A Signal For Change: Increased privacy with encrypted text messages

Globally, people are shifting towards using text messaging as their primary form of communication. This means the security of text messaging is becoming more critical than ever. This blog post discusses an application that allows your texts to be encrypted.

The era of the phone call is dead. I knew it was happening when my parents started texting me more than they called me on the phone, and it became official when my 85 year old grandmother got an iPhone and sent me her first text. In fact, whenever I visit, her phone is constantly humming with incoming texts from friends and family (I’m pretty sure she’s more popular than me).

Globally, people are shifting towards using text messaging as their primary form of communication and, as this shift occurs, the security of text messaging is becoming more critical than ever. Unfortunately, the infrastructure that text messages travel on is outdated and inherently insecure, allowing the possibility of interception by third parties. Unless you use an application that allows your texts to be encrypted, you are vulnerable to a third party snooping on your conversation.

You see, SMS text messages are plain as day, or should I say, plaintext. This means that what you see is what you get, the text is completely readable when it leaves your device, as it is not encrypted. Encryption, however, adds a layer of privacy by essentially taking that text and locking it in a box with a key that only you have. This way, as the text message traverses across the network, even if it’s intercepted it cannot be read. The default messaging applications on both iPhone and Android don’t utilize encryption, which means all messages are sent in plaintext.

At last, something that users of either device can agree on: the need for encrypted text messages! So how does one go about enabling this? Let’s break it down by device.

As you may recall from the FBI vs. Apple case last spring, iMessage (Apple’s SMS replacement) supports end-to-end encryption. By using iMessage, you’re essentially switching on encryption for text messages. The caveat is that it only works when communicating with other iPhones that have iMessage enabled -- not to mention researchers have broken the encryption before. Still, this is a step up from the default messenger application on Android phones, which does not allow for encryption of SMS messages in any shape or form. Thus, without a solid proprietary solution on either device, the best option if you want end-to-end encryption is to install one of the myriad of messenger applications that do support it.

Perhaps the best application for the job is Signal. It’s the gold standard for encrypted communication; its protocol (the Signal protocol) is used by other applications such as WhatsApp, Google’s Allo, and Facebook messenger. The creators of Signal designed it in such a way that only the sender and receiver have the encryption keys. With iMessage, however, Apple stores the user’s public key on their servers.

Installing the app is very simple, it’s available on both Android and iPhone through Google Play and Apple Store respectively. There’s even a desktop application that you can install via Chrome or Chromium and link up to your phone, similar to iMessage. For an open source app, Signal’s interface is beautiful, refined, and easy to navigate. One would never guess that they are chatting securely, it’s simply second nature, as the keys are generated automatically without any input from the user.

You can verify the identity of any of your contacts by verifying their safety numbers (or “fingerprint”), a unique string of 12 pairs of 5 numbers by either scanning their QR code or comparing the string of numbers in person. Your texts will only be encrypted when you start a conversation with another Signal user, but don’t worry, you can still use Signal to send normal, unencrypted SMS messages to contacts that don’t have the application.

The toughest aspect of using an application like Signal may be actually getting your friends, family, and colleagues to use it. If people don’t believe in incorporating privacy tools into their daily lives, the idea of having encryption as a part of our underlying infrastructure begins to fade. The best form of security is that which is out of sight and just works as intended. In our current state of broken SMS, Signal keeps alive the idea that we the people have a reasonable expectation of privacy.

The data that you generate on a daily basis, whether it be a text message, a phone call, or an email, is a part of you. This data is as real as your tangible self; your thoughts, your ideas, your expressions, even if they take the form of a text message, are all aspects of you that can be exploited and misconstrued if taken out of context. Isn’t it worth protecting? In my mind, it is.

Further Reading

I encourage you to check out Open Whisper Systems’ privacy policy, it’s the only one you’ll ever want to read because of how short it is. Unlike other companies, Open Whisper Systems doesn’t store any data other than the bare minimums (phone number, push tokens, and profile information).

For a complete, comprehensive guide on installing Signal on iOS, check out this handy guide from the Electronic Frontier Foundation. For users of both Android and iOS, The Intercept has a great guide on optimizing your privacy with Signal.

If you’re a Windows phone user, all hope is not lost. While Signal is not available on Windows phones, there are some other options for encrypted SMS. Check out WhatsApp for any Windows device running Windows 8 or higher. WhatsApp uses the Signal protocol, allowing end-to-end encryption for all text messages sent through the application.



Close off Canvas Menu