what they are providing. With SpiderOak, you need to create an ID and room key in order to share documents adding an additional layer of security. There is no limit on how many rooms can be created and you can delete them at any time. SpiderOak supports Windows, Mac OS X, and Linux. You can sync across all your devices with all actions during a sync first encrypted.
Hopefully that has provided some options for you to think about. If you have used any of the above or have other tools or applications that you use, let us know in the comments below!