There has been rising concern over the past number of years around security in personal communications. More recently, with censorship on social media platforms occurring on a grand scale, people are wondering about securing social media platforms. I wouldn’t call myself an expert on either topic, but I have good knowledge of the underlying technologies and principles, and have done some investigative work into the specific platforms for work. With many friends and family suddenly interested in this topic, I figured I would write up a layman’s guide.
One word of caveat, since everything is politically charged today. I definitely have my own political views, and I mostly elect to keep them separate from my discussions of technology. I’m going to do so here as well. I’m not endorsing or objecting to any recent actions or desires of people to communicate in certain ways. If I ever decided to publicly share my political views, I would do that separately. For now, I’m simply going through the technological implications.
I know there are a lot of details below, but I strongly encourage people to read through it, or at least skim, to understand my recommendations here. But for the busy (or lazy), here are my recommendations:
- Private communication:
- Social media
- Your best bet for censorship freedom: host the content yourself, but that’s hard, and you have to find a place to host it
- When you use any platform, you’re at their mercy regarding censorship
- Each platform is pretty upfront at this point about what you’re getting. Facebook and Twitter will remove some voices, Gab and Parler claim they won’t
- General security
- Use a password manager!!!
- Don’t install random executables and extensions
- Don’t trust messages from people, confirm who they are, check URLs
OK, with that out of the way: the analysis.
Security doesn’t mean anything
This is the first major point to get across. People often use the term “security” for lots of different things. In a vacuum, the term doesn’t mean much. That’s because security only applies in the presence of a specific kind of attack, and we haven’t defined that attack. It could be a Denial of Service attack, where someone tries to prevent the service from working. It could be a physical attack, like stealing your phone.
What I hear people concerned about right now are two kinds of attacks. They think they’re related, but in reality they are not. Let me explain those attacks:
- I’m worried that my private communications are being read by Big Tech or the government
- I’m worried that my social media posts are going to be censored by Big Tech
Notice that, in many ways, these are opposite concerns. The former is about ensuring you can say something without anyone else knowing it. The latter is about ensuring you can say something loudly without anyone stopping it. The two different threats necessitate two different analyses, which I’ll provide below.
Also, let me address a threat I’m not addressing, since it’s an inherent contradiction. You can’t worry about privacy on social media, not in the “blast to the world” public concept it’s typically used in. If you want something to be private, don’t put it on social media. This may seem obvious, but many people seem to want to have their cake and eat it too. If you post on social media, you can always be held accountable for what you’ve said there. If you want privacy, use private communications.
Metadata versus data
Metadata is a term like “algorithm” which has a real meaning, but is (ab)used in the media so much to make it seem like scary, unknowable information. It’s not. Metadata is just “data about data.” Let’s take a simple private communication example. My doctor wants to send me a message about my test results. Most people, and most governments in fact, recognize a right to privacy for this, and enforce this through law (e.g., HIPAA).
In this example, the “data” would be the results themselves: what test I took, who administered the test, when I took the test, and the results. The metadata would be information about sending the message: who the sender is, who the receiver is, the size of the message, the timestamp of when it was sent, etc.
Many messaging protocols try to ensure two things:
- The data is completely private to only the participants of the conversation
- The metadata has as little useful information in it as possible
The reason is that, often times, metadata can be read by intervening services. In our test result example, it would be best to assume that a nefarious party will be able to find out that my doctor sent me some message at 4:32pm on Tuesday, and that it was 5mb in size. Most messaging systems try to hide even that, but you don’t usually get the same guarantees as with the underlying data.
And that brings us to the first important point.
Email is busted
Don’t use email for private communications, full stop. It’s an antiquated, poorly designed system. There are a lot of tools out there to try to secure email, but they are all as holey (not holy) as Swiss cheese. The primary issue: most of them have no ability to secure your metadata, and that will often include the subject. Imagine your nefarious character can read:
Sure, the rest of the message is secure, but does it matter?
Email is a necessary evil. Many services require it as some kind of identity provider. You’ll have to use it. But don’t consider anything you put in email safe.
With major providers like Gmail and Outlook, you can safely assume that the companies are spying on everything you’re saying. I use both, and assume nothing that goes on there is truly private. If you want to harden your email usage a bit, ProtonMail is a good choice.
Perhaps surprisingly, your best bet for privately communicating with others is messaging apps. These include options like WhatsApp, Telegram, and Signal, and I’ll get into the trade-offs. As with most things in security, there’s a major trade-off between security and convenience. Since I’m writing this for a general purpose audience, I’m not going to go into the intricacies of things like secure key transfer, since I don’t think most people will have the stomach for what’s involved here. Suffice it to say: these options are, in my opinion, the best options that I think most people will be comfortable using. And they’re secure enough for me to use, as you’ll see.
The primary question for messaging apps is encryption, and specifically public key cryptography. With public key cryptography, I can send you a message that only you can read, and you can verify that I’m in fact the one who sent it. Done correctly, public key cryptography prevents many kinds of attacks.
But there’s a twist here. Let’s say Alice and Bob are trying to talk to each other using a messaging app called SecureTalk. Alice uses the SecureTalk app on her iPhone, and it sends messages to the SecureTalk server, which sends the messages on to Bob’s Samsung device. Alice encrypts her message, so only the recipient can read it. The question is: who is the recipient? This may seem obvious (Bob), but it’s not. There are two different possibilities here:
- In something called end-to-end encryption, Alice will encrypt the message so only Bob can read it. She’ll send the encrypted message and some metadata to the SecureTalk server. The server will be able to read the metadata, but won’t know what the message itself says. Then the SecureTalk server sends the metadata and encrypted message to Bob, who is the only person who can read the message itself.
- The simpler approach is that Alice will encrypt the message so that the SecureTalk server can read it. This prevents random other people on the internet from reading the message, but doesn’t prevent SecureTalk from reading the message. SecureTalk then re-encrypts the message for Bob and sends it to him.
You may think that (1) actually sounds simpler than (2), but for various technical reasons it isn’t. And therefore, a lot of systems out there still do not provide end-to-end encryption. The primary culprit I want to call out here is Telegram. Telegram is viewed as a secure messaging platform. And it does provide end-to-end encryption, but only if you use its “secret chat” feature. But you lose features with it, and most people don’t use it most of the time. In other words:
Telegram is not a good choice for security, despite its reputation to the contrary.
How do you identify yourself to the messaging service and your colleagues? Most apps use one of two methods: phone number (verified via SMS) and email address (verified via confirmation email). For the most part, the former is most popular, and is used exclusively by systems like WhatsApp, Telegram, and Signal. This is good from an ease of use standpoint. But there’s a major issue to be aware of:
Your secure chat identity is tied to your phone number, and most countries track ownership of phones.
Maybe you can buy a burner phone without the number being tied to your identity, I’m not sure. I’ve never needed that level of privacy. But the other system, email address, is easier for creating a more anonymous identity. Most people can easily create a ProtonMail account and have an anonymous experience.
This is outside the bounds of security, but another advantage of email-based identity is that family members without their own cell phones (like my kids) can use those systems.
If you want to use email as your identity, and make it easier for people to communicate fully anonymously, systems like Wire and Matrix are your best bet. Wire honestly overall seems like the best system for secure communication to me, but it has the downside of not being as popular.
Many systems offer a feature called “exploding messages” or similar. It’s a nice idea: you can send a message, and the message will be deleted in a certain amount of time. I’ve used it at work for sending temporary passwords to people when signing into new accounts. It works great when you have full trust in the other side.
DO NOT RELY ON EXPLODING MESSAGES
There is no way at all to prevent a nefarious message receiver from screenshotting or otherwise capturing the contents of the message. We’ve probably all heard horror stories of high school girls sending their boy