Yahoo News Keep your texts private in Trump's America (and everywhere else, too)
So, here we are: With a new president come new concerns over surveillance powers that could so forcefully bite us in the ass.
The public has good reason to believe that President Donald Trump would love to expand data-collection programs in his administration. He's said, repeatedly, that he'd like to surveil mosques. Rep. Mike Pompeo—Trump's pick for CIA director who's likely to be confirmed in the next few days—has also advocated for expanded spy efforts. All signs point to lots of little electronic eyeballs, watching us always.
SEE ALSO: This is President Trump's first tweet as @POTUS
To be fair, Trump didn't build this machine. It was President Barack Obama who extended the Patriot Act during his tenure, and defended the National Security Agency's mass surveillance programs after Edward Snowden brought them to light.
Those powers were eventually limited by reforms in 2015. But with Trump's administration now in control, things can change. As Foreign Policy pointed out earlier this month, "Americans have been warned for decades about the potential consequences of the U.S. surveillance state—the largest, most powerful, and most intrusive in the world—falling into a would-be tyrant’s hands."
Surveillance is a complicated, sticky issue, and to maintain complete privacy while communicating online would essentially require a lifestyle change for many of us, what with our sprawling social networks and all. That said, it's relatively easy to keep your smartphone conversations secret. That's a great first step.
Herewith, some tools to help you keep your messages between friends.
Lock it down
This is simple: If you want to reduce the overall likelihood that anyone could pry into your communications, use a secure messaging app.
After Trump's election, there was a surge in downloads for Signal, a private messenger that works on smartphones. Many security experts agree that it's one of the safest platforms you can use. It’s user-friendly and was designed to prioritize privacy.
The code that Signal runs on is completely open source, meaning that anyone can analyze it to make sure it works properly. The company that created the app, Open Whisper Systems, is a nonprofit, so it has no incentive to store data for advertisers. In fact, Signal’s privacy policy states that it doesn’t store any metadata at all.
Image: Lili Sams/Mashable
Signal, like many messaging apps today, uses an end-to-end encryption system. In layman's terms, the message you send is scrambled, and it can only be unscrambled using a special "key" on the recipient's device. Whatever you say can't be intercepted by a middle man, and your words aren't stored on some server that anyone could access via a third device.
"Good encryption relies heavily on good implementation, and that comes down to how much you trust the developers maintaining the project," said Jonathan Zdziarski, a cybersecurity and forensics exper. "Most people trust [the developers] to have done a good job in designing Signal, and that’s been proven by a number of people who have analyzed the software, including myself."
"Is there room for other solutions? Sure, but I have yet to see one as proven and accepted in the infosec community as Signal," he added.
About those other solutions: They're not always great.
Not all encryption is created equal
Consider Facebook's Messenger app for a moment. It recently enabled end-to-end encryption, which would be great were it not so wonky. Most people like the app because it allows their Facebook messages to be accessed from any device—their work computer, tablet and smartphone, all at once. But messages with end-to-end encryption can't (and don't) work that way: They're sent from one device to another device.
To actually send a secure message to your friends on Messenger, you have to start an entirely new thread, tap "Secret" in the top-right corner, and go from there. Otherwise, the routine messages you sent via Messenger don't make use of the end-to-end encryption feature—which means they can be accessed on any device where your Facebook profile is open.
Moreover, if you do take the proper steps and send an encrypted message to your friend, they'll end up with a sketchy notification on their phone, masking your identity and the message's contents:
It's a bit inelegant, and there's plenty of room for error. You might select the wrong thread and ping a secret into your friend's normal inbox, which could be accessed by her gross little brother or, say, secret police. (Who knows? These are strange times.)
Meanwhile, Apple's Messages app—the default program you use to send texts on your iPhone—has the opposite problem. iMessages (texts sent between iOS devices) are automatically end-to-end encrypted, but messages sent to Android devices aren't. So, you could find yourself lulled into a false sense of security that's ruined when your green-bubble friend inadvertently narcs on you.
Apps like Facebook Messenger and Apple Messages have an obvious appeal: A lot of people use them already. They're convenient. And while you might want to use a secure messaging app, they're mostly useless if your friends aren't on board.
Unless your friends already use the most popular messaging app in the world: WhatsApp. It's arguably less secure than Signal (more on that in a minute) but it's more user-friendly and messages are protected enough to satisfy most privacy-loving people.
“For some people, more useable and less secure is better,” cryptology expert Bruce Schneier explained.
Decreased security means increased risk—to wit, The Guardian recently reported on a security "loophole" in WhatsApp, and this backdoor supposedly makes your messages susceptible to snooping. But the issue isn't something average smartphone users need to worry about; it's more of a concern to people who switch their SIM cards all the time.
“In the full scheme of things, this is a small and unlikely threat,” wrote Zeynep Tufecki in an open letter co-signed by more than two dozen security experts calling for The Guardian to retract their reporting. The newspaper responded and has walked back some of their language.
WhatsApp’s headline-making vulnerability might have little impact to most users and/or be overstated, but their servers can still detect users' messages send through the service. The end-to-end encryption protects the company from seeing what the messages actually say, but they can still see that you’re sending messages in the first place.
Another problem is that WhatsApp retains your contacts. When you first use WhatsApp, you’re encouraged (but not required) to sync your phone’s contact list with the app.
Since WhatsApp retains the details of your contact list, it could theoretically share this information with ne'er-do-wells if was compelled to do so by a government request or court order. This came up in an Intercept story from last year, and WhatsApp confirmed on Friday that their policies on contact information have not shifted since then.
Jason Hong, a privacy and security expert who teaches at Carnegie Mellon University, suggests you look to the pros when choosing your apps.
"The strongest signal is just look at, what do all of the cybersecurity experts use? What are they recommending?" said Hong.
A false sense of security
You can pick and choose which technology you use every day, but you have limited control over what happens from there. Different groups administer each messaging app; who knows what shifts in priorities and motivations the future might bring.
Facebook could decide the code behind WhatsApp should change. Whatever CEO Apple has 20 years from now might prefer to make things easier for law enforcement. These are not far flung ideas: Evernote, the popular note service, proposed a new policy just last month that would have let its employees read users' documents. (The company walked it back following an outcry.) Shortly after Google Photos was introduced, Android users discovered it would continue to upload their photos even if the app was uninstalled.
There's uncertainty when it comes to our privacy online, in other words. And it remains to be seen what the Trump administration will bring.
"It's a really unclear situation with the new people coming in," Hong said. "We'll just have to wait and see."
Signal and WhatsApp are fine enough recommendations for right now, but you'll want to stay on top of this stuff. Technology is not a constant—it twists and evolves as time goes on. A product you trust could change. Something new could come along.
For now, there are a few good options to keep your communications secure, but the truly paranoid would do well to recall an old Soviet saying: "This is not a phone conversation."
Put another way: "I'll tell you in person."
