If you knew that every piece of mail you sent was opened at the post office, read, and resealed before it was delivered, would you still feel comfortable divulging personal information in those letters? Unfortunately, SMS text messages that we send and receive may be subject to this exact type of inspection. This is why the Citizen Lab, in partnership with Open Effect and the University of New Mexico, has released Secure Your Chats: a Net Alert resource that outlines how to safely use end-to-end encryption.
End-to-end encrypted messaging is effective at protecting the content of your messages from being read as they travel across the Internet to your friends and family. Essentially, each message is scrambled and can only be unscrambled by the sender and recipient of the message. This is a powerful method to ensure that third party actors can’t access your communiques and that service providers can’t read or give up any information that you send or receive.
Many chat apps enable end-to-end encryption by default, including: WhatsApp, Wire, Signal, and LINE. However, finding a single-stop resource to help users understand encryption and select secure apps for their specific needs proved difficult.
“Many existing resources that explain end-to-end encryption are designed to make the technical side of encryption more accessible, provide detailed how-to guides, or are fairly text-heavy,” explains Andrew Hilts, Senior Researcher and Developer at the Citizen Lab. “We identified an area where we could make a valuable contribution: an easy-to-understand, visual resource explaining why everyday people should use end-to-end encryption.”
The development of this project came about by consulting with security trainers who work with at-risk communities. This helped not only identify gaps in existing training materials but also provided insight into how to best communicate this often complicated information.
A history of encryption investigation
The Citizen Lab has an active research area examining the privacy and security of mobile applications, and several reports have analyzed various cryptographic features used in apps. One such study looked at end-to-end encryption in LINE, a popular chat app in many Asian markets. The study showed that the app didn’t implement forward secrecy on its end-to-end encrypted messages (making them vulnerable to attacks if someone collected old encryption keys) and that the program’s cryptographic system didn’t follow best practices.
Jedidiah Crandall, University of New Mexico Professor and consultant on Secure Your Chats, says that following accepted cryptographic practices is an integral aspect of any app design. If engineers who are building a bridge don’t use tested materials and established practices, they are potentially putting anyone who uses the bridge in danger.
“Similarly, when cryptography engineers don’t follow best practices, it makes it impossible for independent cryptography engineers to attest to its security,” he says.
Secure Your Chats is the latest edition of Net Alert. It includes the following resources:
- A comic that presents some reasons why everyday people might benefit from using encrypted messaging apps and introduces the concept of end-to-end encrypted messaging at a general level.
- A guide on how and when end-to-end encryption isn’t necessarily enough to keep your communications secure. This presents concepts such as communications metadata, malware, and hardware forensics.
- Three features to look out for when choosing an encrypted messaging app. This series of primers describes identity verification, forward secrecy, and public best practices as features of encrypted messaging apps to be familiar with.
Reflecting the diversity of the Citizen Lab network and underscoring the goal of making Net Alert widely accessible, Secure Your Chats is available in: English, Traditional Chinese, Simplified Chinese, Arabic, French, and Spanish.
Bahr Abdulrazzak, Simon Humbert, Ramy Raoof, Lotus Ruan, and Leandro Ucciferri provided translations.
Ramy Raoof and Lobsang Gyatso Sither participated in security trainer consultations.
Net Alert is a collaborative project of Open Effect, Citizen Lab, and the University of New Mexico, supported by the Open Technology Fund.