Security

All you need to know about looking for the best encrypted communication apps and services

AP Photo/John Locher

Editor’s note: This article is the second in a series focusing on the best encrypted apps and services available. Content has been provided by an anonymous security and privacy professional. Readers are encouraged to confirm this information on their own.

What Should You Look for in an Encrypted Communication App/Service?

It should be independently audited for privacy/security. Many are open source, meaning that anyone can audit the source code (though an amateur being able to audit the product is not a substitute for an expert actually having done so), and that future companies’ development teams will be able to specialize on whatever feature makes their own product unique – in addition to OpenPGP, several services/apps listed are based on the relatively new Signal Protocol.

You've reached your daily free article limit.

Subscribe and support our veteran writing staff to continue reading.

Get Full Ad-Free Access For Just $0.50/Week

Enjoy unlimited digital access to our Military Culture, Defense, and Foreign Policy coverage content and support a veteran owned business. Already a subscriber?

Editor’s note: This article is the second in a series focusing on the best encrypted apps and services available. Content has been provided by an anonymous security and privacy professional. Readers are encouraged to confirm this information on their own.

What Should You Look for in an Encrypted Communication App/Service?

It should be independently audited for privacy/security. Many are open source, meaning that anyone can audit the source code (though an amateur being able to audit the product is not a substitute for an expert actually having done so), and that future companies’ development teams will be able to specialize on whatever feature makes their own product unique – in addition to OpenPGP, several services/apps listed are based on the relatively new Signal Protocol.

It should have a transparent business model, free from conflicts of interest. Ad-supported online businesses (e.g., most of the internet) are predicated on exchanging their service for information about you – i.e., if you aren’t the customer, you’re the product. Look at the permissions that apps require – are they strictly what the app’s function requires? And as seen above, end-to-end-encryption of message content, but not metadata, doesn’t really protect you from companies like Google or Facebook.

It is preferably based in a privacy-friendly jurisdiction; many countries spy on their own citizens/businesses and share intelligence. (Hushmail is Canadian.) This doesn’t guarantee anything, but one more layer of protection is always good. (I hope I’m not aiding any criminals by writing this, but protection from mass surveillance and subpoenaed records are essentially the same, in this case.)

It should be as fully featured and easy to use as an unencrypted app/service. Or else you may not use it, and certainly won’t get anyone else to.

A common, but not universal, feature of encrypted communication is ephemeral messaging, in which messages can be automatically deleted on one or both ends after a period of time. The time period can be as little as seconds, for the most sensitive of instant messages, and generally tops out at four weeks, which is more practical for most people. Ephemeral messages for “IM” or “Chat” type apps can have odd implementations, in which settings are specific to the conversation and the device, but this is getting better.

For email, “alias” addresses are also common, since end-to-end encryption makes linking accounts impractical. (Or, cynically, it’s another feature to sell to you.) Aliases are useful, so that you can limit how often you give out your regular email address (which probably indicates your name and is how you log into a lot of services), without needing to trust a forwarding service like Blur or 33Mail with a sensitive use or risk an important email going unseen in a separate inbox.

About Nick Coffman View All Posts

Nick is a former United States Marine. He primarily writes about Marine Corps Special Operations as well as digital privacy and security. In his spare time he enjoys hunting and fishing.

COMMENTS

You must become a subscriber or login to view or post comments on this article.

More from SOFREP

REAL EXPERTS.
REAL NEWS.

Join SOFREP for insider access and analysis.

TRY 14 DAYS FREE

Already a subscriber? Log In