jrswab

No-fluff tutorials and privacy-focused tools for the modern productivity-minded developer.


You Need Secure Chat Apps

Categories: [Technology]
Tags: [security], [privacy], [encryption], [apps]

Secure chat is a topic that I am always looking into because I believe we all have a right to privacy. Searching new apps that come onto the market to see if they have default encryption are open source and respect the users.

Encrypting our chat does not mean we have something illegal to say or share. It merely means that we do not want the world to be able to hear or read what we say to the other individual.

Conversational privacy is very common in everyday conversation, and we do not assume that someone outside of the room or building will hear what we say. Even if the discussion is not meant to be confidential, we still expect a level of privacy.

So the question is, why would we communicate over the internet in a way that opens our conversation to anyone willing to take the effort to read or listen. Something said today might be standard and unworthy of reproduction, but that does not mean tomorrow it won't be.

The changing of laws in a country could mean that what you said years ago is no longer legal and now puts you at risk of imprisonment. A good reason to keep our online chats encrypted and private. But there are also bad actors outside of rogue governments that we should be wary of when it comes to our everyday conversations.

Any cracker (a malicious hacker) can use our unencrypted chats logs against us without much effort. If they can read our conversations because they are unencrypted and in plain text, they could learn enough to guess security questions. They may even be able to use that same information to steal credit card numbers or pretend to be us.

Never assume you can go without encryption because you have nothing to hide. We always need to protect our information from those looking to exploit it at our expense.

There are a few ways to protect your chat logs. The first step is to choose a well-designed app that allows you to encrypt your conversations and should do so by default. The second step is to make sure your connection is secure from peeping eyes with a VPN or the app called Orbot.

Orbot nor a VPN will make you anonymous online but will encrypt your traffic to make it hard for man-in-the-middle attacks to spy on your data via the local WiFi hotspot.

Orbot

Orbot, created by the Guardian Project, is an app is a free proxy that will enable you to fore other apps to send their internet traffic over the Tor network. After Orbot tells your apps to use Tor to encrypt your information it then sends the data through server computers across the world. This bouncing hides the encrypted data from an attacker looking to see where the data originates.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis. - The Guardian Project

Orbot Features:

Chat Apps

Now that we have Orbot on our device we need to get a chat app that allows us to encrypt our data. The most popular app for chat is Whatsapp as far as I can tell. Whatsapp does claim to use encryption, but the problem I have is its closed source nature. Because of their lack of openness, we can never be 100% sure they do as they say.

Riot.im

Riot is one of the chat apps I used almost daily. It allows the user to connect to IRC channels that get bridged to the Matrix service which is the main reason I use this app. Recently a friend of mine created an account, and we started a private chat, but encryption is disabled at the start. So, if you want to use this as your main chat app make sure to enable it every time or else your privacy is limited.

Zom

Zom is a new one for me, and I know of no other person that has the app at this time. It's very well created from what I was able to play around with and sets the user's preferences to encrypted by default. I like that a lot because the less hassle it is to use an encrypted chat the more people will stay protected.

Wire

I started to use Wire about a year ago for my family group chats since it enables encryption by default and it can not be disabled. It's a well-designed app with a lot of features to rival apps like Google Allo and Facebook Messenger. The only issue is from a report that Wire stores all our contacts in plain text so if an attacker gets into their servers that information may be at risk.

Tox

Tox is my favorite secure messaging app. With zero centralized servers, it is completely peer-to-peer. Encryption is on by default and can not be turned off. Of the two clients I have used so far, it's easy enough for the average person with no cryptography knowledge to use. I can't say that is it is as easy as wire but still not a hassle. Since it is all peer-to-peer, it's worth the effort I may need to put in to get my friends and family on board.

Tox is a FOSS!

Tox Clients

Extra Security Measures

  1. Never assume you are secure.
  2. Always make strong passphrases, not passwords, with dice.
  3. Enable Orbot or a VPN to hide your internet traffic from your ISP or that coffee shop.
  4. Use a password manager, like Bitwarden, to help prevent phishing attacks.
  5. Never give out identifying information to someone you never met.