How to choose a “secure” messenger.

Yesterday, a user on our forum opened a thread asking about the differences between secure messengers. Rather than listing a bunch of different messengers and their features, I thought I should start off by defining “secure”, and other key terms in the context of instant messaging. This is because a messenger that is “secure” for me, does not automatically mean it is “secure” for someone else.

First of all we need to deconstruct the meaning of security, let’s start with the acronym CIA: confidentiality, integrity, and availability. Confidentiality means that only the intended parties were able to read the message. Integrity means being sure that your message is not modified before it arrives, this is something most people take for granted. Lastly comes availability, which means to ensure that all parties receive proper access to your messages. You can read more about this here if you are interested.

So we want a “secure” messenger, what should we look at?

The answer to that is four things: security, privacy, anonymity, and usability.

Now we understand the most important facets of secure messaging, we have to talk about threat modeling.

Threat modelling is something you have to do before choosing your messenger; this is because there is no one ultimate messenger that works universally for everyone. Few people seem to understand their threat model well. To start threat modelling there are a few questions you can ask yourself:

Okay, I have thought about my threat model; what's next?

Once you have threat modeled, and know what you are protecting from whom, we can start looking at some of the messengers out there. Let’s consider two examples:

Signal: Signal is an open source, end-to-end encrypted, private messenger. It is very easy to use and does not require users to know anything about cryptography or security in general. It provides privacy by end-to-end encrypting messages and calls, and because it is so darn easy to use, it will make the task of moving your contacts over to a new messenger a bit easier. However, since Signal requires a phone number to register it is not, and has never claimed to be, anonymous. Note that it is possible to setup signal anonymously, but this is generally a hassle and also requires your contacts to do the same.

Briar: Briar is an end to end encrypted messenger which utilizes the Tor network to stay anonymous. Briar works as a peer-to-peer messenger (meaning there are no servers forwarding messages between users) inside Tor, your metadata and message content are protected. The downside of Briar’s peer-to-peer nature, is that both parties must be online at the same time to send messages, which harms usability.

Now, picture if you or a contact believes you may be targeted by government agencies, Briar would be a better choice to keep your identities safe. This is because while Briar is not the most convenient service, it will not expose metadata that could reveal your who, when, or even whether you interacted with another user at all.

Or imagine you are an average citizen conversing with friends or family about non-sensitive topics, Signal would probably be more appropriate. Conversations in Signal are end-to-end encrypted and private, but due to the use of phone numbers it is possible to identify users’ contacts and other metadata. The key benefit of Signal is that it is extremely easy to use, essentially the same experience as WhatsApp, so less privacy/security conscious users are more likely to stick with it.

Okay, so we have a threat model and know the difference between security, privacy, anonymity, and usability. Now how do I know which messenger provides what?

Good question! There are a few things one can look out for when choosing a messenger:

Remember, sometimes it is better to settle for a less than perfect solution, if it offers superior usability that will help keep your contacts away from less secure alternatives. For example, getting your family to join Signal, or even something as bad as WhatsApp is a huge improvement over SMS, this is because SMS is send in plain text. Sure, it's not anonymous. Sure, you will leak metadata, but it's already a big step up in security, and you’re better off with that, than trying to get them to use your ultimate secure anonymous private messenger that is a pain in the ass to use, and watching them run back to using SMS instead. As Voltaire put it: Perfect is the enemy of good.

Well, this post turned out longer then I thought it would! Anyway, I hope you now have a clearer picture of how secure messaging works, what the differences are, and how you can pick a secure messenger according to your needs. Oh and if you want to join the discussion on this topic and future topics. you can find me at our Mastodon instance or at our new forum

That’s it for today folks, see you later!

About the author Other articles by this author