The FBI has recently released a training document detailing the encryption of major messaging apps, and which details the FBI were able to get from a deep dive into each service. It's worth noting that this document was released under a FOIA request, so it is most likely accurate.
Encryption is the practice of scrambling and obscuring data in order to have it be unrecognizable to any system that it isn't intended for. Various national governments have ever-so-slightly resented encryption on message apps for a while, with pressure being put on tech companies to limit the amount of encryption within each service in the interest of security.
Despite this, some apps like Signal and WeChat have stuck to their guns and imposed some of the strongest encryption methods onto their services, meaning that the FBI (or other surveillance agencies, or even insidious third parties) are able to pull very little information from any of them.
Which apps are the most secure?
Encryption is an important feature, so a lot of messaging apps boast to have impenetrable encryption. But how true is this? Well, there's no better litmus test than having your service go up against the FBI, so who truly came out on top? Here are some highlights (good and bad) from the FBI document:
- Signal allowed for no message content, and only the date and time of a user's registration and last use of the service
- WeChat doesn't allow for messages to be viewed, but they can provide basic information (name, phone number, email, IP address) for Non-Chinese accounts
- Viber doesn't allow for messages to be viewed, but provides account registration data and IP address at time of creation, as well as message history: time, date, source number, and destination number
- WhatsApp doesn't offer up any messages, but can be subject to subpoenas, court orders, and search warrants, which can reveal contacts, blocked users, and other scraps of information
- Wickr shows a load of information, including account creation information, the device owned by the user, the user's avatar, the number of messages, and the number of external IDs (like phone numbers and email addresses), among other things
Clearly, Wickr drops the ball a bit, and WhatsApp isn't as impenetrable as Meta would want you to believe, due to the amount of legal interference it can be subject to. However, Signal and WeChat have a solid grip on encryption, allowing for the very bare minimum information to be revealed.
What does this mean for messaging apps?
Solid encryption is a crucial element of any messaging service. A lot of people don't go out of their way to encrypt their online activity, with around 80% of people claiming they're not particularly aware of any encryption provided on the services they use. However, one of the reasons that Signal is so consistently lauded by professional cybersecurity experts as a good messaging platform is due to its encryption.
Encryption doesn't just stop governments from prying in on your messages, it prevents any third parties from accessing your messages and data. If Signal and WhatsApp's encryption is good enough to stop the FBI, you can be sure that cyber criminals and hackers won't be able to access any sensitive information that is sent via an encrypted service.
Of course, if we were to put on our tinfoil hats, we could come to the conclusion that this is what the FBI want us to think. In reality, perhaps Signal is the most transparent messaging app on the market, and if we all switch to that in an effort to conceal ourselves, the FBI will have free reign over all of our interactions! Probably not though, as Signal is cited as the most secure app from various sources outside of the FBI's control.
Other Ways to Be Secure Online
Encryption is great, but it's not the only way to keep your information away from governments and criminals alike. This encryption will only work on the dedicated app you're using, so while all your Signal messages will be under lock and key, any other online activity will be entirely laid bare.
That's where VPNs come into play. A VPN will shroud all of your online activity from external forces, meaning that prying eyes won't be able to see your information or activity. And, as an added bonus, you'll be able to change your region, giving you access to things like other countries' Netflix catalogues.
And while it's less related to encryption, a password manager is a similarly good idea. Rather than using one password for multiple sites and services, you can vary your passwords and store them all in a password manager, meaning you can make them as complex and varied as you like, without having to worry about remembering them all.