Encrypted Instant Messaging

What is Encrypted Messaging?

Encrypted Messaging refers to messaging protocols that can only be read by the people involved in the message. The messages are encrypted in between sender and reciever so spies and eavesdroppers can't read them.

Why do I need Encrypted Messaging?

Regular SMS text messages can be read by your phone's provider, providing no security for any sensitive information you might send over text.

In the United States, Stingray devices are on the rise. These are mobile cell towers that - without knowledge or consent from the user - capture the content of your phone calls and text messages if you are in range., even if you're not the target of them. This can include sensitive information, which the police are not obligated to discard even if it is irrelevant to their investigation.

What should I look for in an Encrypted Messaging Service?

The most important thing is to make sure the person you're contacting is using the same service as you. These services only work if both parties are using the same encryption system.

AVOID: WhatsApp and Telegram. WhatsApp is owned by Facebook, who has a notoriously abysmal privacy record. WhatsApp is notorious for collecting metadata, which is often just as harmful as the content itself. Telegram, likewise, is a proprietary code so we can't tell what secret data it may be sending behind the scenes. Additionally, messages are not encrypted by default and group messages cannot be encrypted at all.

Product/Service Pros Cons

Matrix
  • Open-Source
  • Completely Free
  • Available on all operating systems
  • Can be bridged to communicate with other services such as Slack, Telegram, Signal, Discord, Facebook, and more.
  • Does not require any personally identifiable information to sign up, allowing for anonymous accounts
  • Decentralized
  • Can be self-hosted
  • Not End-to-End Encrypted by default, encryption must be turned on by the user
  • Because of it's flexibility, it can be a little overwhelming to set up and adapt to.
  • Not audited

Signal
  • Open-Source
  • Completely Free
  • Available on all operating systems
  • Incredibly easy to set up
  • Audited
  • Uses phone number as a username
  • Based in the United States network)

Wire
  • Open-Source
  • Audited
  • Supports usernames, allowing you to not reveal your phone number to others
  • Available on all operating systems

Wickr
  • Open-Source
  • Supports usernames, allowing you to not reveal your phone number to others
  • Available on all operating systems


Encrypted Email

What is Encrypted Email?

Encrypted Messaging refers to messaging protocols that can only be read by the people involved in the message. The messages are encrypted in between sender and reciever so spies and eavesdroppers can't read them.

Why do I need Encrypted Email?

Email providers like Google, Yahoo, and others regularly read your emails for a variety of purposes such as advertising and training their AI. The fact that these communications are readable by employees (even if only certain ones) means that any sensitive information is not safe and can be potentially stolen.

In the United States, police do not need a warrant to access emails older than six months.

What should I look for in an Encrypted Email Provider?

The most important thing is to make sure the provider promises "zero knowledge" or "end to end encryption." This means that the provider can't read your emails even if they want to without you giving them technical access.

Make sure to see how the provider makes money. Running an email server is expensive and requires great technical knowledge. "If a product is free, you are the product." Make sure the company has a viable business plan or else assume they are likely selling your data, which compromises your privacy and security.

NOTE: encrypted emails only work with other services using the same encryption protocol. For example, two ProtonMail users are encrypted all the way, and a ProtonMail user emailing a Gmail user who uses PGP have successfullly encrypted their communications, however a ProtonMail user emailing a stock Gmail user without PGP loses encryption, and both sender and reciever emails can be read by Google. In short, the easiest way to ensure your emails are as private and secure as possible, you should both be using the same provider, although there are sometimes exceptions to this rule.

Product/Service Pros Cons

ProtonMail
  • Open-Source
  • Offers a free tier (makes money by offering paid premium features)
  • Includes a free-tier VPN account
  • Based on PGP (you can securely email other providers as long as the recipient is using PGP)
  • Based in Switzerland

Tutanota
  • Open-Source
  • Offers a free tier (makes money by offering paid premium features)
  • Based in Germany, a country known for strong privacy laws
  • Does not work with PGP (emails can only be encrypted to other Tutanota accounts)
  • Based in Germany