In today's world we exchange data readily and reveal so much of our intimate lives over messaging platforms. These platforms know not only where we have been but also who we have talked to and what we have discussed. They have access to our address books, calendars, locations and pictures. Increasingly external entities are gaining the ability to know and map more parts of our everyday journey of life to the extend where they right now understand in some ways more about us then we understand about ourselves. This may under certain circumstances be a good and desired thing but it is not always the case.
We are not in control and neither are only the good use cases certain or guaranteed. In this context it is desirable to occasionally take a step back and analyse the security of each medium and what measures they have put in place to protect us by safeguarding our privacy. This is exactly what the Electronic Frontier Foundation (EFF) is aiming to do with its Secure Messaging Scorecard.
Vendors may claim to protect privacy but how do we check this? Do they have enough measures in place to protect us from ourselves, everybody else and even the them? Many are offering only privacy on the surface while accessing our communications in ways not seen before on the backend to generate user profiles for advertising and other yet to be disclosed purposes. This is being driven by a change in the business model as users no longer expect to pay to be connected to another party. Hence, businesses offer the connection service for free and charge only the basic bandwidth costs but instead make the profits by harvesting our personal information for resale to other interested parties.
Another trend is that data is becoming perpetual as the costs of storing information rapidly approaches zero. Message exchanges previously were ephemeral which meant that our exposure was usually limited over time unless calls were being tapped or otherwise recorded in that moment. Snapchat and others may be trying to bring back this temporary nature of the exchange with features that allow messages to expire but this is unlikely to become ubiquitous nor does it offer any added protection if the underlying infrastructure allows eavesdropping. The fact is that now all communication in every form whether it be calls or text messages are being tracked on some level everywhere because it is less expensive to do and technically feasible as revealed by Edward Snowden and theguardian.
Our basic telephone services were never encrypted or secure to begin with but at least monitoring required significant effort and was temporary but now our messages are being archived to form a de facto permanent record. Furthermore, our governments driven by the need to ensure security and the urge to prevent terrorist atrocities and the corresponding random mass acts of violence are joining in on the act. They are proposing new laws and expanding powers to the spying agencies of the world.
This is why you need to pay attention when services implement things like Perfect Forward Secrecy. When they encrypt the connections between datacentres and when the keys are generated between the devices in a manner that prevents even the company selling the service from deciphering the data. Things like these along with Two Factor Authentication can reduce or even eliminate episodes like The Fappening and The Snappening.
Pay attention to projects such as Open Whisper Systems and CryptoCat. Do give apps like Telegram and TextSecure a try. Most importantly read the full Secure Messaging Scorecard today.