At MIT’s Day of Action, Nathan Freitas of Guardian Project led a workshop on mobile security for activists, focusing on various secure messaging apps available today, touching on their benefits and risks for different kinds of activities and communities.
Common messaging apps (and their secure setting)
- Conversations (default, can also interface with other secure XMPP apps like ChatSecure and Zom)
- Facebook Messenger (secret conversations setting)
- iMessage (only for messages to another iPhone/iMessage users, i.e. “blue” messages)
- Signal (default)
- WhatsApp (default)
All of these apps transfer messages over the internet via your data plan. SMS messages are never encrypted and can additionally be seen by your telephone company, which is particularly insecure because metadata from phone companies can be acquired without a warrant. Instead, internet-based messaging apps can be secured using “end to end” encryption with their secure settings. This means that messages are encrypted and then conveyed over encrypted connections (HTTPS/TLS) between phones and servers.
It’s important to understand what each service knows about its users and what it stores. This may include:
- When you are connected to the internet
- Your phone number for user identity purposes (thus, they can look up your name at the phone company)
- Your network of friends, IF you uploaded your contact book
Because of end to end encryption, these companies generally don’t have access to your messages unless you are using them on an insecure setting like green messages on iMessage (actually sent by SMS) or non-secret Facebook Messengers messages. Because of this companies under subpoena can only provide metadata, not the messages themselves.
Some apps have less metadata than others. WhatsApp keeps a lot of metadata for analysis/advertising purposes. Apple is opaque about what data it keeps from iMessage but it has a good record of fighting government subpoenas. Signal deletes most metadata after it completes a transmission, only retaining when you last connected to their servers. Conversations is not tied to a phone number and can interchange with other servers using the same messaging protocol—including running your own if you want complete control over security.
Disappearing messages is feature available on some services like Signal and Facebook Messenger that will actually delete messages after a set period of time, so that they can’t be accessed by others or downloaded if you phone is confiscated. Additional security features on WhatsApp are also available to make it more like Signal such as asking that it notify you when someone’s identity changes and disallowing cloud back up of your messages.
What should I use? Consider these questions as activists:
- Are we going to be talking about breaking the law and possibly creating a record of that conversation? (then it should be secured)
- What level of sophistication do people have with their phones and what services are they already using? (e.g. if everyone is on WhatsApp already then use WhatsApp)
- Need a good middle ground solution? Signal is easy to install and use and very secure, and great if people have aversions to Facebook (who owns WhatsApp).
More General Security Recommendations
- Use a password manager: Nathan uses Lastpass for things he needs to share and KeePass for things he doesn’t. These can also be used to take secure notes.
- Use a phone that gets security updates and always install them: iPhones, Google, Samsung
- Use a Chromebook as your activist computer: disposable at low cost and helps you isolate data from your normal life from your activist activities.
What about Slack?
Slack is not end to end encrypted and retains messages on their side. Nathan recommends Moxtra and Semaphor as more secure options for enterprise.