I was going through some of the analytics logs for this site, and I came across a huge increase in readership month-to-month. When I investigated further, it turns out that my post on Outlook 2016 and PGP/GPG was accounting for over 50% of all traffic. Turns out people are getting more and more into security, whether because of the Snowden leaks, the Clinton email issues, all the recent hacks, or just a general sense that they need to be more secure when communicating.

Not that long ago, after the FBI tried to get Apple to give them a backdoor to the iPhone, WhatsApp released an update to their application that supported full end-to-end encryption. After investigating some of the features, I decided to start using the app for secure messaging--sending secure codes, etc. Although I don't use it for regular communications--hard when most people are used to things like iMessages, SMS, or Skype--it's a good tool to have around for quick, secure messaging.

WhatsApp offers end-to-end encryption through the Signal Protocol (for messages), which has since been adopted by Facebook Messenger and Google Allo. This encryption sits on top of a basis of standard computer science cryptography algorithms, such as AES-256. WhatsApp has been explicit that they cannot read your messages, and because of the handshake implementation between sender and recipient, only the two people in the conversation chain can read the conversation. WhatsApp also uses a custom implementation of XMPP (the Jabber protocol), which doesn't have to do with security, but shows that WhatsApp is staying as tight as possible to standards. WhatsApp is also primarily written in Erlang, which powers about 50% of all services in the telecom industry.

A few caveats of WhatsApp:

If you save your messages on their server as a backup, there is no guarantee of the same security as the end-to-end encryption, so be sure to turn this feature off. Also, if somebody steals someone else's phone, or if that person keeps your messages stored, they can still be viewed. Security is only as good as your weakest link, which in this case, is always the human element.

WhatsApp is also owned by Facebook, which has a checkered history when it comes to privacy. In fact, recently WhatsApp has informed its users that they will begin to share certain data points with Facebook, but they did offer an ability to opt-out. Still, with a parent company whose entire business is based on user data, this isn't too encouraging.

What is an alternative? Wickr. If you've watched any of season 2 of Mr. Robot, you've seen Elliot and his friends using a mobile messaging app that auto-destructs messages. This is a real app available on iOS and Android (as well as other platforms) from a company founded by security experts.

From the Wikipedia page:

All communications on Wickr are encrypted locally on each device with a new key generated for each new message, meaning that no one except Wickr users have the keys to decipher their content. In addition to encrypting user data and conversations, Wickr strips metadata from all content transmitted through the network.

Either app is a good choice for secure messaging. I started off using WhatsApp until finding Wickr. I still use WhatsApp for some communication with friends, but am hoping to slowly move most secure communication over to Wickr little by little.

(Photo by Hernan Pinera)