One Tech Tip: How to protect your communications through encryption

Article content

LONDON (AP) — After a sprawling hacking campaign exposed the communications of an unknown number of Americans, U.S. cybersecurity officials are advising people to use encryption in their communications.

Article content

Article content

To protect against the risks highlighted by the campaign, which originated in China, federal cybersecurity authorities issued an extensive list of security recommendations for US telecommunications companies – such as Verizon and AT&T – that have been targeted. The advice includes one piece of advice we can all apply to our phones: “Make sure your traffic is end-to-end encrypted to the greatest extent possible.”

Article content

End-to-end encryption, also known as E2EE, means that messages are encrypted so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is distortion that cannot be decrypted without the key.

Law enforcement officials have so far resisted this type of encryption because it means the tech companies themselves will not be able to view messages, or respond to law enforcement requests to hand over data.

Here’s a look at the different ways everyday consumers can use end-to-end encryption:

Text messages

Officials said the hackers targeted the metadata of a large number of customers, including information on dates, times and recipients of calls and text messages. They were also able to see the content of texts from a much smaller number of victims.

If you’re an iPhone user, information in text messages you send to someone else who also has an iPhone is encrypted. Just look for the blue text bubbles that indicate they are encrypted iMessages.

The same is true for Android users who send text messages via Google Messages. There will be a padlock next to the timestamp of each message to indicate that encryption is on.

Article content

Article content

But there is a weakness. When iPhone and Android users send text messages to each other, the messages are only encrypted using Rich Communication Services, an industry standard for instant messaging that replaces older SMS and MMS standards.

Apple notes that RCS messages “are not end-to-end encrypted, meaning they are not protected from being read by a third party while being sent between devices.”

Samsung, which sells Android smartphones, also alluded to the issue in a footnote at the bottom of a press release last month about RCS, saying: “Encryption is only available for Android-to-Android communication.”

Chat applications

To avoid exposure while trading texts, experts recommend using encrypted messaging apps.

Privacy advocates are big fans of Signal, which applies end-to-end encryption to all messages and voice calls. The independent non-profit group behind the app promises to never sell, rent or lease customer data, and has made its source code publicly available so anyone can audit it for “security and health.”

Signal’s encryption protocol is so reputable that it has been integrated into rival WhatsApp, so users will enjoy the same level of security protection as Signal, which has a much smaller user base. End-to-end encryption is also the default for Facebook Messenger, which, like WhatsApp, is owned by Meta Platforms.

Article content

What about Telegram?

Telegram is an app that can be used for one-on-one chats, group chats, and broadcast “channels,” but contrary to popular perception, it does not turn on end-to-end encryption by default. Users must turn on the option. It does not work with group chats.

Cybersecurity experts have warned people against using Telegram for private communications, noting that only the opt-in “secret chat” feature is end-to-end encrypted. The app also has a reputation as a haven for scammers and criminal activity, highlighted by the arrest of founder and CEO Pavel Durov in France.

Make calls

Instead of using your phone to make calls over a wireless cellular network, you can make voice calls using Signal and WhatsApp. Both apps encrypt calls with the same technology they use to encrypt messages.

There are other options. If you have an iPhone, you can use Facetime to make calls, while Android owners can use Google Fi, both of which are end-to-end encrypted.

The only problem with all of these options is that, as with using chat services to send messages, the person on the other end will also have to install the app.

WhatsApp and Signal users can customize their privacy preferences in settings, including hiding your IP address during calls to prevent your general location from being guessed.

___

Is there a technical topic that you think needs explanation? Write to us at onetechtip↕ap.org with your suggestions for future versions of One Tech Tip.

Article content