After the revelations of the Snowden case and the mass espionage programs, users have become aware of the importance of the secrecy of our communications and, therefore, we begin to take into consideration the degree of privacy when using one service or another.
Google announced the end-to-end encryption between Gmail users, precisely, to guarantee the users of its service the secret of their communications. Following this path have emerged extensions such as ShadowCrypt to encrypt messages or the development of projects such as Dark Mail to implement a secure email system and “immune” to spying and unauthorized intrusions.
If we take into account that through telephone conversations, or even through messaging services, we can get to exchange sensitive information, it makes sense that we take into consideration the privacy of our conversations and, therefore, that we look for applications and services that ensure “end-to-end” encryption on the devices we use on a daily basis.
The EFF (Electronic Frontier Foundation) published last November, a report in which evaluated the security of messaging services most used by users of smartphones that, precisely, did not leave in too good a place the most used services (WhatsApp, BlackBerry Messenger, etc.).
That a service offers an encrypted channel between our terminal and its servers does not guarantee the secrecy of our communications, there must be an encrypted channel “end to end” (from a terminal to terminal), that is, in the servers of the service should not be accessible our conversation.
Another important detail is the possibility of auditing the services we use, if the source code is accessible, at least it can be reviewed by independent third parties and verify that the declared specifications are met and that there are no “hidden functionalities” not declared.
Calls encrypted from the mobile: Android and iOS:
- Fortunately, we have more and more options available for both iOS and Android.
- The signal is one of the products that have developed from Open Whisper Systems and is aimed at making secure phone calls between iOS devices (based on end-to-end encrypted communication).
- The use is extremely simple: install the application and indicate our phone number. Then the application exports our contact list to verify which contacts use the service and, from there, we can call them (although, yes, it will be a communication on the data network since it is an IP call on a secure channel).
In the case that we use an Android device, the same company offers us the RedPhone application so that we can also make voice calls on a secure communications channel (using, likewise, our data connection or through a Wi-Fi connection).
And what happens if we want to establish a communication between iOS and Android? There is no problem, Signal and RedPhone are interoperable; therefore, from Signal you can make calls to RedPhone users and vice versa. In both cases, the code of the applications is available for auditing and communications are supported by the secure ZRTP protocol, which is why, a priori, it is a reliable service.
Encrypted messaging both from desktop and mobile devices:
- There are several options to protect our messages, some as well known as Telegram which, in its secret chat mode, offers end-to-end encryption and in this option, the conversations are not accessible from the Telegram servers.
- Another known option, and extended in the market, are Apple’s iMessage and FaceTimeservices; available on OS X and iOS, these messaging services and video calls also offer end-to-end encryption, although the source code is not accessible to third parties, and we must trust Apple for its secrecy.
- If what we want to encrypt are SMS, a third alternative to communicate securely from Android is Text Secure, although, yes, it is only aimed at instant messaging via text.
- In the case of iOS, Signal includes both calls and written messaging; in Android, you have to resort to two different applications, on the one hand, RedPhone for calls and, on the other hand, Text Secure for text messages (since this application replaces the SMS container of the terminal to use a secure and encrypted store and which requires a password to access the stored messages).
Another interesting service, and also multiplatform, is CryptoCat. Available for both iOS and desktop browsers, this chat service (written messaging) allows us to encrypt the messages that are exchanged by users (they are encrypted and can not be deciphered until the information reaches the destination client) and, in addition, it is a project in open code so it can be audited to verify its functionality. In principle, the communication channel is safe although from the service they try to be somewhat conservative and clearly warn that “it is not an infallible tool to which you should entrust your life” (a fact to be taken into account).