Previously: Part Zero, Part I, Part II, Part III, Part IV, Part V.

 

Part VI: Chat/Instant Messaging/Communications

 

Oh, for the good old days when you could install a multi-protocol chat client like Pidgin and keep in touch with all of your friends on ICQ, AIM, XMPP, and IRC. Alas, the protocol era of the internet is dying, and the platform era is upon us. Most modern messaging protocols and clients are not interoperable, and work hard to keep you within a particular platform. While the venerable old IRC and XMPP protocols and clients are still kicking, they have largely fallen into disuse as normies have embraced messaging apps like WhatsApp, Signal and Telegram.

Needless to say, end-to-end (E2E) encryption is a bare minimum requirement for secure, privacy-respecting messaging, and even the mainstream apps mentioned above have it. In brief, E2E encryption encodes your messages with a cryptographic key such that their contents cannot be read while in transit, but only once they reach their intended recipient. While Telegram supports E2E encryption, by default messages are only encrypted in transit to Telegram’s servers, where they can be read, intercepted, or subpoenaed by law enforcement. Even apps like WhatsApp and Signal that enable E2E encryption by default manage to violate user privacy in other ways. WhatsApp shares extensive information about your account with its parent company, Meta (formerly Facebook). Signal is non-commercial and therefore less invasive with advertising or data mining, but still requires personally identifiable information to use the service. All of the aforementioned messenger apps are tied to your real phone number. So E2E encryption is the price of admission, but it’s not the end of the story. Decentralization also helps to mitigate some of the same security and privacy vulnerabilities as encryption. Returning to the previously referenced Telegram example, a decentralized, peer-to-peer (P2P) approach would obviate the problems created by having messages decrypted and stored on a central server, since there is no central server. For that reason, I prefer to use P2P messaging protocols and programs whenever possible. In the past I used Tox, and while it is still a useful protocol, most of its clients have fallen into an unmaintained state. My current preference is Jami, which is a GNU project with the backing of the Free Software Foundation, and in a more mature state than Tox. Besides being P2P and E2E encrypted, these programs collect no personally identifiable information besides an IP address in order to function, and are not tied to your phone number. Furthermore, you do not even need an internet connection to use them, as P2P connections can be made over a local network or ad-hoc WiFi. The Briar project can even use Bluetooth mesh networking for offline communication, which is especially useful during mobile network outages, natural disasters and repressive government crackdowns. However, there are downsides to the P2P approach, the most obvious being that both participants (or multiple participants, in the case of group chats/calls) must be online in order for messages to be delivered. In my experience, that has been a deal breaker for many of my normie friends, who are used to being able to send messages, videos and photos to their intended recipient even if he is offline, and have the recipient be able to retrieve the messages, videos or photos at a later time. There are other normie-repelling quirks of Jami, which are inherent to P2P messaging in general, such as the inability to recover passwords or lost “accounts”, since accounts are merely locally-stored cryptographic keys. I continue to use Jami to communicate with fellow privacy schizos, but I recognize it may not be a good choice for everyone.

For those for whom the inconveniences of P2P messaging are too burdensome, Session is a more normie-friendly alternative, and the one I use with my normie friends. The UI and functionality of Session is more similar to the mainstream messaging apps, so it’s easier to adopt for most people. Session began as a fork of the Signal protocol with many privacy enhancements. It features E2E encryption, utilizes onion routing and requires no phone number or personally identifiable information to use. It is cross-platform and available for iOS, Android, Windows and Linux-based OSes, which makes it a good option if you have a mix of different OSes and/or devices. Transparency bonus: Quarkslab conducted a security audit of Session in 2021, the results of which can be viewed in full here.

It’s worth mentioning that the sort of man-in-the-middle attacks that end-to-end encryption and decentralization help prevent are becoming less common, in part due to the wider adoption of mainstream encrypted messaging apps, but in just as large a part because it is typically easier for a malicious actor, surveillance company or law enforcement agency to simply exploit a compromised device to read the decrypted message at the source than to intercept it in transit – another good reason to be mindful of OS privacy and security, particularly on a mobile device which can more easily be lost, stolen or confiscated.

Another mainstream platform that straddles the line between messaging app and social media is Discord. Unlike the other mainstream messaging apps we looked at previously, Discord does not even make a pretense of encrypting messages or user data and is among the worst privacy offenders you could use. It collects telemetry data, a unique device ID, every text message, image or video you send, as well as your VOIP data. Unfortunately, it is ubiquitous in the world of online video gaming, and is increasingly used by businesses and software projects to coordinate teams and solicit user feedback. For reasons related to being a man child who still plays video games well into his 30s, I sometimes find myself with occasion to use Discord, despite my colossal misgivings. When I must, I either run the browser-based Discord client in a hardened Firefox instance within a Firejail sandbox, or run the standalone client in Flatpak, which provides its own sandboxing. Those tools are only available on Linux-based OSes. Each thing that Discord does can be accomplished by another standalone application – Mumble for low-latency VOIP chat, IRC or any of the aforementioned messaging apps for text chat and file sharing – but bringing them all into one app with a consumer-friendly GUI is a bigger ask. The closest thing currently available is Element. Element is the reference client for the Matrix protocol. Matrix has E2E encryption for direct messaging baked in, supports VOIP, video chat, text chat, and file transfer, and is a federated, interoperable open standard. Element is under fairly brisk development, but is mostly feature complete, and can also serve as an alternative to conferencing software like Zoom. If you’ve ever used Discord, it will be immediately obvious what they’ve tried to replicate, and where they’ve succeeded and failed at doing so. I find it pleasant to use, and actually more intuitive than Discord in many ways, but it’s been my experience that younger people who have baby ducked to the Discord UI can’t seem to get their head around anything else.

We’ll close out this segment with a word on the granddaddy of online messaging, email. By design, email is not very secure or private, and shouldn’t be used when those are primary considerations. Even encrypted email services like ProtonMail aren’t really very secure, and only provide encryption when both sender and recipient are using the service. And that’s about as secure and private as email gets. The best bet when it comes to email is to avoid free services like Yahoo Mail, Outlook or GMail, which automatically scan all of your incoming and outgoing messages to feed their advertising algorithms. Email service is incredibly cheap. It’s worth paying to avoid all of your messages being data mined. But be sure to read the terms of service of any provider – just because you are paying doesn’t mean they aren’t mining and selling your data.

Something important to keep in mind is that emails that have been stored on a service provider’s servers for more than 180 days may be obtained without a warrant by any governmental entity, according to the provisions of the Electronic Communications Privacy Act of 1986. When that law was passed, emails seldom stayed on a service provider’s server for long periods of time, because users would download them from the server to display them on their own computer. In modern times, when most people use a webmail interface and access their email using the Internet Message Access Protocol (IMAP), which leaves the messages on the server so that they may be accessed from anywhere, it’s not uncommon for people to have messages stored on their service provider’s servers that are many years old. Those messages are all abandoned property as far as US law is concerned. For that reason, I recommend using a local client to manage your email, and periodically downloading any messages left on your provider’s servers and removing them. Thunderbird is pretty much the standard in this arena, and replicates most of the features to which modern webmail users are accustomed. While I use the leaner Claws Mail, Thunderbird would be the sensible choice for the vast majority of people. Obviously these recommendations would only apply to your personal email. In most cases, your work emails will be required to stay on company servers.

TL;DR: While mainstream messaging services like WhatsApp, Telegram and Signal are end-to-end encrypted, they still violate user privacy in other ways. Consider a decentralized alternative like Jami, or a more privacy-respecting service that doesn’t collect personally identifiable information, like Session. Avoid Discord like poison, but if you must use it, try to keep it sandboxed in an environment like Firejail or Flatpak. Consider using Element instead. Avoid free email services that data mine your messages, and beware that any email left on any provider’s servers for more than 180 days may be obtained by any governmental agency without a warrant under the terms of the Electronic Communications Privacy Act of 1986. Consider switching to a local client like Thunderbird to manage your email, and download your message offline before the 180 day snooping provision affects them.

Next, “Part VII: Social Media.”