“But if I am doing nothing wrong then why worry?”
What if privacy is something that makes you a human?
While it is useful to deny snoopers such as Facebook, Google, US National Security Agency (NSA), FBI, Police, insurance companies, etc., from seeing your information, your habits and routines, etc., you can at least be aware that everything you say that is not encrypted is being vacuumed up and stored in huge databases.
If you are okay with that, then maybe you are also okay with never wearing clothes, never closing the curtains on your windows, removing all the bathroom and bedroom doors inside your house, and posting all your secrets to your public Facebook stream?
Do those ideas seem like an overly dramatic response to your normality bias and lack of concern for certain kinds of snooping? OK… please read more to discover what may be more realistic for YOU:
You have a passcode or some sort of security on your phone, yes? How often do you hand your phone to someone for the purpose of them looking at all your pictures and messages? Same goes for email. If you didn’t have anything to hide, you wouldn’t care. But you do. Most people do.
“A society where people can be monitored at all times … breeds conformity, obedience, and submission.” ~ Glenn Greenwald
You might be okay with security agencies, companies, or governments having your private information. You might trust Facebook, Twitter, and Google. But what if they decide to sell your information to the government, are forced to give it up, or get hacked and your sensitive information falls into the wrong hands? Like someone who wants to target your company or family. Would you still be okay with that? Would you be okay knowing that your photos, emails, or chats are in the hands of someone who can blackmail you?
“Facebook is collecting the most extensive data set ever assembled on human social behavior.” ~ MIT Technology Review
Many ideas about government snooping – previously considered to be conspiracy theories – have come out into the open as being true. The most recent high profile exposures are related to Edward Snowden, former NSA contractor, and Julian Assange of WikiLeaks.
Former NSA contractor Edward Snowden – Defected and revealed massive spying by US Government on its citizens.
“…Invented by a self-styled radical cryptographer who goes by the name of Moxie Marlinspike (although his real name may or may not be Matthew Rosenfeld or Mike Benham), Signal was brought to life with funding from the BBG (CIA spinoff entity) – supported Open Technology Fund (which has pumped in almost $3 million since 2013), and appears to rely on continued government funding for survival. Despite the service’s close ties to an organization spun off from the CIA, the leading lights of America’s privacy and crypto community back the app…” from https://thebaffler.com/salvos/the-crypto-keepers-levine
Even when a messenger is not run by corrupted entities, much evidence has been exposed showing that there are many ways government entities have to compromise those applications via the hardware you use (think phone and computer) and the operating systems running on that hardware. So this author recommends you be very careful what you share using even the most trusted messaging applications.
Two videos that will bring you up to speed, if not scare the crap out of you
A talk at Chaos Communication Conference 2013 that reveals some privacy violating technology being reported on in 2013 that will blow your mind:
Glenn Greenwald’s TED talk on why privacy matters:
“But I have hundreds of friends I communicate with daily using Facebook Messenger or Facebook’s Whatsapp!”
While it would be in everyone’s best interest, privacy-wise, for you to stop that right now, it’s understandable that you may have quite a few friends who use this method of communication and you may not want to just disappear. You can start small and gradually shift into more privacy and security. Inform your friends about how important privacy is for all of us. Invite them to start communicating with you using one of the many free secure messaging apps out there.
The most popular ones have versions for phone, desktop, and web. Many of your friends will prefer the familiarity [habit] of Facebook Messenger over privacy. Depending on your preferences, you don’t have to stop using that method to communicate with them. Even reducing the amount you use unsecure tools is a good thing.
“Come on! How am I harming others by using Facebook messenger?”
It’s no longer a conspiracy theory. We are now 100% sure that the NSA not only copies all location data, messages, chats, emails, and phone calls of all Americans and foreigners in the USA, but also Americans and foreigners in other Countries.
Let’s do a thought exercise
For a moment, put yourself in the shoes of an FBI agent with access to the NSA’s databases. Agent Snoopydick wants to find and track drug dealers in a specific region who are not working for Big Pharma. You begin by running a query on the database for anyone who has uttered [in either email, phone, text, social media post, or messaging] any of the following “alert” phrases:
- buy some
- come down
- coming down
- do some
- get high
- get wasted
- get wired
- pizza toppings
- quarter ounce
- quarter pound
- score some
- trip on
- trip out
- under the table
Your query returns billions of records. You narrow it down to a one month date range. You narrow it down further by filtering for “only conversations where a location could be identified and that location was Los Angeles.”
Then, grouping by user, you save this recordset as “Threat Level 2” (low). Your next query is to find a match of anyone in that same time period who has been within 5 meters of these Threat Level 2 people for more than ten minutes or has communicated with them from anywhere. Save the resulting recordset as “Threat Level 1” (low).
If anyone in the Threat Level 1 group has used any of the above alert phrases or has a criminal record, you copy them to the Threat Level 2 list. Now, with that list, let’s rank the users by how many of their fellow Threat Level 2 users they are connected to by either “same location for ten minutes or more” and/or communication via phone, texting, or email. We’ll put these “popular” people in a new list and call it “Threat Level 3” (medium). These guys are our suspected dealers.
From here we can do all kinds of nifty queries. We can look at travel habits, spending habits, etc. You could look for locations that come up most and surveil the ones with the highest number of Threat Level 2 or 3 users visiting. Get creative and you can find a huge number of potentially “guilty” people.
How does this hurt Mr. Law Abiding Joe Shmoe? This exercise demonstrates just how connected we all are. Merely by associating with someone who associates with someone who might be breaking the law, you get put on a list. Maybe being on a Threat Level 1 or 2 list isn’t cause for you to care right now. But how sure are you that any of the following won’t happen?
(a) Laws will get more strict in the future so that something you do now becomes illegal later.
(b) You run for parasitical office, so you can bet your opponents will dig the “skeletons” out of your closet.
(c) You or someone close to you gets into trouble and that list is used to tip the balance against you or them? What if a law gets passed that anyone on a Threat Level 2 list can no longer use their passport? Use your imagination.
What scenarios can you come up with?
“How do I stay off those lists?”
It’s probably difficult, but not impossible to stay off all their lists. You can certainly reduce the chances and/or your “Threat Level”. If you want to start privatizing at least some of your conversations – and you will be surprised how many of your friends already are – how do you choose an encrypted messaging app?
The four most popular ones are Telegram, Signal, Wire, and WhatsApp. There are other, less well known apps but app popularity does matter if you want to use an application that more of your friends are using or will use. Changing habits can be difficult for people, so it helps if the app you want them to try is easy to use, right? Bonus if it is even attractive, fun, and feature-packed!
Also, the more popular apps have a higher likelihood of having been “battle tested,” meaning they have been put through a greater variety of situations to weed out bugs and vulnerabilities.
For efficiency, I’ll narrow our list down to two apps. While most acknowledge that Signal is the most secure, its usability and feature set are still lacking compared to Telegram. WhatsApp is owned by Facebook and has been caught sharing users’ sensitive information. Some [data hungry] governments even subsidize Whatsapp data use as part of users’ phone service.
So our list is narrowed down to Telegram and Wire. My personal favorite for many years now has been Telegram because of its maturity, speed, feature set, flexibility, attractive interface, and reliability. Why does “attractive interface” matter? My reason: If I’m going to spend a certain amount of time today looking at a screen, I’d rather look at something my eyes enjoy.
A friend suggested I try his favorite, Wire. I had already been using Wire for about 6 months because an important client used it, so I was not unfamiliar with it. Until now I only used it with that one person.
I already had a negative view of Wire because I found:
(a) The interface to be cumbersome.
(b) It lacks features I enjoy using in Telegram.
(c) The mobile and desktop applications ran unstable on my systems.
(d) The number and severity of bugs I encountered while using it.
But I thought maybe I could put up with those bugs in order to experience the increased privacy my friend assured me that Wire offers. So I dove in and invited others in my community to join me in using Wire. After a few weeks of bouncing back and forth using both Telegram and Wire all day every day, I’m sad to report that Wire still had too many annoying bugs for me. Worse, all the people I recommended Wire to had the same issues with it that I had. If you are curious, play with it and see how many bugs you can catch. Of course, it’s been almost 3 years now, so I’m sure they have improved it, just as Telegram has gone through its own improvements.
As if that isn’t enough, compared to Telegram, Wire does not meet my needs for ease, usability, and reliability. I encourage you to use both and make your own decision about which app you want to use all day every day. And let’s not kid ourselves, you will probably end up using both because – like me – you probably have some friends who use only one or the other. Luckily, they are both free.
“But how secure are these apps?”
The mistake I hear some people making when evaluating an encrypted messaging app is to call them “secure” or “not secure” as if any of them are 100% secure or 0% secure. It is not black and white.
Side note: Black and white thinking is actually considered a malady called “Splitting.”
No app is perfect and with the apps I’ve mentioned above, you can at least be sure that your communication is being being encrypted.
Is Wire perfect and always has been? No. Wire has been found to have vulnerabilities. https://techcrunch.com/2017/02/10/messaging-app-wire-now-has-an-external-audit-of-its-e2e-crypto
Wire has since fixed those particular vulnerabilities. Is everyone 100% sure they don’t still have others? No. How could we know? Before the vulnerabilities above were found, many thought Wire was secure. Some probably called it “100% secure.” I’m not an encryption expert but I’ve been writing software since age 12. I’ve used many programming languages in the ensuing 36+ years of programming, so I can tell you with certainty that software with the complexity level of an encrypted messaging app will have an extremely difficult time being 100% bug free and hack free until artificial intelligence is a bit further along. That’s another topic.
An important thing to know about Telegram is there are two types of messaging you can engage in; one is “default/normal” and one is “secret”. Contrary to what the competition is saying, both types of chat are encrypted.
The only difference is that “default/normal” chats/groups go thru the Telegram servers and are on their servers until you delete the chat, which is easy to do. These chats can also be seen across all your devices. So if you start a conversation with someone while using the Telegram app on your desktop computer, then hop in your car, you can continue the same conversation via the Telegram app on your phone.
“Secret” chats/groups are peer-to-peer direct between devices, thus, more secure.
Telegram has also come under some fire for using non-standard and modified encryption protocols. There are quite a few discussions out there showing back and forth accusations and defense from Telegram devs but no one has ever shown a hack of Telegram. I think it’s mostly propaganda from competitors, government shills, and people who just prefer one of the other apps and want more people to use their favorite app. Is Telegram 100% secure? Of course not. Is it more secure than using your phone’s SMS, email, Facebook messenger, or WhatsApp? By far! More on Telegram here: https://steemit.com/privacy/@scottermonkey/telegram-private-messaging-myths-and-truth
Usability and ease matter
Is Telegram less buggy than Wire? Oh yes. Use both for a couple days and you will see what I mean. Note: This article was originally written in early 2018.
If Wire can’t even keep the bugs out of their app, how can we be confident it is “fully secure?” If I’m going to use an encrypted messaging app all day every day, useability is a concern, especially when the answer to “how secure is it?” is muddy at best and probably, they are all relatively close to each other in terms of security. It’s like looking at the various Tesla model S P60D and P85D cars and declaring one to be “slow” and another to be “fast”. No. It’s relative. Sure the P85D is faster than the P60D but most people would say they are both “fast as hell.” They differ with each other in degrees but compared to a Toyota Prius they are all fast as hell.
Feature benefits of Telegram over Wire
(b) Big and fast file transfer.
(c) Programmable bots.
(d) Send messages that self-destruct after a specified amount of time, which is especially great if law enforcement gets access to your device.
(e) You can set a lock to keep others from opening the app.
(f) FAR more popular and widespread.
Either way, you win
That’s it. Again, I encourage you to use both apps and see which one works best for you. Either way, you are increasing your own safety and the security of those around you. Thanks for managing your “ADHD” long enough to read this entire article!