End To End Encryption On SMS And Messaging Platforms

Posted on February 9, 2021

Why It Matters

While the end to end encryption, or E2EE, is one of the simplest encrypting tools around, it is also the only reliable technique to protect your data from anyone luring between you and the person you are sending a message to. Regretfully, only a handful of SMS and messaging platforms use this option, and most government institutions avoid it because it reduces their operating speed. While this may be true for the obsolete systems used by government agencies, it is not for a regular user, as both premium VPN providers and the best Instant Messaging Apps offer this type of encryption without any reduction in internet speed and only minimal processing power usage.

There are only two reliable ways to protect your information when you are chatting someone up online. The first option is the IT equivalent of abstinence, as you should share as little as possible of your private life and sensitive information online. Regrettably, this is not always possible. The other option is using a VPN on all of your devices that will operate an E2EE. Apart from using first-party software in your company, this is the only reliable solution to secure all of your chats and messages right now.

While all VPN providers should encrypt their services with an end to end encryption, free VPN apps usually sacrifice this feature to promote larger speeds. To have the best from both worlds, you will need to use a reputable, professional VPN provider, such as OpenVPN, that offers both good speeds and a necessary E2EE connection.

Saving What’s Left of Our Privacy

For anyone being casually aware for the last two decades, our privacy has been under attack from multiple sides. While the media would like to portray the risk coming from lonely hackers wearing ski masks for some reason, the truth is that threats come equally from governments, large corporations, different institutions, and malicious individuals. On top of all that, there is a lot of malicious software that tries to collect some pieces of our personal data. This is usually so that it can provide us with better ads but often leads to something much worse.

Finally, because of social media, much of our basic information is already out there. Our names and phone numbers are usually connected with our profile picture. Because of this, it is of utmost importance to use a VPN and connect all of your devices, especially your mobile phone, to connect from a secure server.

Who is Eying Your Data and Why?

Three major groups would really like to know every move you make and every breath you take. The biggest one of those is not the Gotham Cities Commissioner Gordan, but the actual police, or more accurately the government behind it. Domestic governments use this for either censorship or security, depending on the country, and foreign ones are usually more interested in financial information and political ideology that citizens of another country might have.

Short of a few countries that wish to control the internet access of their citizens quite a bit, and average internet user will rarely see any consequences from governments spying on them.

This can’t be said for corporations, which are the next group in line. Corporations would want to have as much data on you as possible, and the recent scandals have shown that they are not beyond breaking the law to get there. Everything is done to record your internet patterns to provide you with ads that you won’t be able to miss and determining which services they would be able to charge you more. In general, companies like Google, Apple, Microsoft, or Facebook collect about $9 worth of data from each of their users daily.

What Data are Cybercriminals After?

Finally, although individual cybercriminals are the least numerous group from the bunch, their attacks have the biggest impact on their victims. Namely, individual hackers are either looking for financial data or sensitive personal data. Financial data, such as your passwords, social security numbers, or saved banking logins are usually used in identity theft. While a timely response might save you from someone draining your bank account, it is possible to destroy your credit rating by making credit card debt, or even taking out online loans in your name. Even if you solve the problem, you might have issues for years to come from this one incident.

The second and often neglected information is your private correspondence. This may include anything from discussions about work to romantic texts and images. Hackers often take these messages and try to ransom them from you. The trouble is that paying would rarely make them stop, and later pushes them into blackmail long term.

The only way to protect your messages is to have an end to end encryption, and the safest way to be sure that everything you are doing is encrypted is to have a premium VPN installed on all of your devices.

What is End to End Encryption?

Not to go in too much technical detail, an E2EE connection means that there is a private key that only the sender and the end recipient have that decrypts the information sent. These encryption keys are quite long and complex keys and are nothing like a simple password. For anyone in the middle, the message you have sent would seem like gibberish, even if they would be able to intercept them.

This solution is very simple and quite similar to the ‘’decryption rings” that used to be in cereal boxes. Anyone that has the ring can read the message easily, and those without one just see random letters and numbers.

How does End to End Encryption Work?

To use the favourite couple in cryptography, Mark and Eve, as an example, it is very easy to understand how an E2EE (end to end encryption) connection works, and what happens when there is no such safety measure.

Mark and Eve want to communicate through the internet, but don’t know what sort of medium is between them, and they don’t trust it. There might be compromised servers, faulty nodes, or some malicious entity lurking between the two that can intercept their message and steal their information. That is why they are using an end to end encryption to make their messages safe.

Once the connection is established, two personal keys are made, one for Eve and one for Mark. These keys are very large prime numbers that very few humans can cite, especially as Prof. Hawking is no longer with us. These two numbers are shared between Mark and Eve and multiplied to create a public key encryption. This key can be intercepted, but without knowing how it was multiplied, it is nearly impossible to reverse the calculation, except if you have one of the numbers.

Now, when Mark wants to send a message to Eve, this data is encrypted with the public key, and decrypted with Eve’s private key. Anywhere between that the data is severely scrambled and impossible to decode. Read more on how data encryption works in our article here.

End to End Encryption Everyday Uses

In most cases, E2EE is used to secure personal and business conversations between people. Two decades ago it was only possible to do this on Short Message Systems, or SMS, while most phone calls couldn’t have been recorded digitally in the first place. With the development of the internet the risk of some software collecting your data increased exponentially, but so did your options when it comes to encryption.

Regretfully, many government institutions and large companies don’t want to use this type of encryption as it can slow correspondence down a bit. This small lack of patience often results in major data leaks and following lawsuits.

Similar to Mark and Eve, you shouldn’t trust any medium to be secure unless you have made it secure yourself.

End to End Encryption: The Top 6 Messaging Apps

Instant message apps, or chat apps, are something that most of us use every day. By current generation etiquette, it is even considered rude not to send a message prior to calling and to ask if you can call directly.

Technically, even the basic SMS app on your phone is a chat app, with stock Android users using the Google Messages app and iOS using an app of the same name, but from Apple. As these are widely considered not to be secure, people usually exchange these apps for something better, such as Whatsapp.

As these applications are one of the biggest sources of interpersonal communication, they are an often target of hackers. Using an unsafe app can be troublesome as you never know who might be looking. While you don’t think you are oversharing when chatting with friends, or that the data you are sending is not important, there is software that can go through thousands of messages as to find something that they can use. Encrypted messaging is the only way to be sure that your info is really safe.

Most popular global mobile messenger apps as of October 2020, based on number of monthly active users - Source: Statista.com

#1 WhatsApp

E2EE Rating:

WhatsApp is the most popular chat app in the world, and for a good reason. The main selling point for WhatsApp users is that it has a simple and reliable E2EE connection that is safe and secure for all parties. Additionally, there is very little involvement from WhatsApp in the encryption process, meaning that even if someone were able to break into the company files, your data would still be secure.

There are some issues with WhatsApp, which it shares with almost all apps. While the data you are sending is secure, your location and phone number are not. If combined with some other data points this can make a huge issue, and that is why you should still have a good VPN even if using WhatsApp.

#2 Viber

E2EE Rating:

Viber used to be a contender for first place with WhatsApp at some point but is now fairly far behind. This is not due to safety, as it offers a comparable amount of protection, but mostly due to the app being a bit clunky.

Generally, the same rules apply here as well. Use a VPN, and you will be good.

#3 Signal

E2EE Rating:

Signal is a new-comer and is one of my personal favourites. If full end-to-end encryption is what you're after then Signal is the app for you.

Unlike Telegram, Signal doesn't give it's users the option when it comes to end-to-end encryption-It's built into every single conversation. This includes message sync between all of your devices as well as group chats.

Because the app encrypts all messages, there's no need to create private chats or group conversations with friends, family or co-workers. This makes it easier and there is no need to explain the 'private or secret chats'. It just works.

#4 Facebook Messenger

E2EE Rating:

While the Facebook Messenger app is only the second most popular messaging service, there are many more people using this service directly through Facebook than using the app. This connection does have an E2E encryption and is considered to be fairly safe as far as the messages themselves go.

What might be an issue and the reason many people prefer Whatsapp is that Facebook itself is not as safe as they declare. In the past few years, many leaks and data breaches have lowered the confidence in Facebook protecting our privacy. The scandal with even the company’s free VPN, Hola, being hacked means that you can’t use this sort of VPN. It is much better to use a premium VPN and be safe than to risk it.

#5 Telegram

E2EE Rating:

While seen as a relative newcomer when it comes to instant messages, Telegram has incorporated a lot of good ideas from WhatsApp and Facebook Messenger while solving a couple of issues that these services have. Unlike WhatsApp, Telegram uses a cloud-based service to make chatting faster, as well as accessible from multiple devices. And unlike Facebook, this cloud server is not under direct control and supervision from the company.

While Telegram is generally considered to be safe with their MTProto protocol, the fact that there is data staying online is always a liability.

Thankfully, Telegram has incorporated an option to switch your chats to be strictly P2P, removing this issue for anyone concerned. Due to their data safety policy, using Telegram with a good VPN can make your messages virtually impenetrable to crack.

#6 Skype

E2EE Rating:

When using an instant messaging app a lot comes down to personal preference. That being said, Microsoft objectively made a mistake when trying to make Skype a chat app instead of a professional service for video calls and voice calls.

First of all, the encryption on Skype is not an E2EE, but rather third-party encryption made by Skype itself.  While this makes your voice and video messages somewhat safe from anyone on the outside, the third party encryption technology that they use is severely vulnerable against hacks that are coming directly at Skype or Microsoft.  While the usual reason people cite for not using apps with E2EE SMS message security, the fact that Skype for mobile phones is slow, unreliable, and glitchy means that there is little reason to use it.

If you need to use Skype on mobile devices for any reason, the only way to keep your text messaging private is to us a very good VPN service provider. If you don’t rely on Skype as heavily, it is probably better to exchange it for some other application.

All previous mentions have both apps for Android and iOS, meaning that there is no reason not to use them.

Did GDPR Help?

The GDPR is often mocked due to the abundant emails that we all received about companies updating their privacy policy, but it is actually a great help in securing user data. While the law itself applies only to EU users, all companies that have headquarters or major audiences here have also complied.

By definition, the GDPR ensures that all of your private conversations can’t be recorded by companies and that any company that stores private information needs to have an encryption protocol for that information.

The law does dissuade EU companies from trying to access your data without asking but does little for your private text messages. To be safe in this regard, it is best to use a messaging service that has an end to end encryption, as well as a good VPN that will both encrypt your data and conceal your location and identity.

Accessibility over Protection

Some people might think that it is reasonable that, for some data, you don’t need to use a VPN or any encryption protocol as nobody would be interested and internet speed would be greater that way. While the latter might have been true a decade ago, now neither statements are correct.

First of all, there is always someone who can misuse the content you have on your computers, Android phones, or any other source. If there is no safety protocol in place, your info can be grabbed and used at any point in the future, for any kind of malicious purpose.

Lastly, with a modern VPN service provider, your internet speed will be only marginally smaller than without protection, especially if you connect to a VPN server in your country or a close by location. Regardless of the device you use, you will have good bandwidth and the possibility to use SMS messages and voice calls with certainty that your private conversation will stay private.

Using a VPN

If you are using a premium VPN provider, there will be very little issue in having your VPN connection on at all times, with no loss to speed for both the internet connection and your device. All VPN connections have an end to end encryption and are impossible to intercept.

Additionally, if the provider has a good app, it takes just seconds to connect, and the connection is always stable. Even switching servers take next to no time.

Finally, as there are many other advantages in using a VPN, it is best to use it as a cornerstone to your internet security. All other apps, encryption, passwords, or other features work best if supported with anonymity and security provided by a VPN.

Stay Private

When talking about cybersecurity, most people focus only on the software and hackers, which is not the most common source of data leaks. Most times governments, companies, and individuals obtain our information because we gave it to them directly.

This is why mindfulness while on the internet is as important as cybersecurity. Know who you are talking with and never give your private information away. By Australian and US laws, no government official will ask for your data online. If someone asks for your verification by requiring your private information, it is best to report that person to the authorities immediately.

Conclusion

An end to end encryption is a very simple but very reliable piece of software, and it is regretful that many large companies and institutions avoid using them. Any private person on the internet should not make the same mistake and should always keep him or herself safe, anonymous, and private.

By using a VPN you can relatively cheaply ensure your privacy and safety online, both when texting and when browsing the internet. Finally, on top of your VPN security, you should only use apps that have some sort of encryption protocol, and in case of your instant messaging apps, this should be an E2EE.

By using these tools, you can be certain that both you and the person on the other end can speak freely and safely. The only question you will be left is what to say.