Nowadays there are literally dozens of kinds of messaging apps out there. Some of them claim to be completely secure and protected, using advanced encryption algorithms and publicly protecting the privacy of their users, which can sometimes lead to such services being blocked in certain countries (as happened to Telegram in Russia).
However, in real life, such things have little in common with real security. Protected messengers can still be hacked by cybercriminals (sometimes state-backed), while others are owned by corporations that do not care much about privacy.
With all these problems choosing a really secure messenger is not an easy task. Today we’ll talk about what such apps should really look like.
Modern messengers are most often either centralized or P2P-based. In both cases, users’ data may be compromised and stolen. When you have a centralized messaging service, malicious actors just need to hack the core system to get full access. In P2P apps, messages are stored only on the devices participating in the communication. This means that if you need to steal data from a certain person, it is enough to just compromise or steal the device.
Even those messengers that claim to be the most secure out there and that use disappearing message technology can sometimes reveal your data. Latest case: Signal’s clients with Mac-stored messages that are set to self-destruct on the operating system’s notifications bar (where they could be accessed by anyone who, say, hacked your laptop).
These problems could be avoided by using blockchain technology. There are messengers such as ADAMANT which store all encrypted messages in the distributed blockchain. As a result, no information is stored on the device, and no central server can be hacked to retrieve the data. End-to-end encrypted messages can never be read by third parties.
The source code of almost all modern communication apps is closed. Such services are mostly run by private companies or large corporations which do not want to be transparent and help independent security researchers with their audit.
This means that there is always the probability of a band engineering solution that could lead to security flaws — like it was with Signal’s Mac app.
Very rarely, a team behind a certain messenger decides to open its code for public review as the Wikr app developers did last year.
However, it is always better when the whole development process is transparent from the very beginning, as it is easier to trace errors step by step.
Focus on privacy
Almost all messengers require direct access to the user’s contact list, email address, or telephone number. If some data is collected, there is always the probability of a leak. Even the “secure” messengers do this, which means that privacy is just a PR and marketing term here.
Your information can be transferred to remote servers, and you’ll have no control over how it could be used. The source of this problem lies in the monetization model. Nowadays most of the messengers are free. But this is just impossible — nothing is free in this world. If the app itself is free, it just means that developers have to monetize your data, or you directly, and the bigger user base the service has, the more money it can attract from VCs or an ICO.
As a result, your data can be accessed by many other companies, which, in turn, may be hacked. The government can always identify you even if you are using the so-called “most secure” app. Or, even simpler, authorities can just block services that require too much effort to hack, forcing users to switch to less secure alternatives. This has already happened to Telegram in Iran and Russia.
To avoid such risks, your messenger should not be free. For example, users of ADAMANT pay a small fee in cryptocurrency for the delivery of each of their messages. This model allows them to avoid the collection of any personal information including address books or phone numbers. Not sharing your data with an app is the most secure approach to messaging.
Blockchain technology allows the solving of three main security problems of modern messengers. In the new paradigm, developers can no longer focus on PR and marketing trying to attract more users, collect their data, and monetize it. Instead, they will concentrate on building decentralized solutions which do not require the sharing of any personal information