Secure your Chats!

When you send a postcard through the mail, the content is not protected and anyone who handles it could read it. The same is true of SMS text messages–any carrier of the message can potentially read the contents.

When a message is encrypted, it is scrambled so that only the sender and receiver can read it. Think of it like using a sealed envelope to send a letter in the mail instead of a post card.

A common way chat apps protect your messages is to encrypt them between your device and the app’s servers. The content of the message is decrypted in the app’s server then sent encrypted to the recipient. This type of encryption is like a letter being sent in an envelope to a mail centre, where it is then opened, repackaged in a new envelope, and sent to its destination. Security is provided when your message is in transit and stops your Internet Service Provider or network operator from reading the content. But the provider of the chat app has a copy of your message and that can lead to risks if: the companies servers are compromised; a rogue employee accesses them, or a government agency requests the data from the provider.

Recently, many chat apps have introduced "end-to-end" encryption, which means messages are encrypted so only the sender and intended recipient can read them - like sending a letter that is locked with a key that only the recipient has. End-to-end encryption protects the privacy of your messages and ensures only the people you send them to can read them.

Popular chat apps with end-to-end encryption

These apps have end-to-end encryption on by default!

• WhatsApp
• Wire
• Signal
• LINE

These apps include options to turn on end-to-end encryption

• Facebook Messenger
• Kakao Talk
• Telegram
• Google Allo

Encrypted Messaging is Not Invincible

End-to-end encrypted messaging is effective at protecting the content of your messages from being read as they travel across the Internet to your contacts. But encryption alone is not invincible: to stay secure you also need to protect your device and be mindful of the other information that is sent along with your message.

Secure your Device

End-to-end encryption protects your messages when they are sent over the Internet, but you still need to protect the security of your device to ensure if it’s ever lost, stolen, or confiscated, your messages can’t be read.

Password protect your device. Use a strong passcode to lock your device. A screen lock protects your data from being accessed when your device is on. Set it up for Andriod and iOS.

Turn disk encryption on. Encrypting your device protects the data on it when your device is off and ensures your data can’t be copied and read if your device is lost or stolen. If you use a recent iOS device and have it protected with a passcode or touch ID your device is already encrypted! Most newer Android devices have encryption by default, but you can check if you have enabled disk encryption with a few easy steps.

Don’t wait. Update! Ensure your operating system and apps are updated with the latest security fixes.

Watch out for sketchy apps and messages: If your device or your contact’s device is infected by malware it's possible that someone can access your messages. Be mindful of the applications you install. Don’t install apps from unknown sources, and be vigilant about messages that ask for passwords or try to trick you into installing applications.

Be mindful of metadata

Sending a message with end-to-end encryption means that only you and your contact can read the content. But a lot can still be learned just from metadata (the data about the message), like when it was sent, to whom it was sent, and what application was used to send it. Metadata is like the address information and stamp on an envelope. Encryption protects the content (the letter inside the envelope) but does not protect the metadata (the address information on the envelope). An application may store this information or it could be intercepted by someone who is monitoring the network.

Identity verification

How can you be sure that the person you are talking to on a chat app is really who you think they are? Secure chat apps should include identity verification features that help you to confirm who you’re talking to.

Identity verification features provide a verification code that you can check with your friend over a phone call, message in another app, or by scanning a QR code in person. A secure chat app should alert you if your chat buddy’s device information ever changes, which means you should re-verify them.

Chat apps equipped with identity verification include:

• WhatsApp
• Signal
• LINE