Shoot the Messenger: How Chat Apps Are Security Hellholes
This episode was supposed to be a simple round-up of chat apps. It became a nightmare of unspeakable evil, as you’ll soon learn. We’ll still highlight chat apps, but rather than discussing features, we’ll learn what you might want to be concerned about when choosing them.
Voice Communication Gave Us Protection
Only 15 years ago, we talked by phone. We expected privacy and security. Wire-tapping was expensive and required a warrant. Recording without notice was illegal. Laws protected us from the gross misuse of our communications.
Our modern tools are chat apps. They do what phones couldn’t: they break all those expectations, while promoting misunderstanding at unprecedented levels. We call this “progress.”
With that in mind, let’s chat about chat apps.
Know Which Apps Your Contacts Use
Chat may still be the most popular use of the internet. But there are dozens of chat apps, and different people use different apps.
When you meet someone, record how they like to communicate in their address book entry. When you want to communicate with them, just look at their address book and go.
Pretty much all chat apps let you send long text messages, pictures, video clips, stickers (which are really just pictures), and audio clips. Most also allow group chats. Any chat app that doesn’t do those things is pathetic and not worthy of mention. But each one has its own special features, and many have sinister shadow sides.
An Incomplete List of Chat Apps (and Their Dark Sides)
- Text Messages (“SMS”)
- Apple Messages
- Skype
- Signal
- Facebook Messenger
- Google Chat and Hangouts
- SnapChat
- Confide
- Kik
Let’s explore each in more detail.
1. Text Messages (“SMS”)
The most basic chat app is your cell company’s text messaging, called SMS for Short Messaging Service. Android and iOS smartphones let you send long messages. You can also send multimedia messages including pictures, audio, and group chats. All this travels over the phone network. It’s not particularly secure, messages aren’t encrypted, and your phone company may keep copies of everything. Depending on your phone plan, you may be charged based on how much you send and receive.
2. Apple Messages
Apple Messages arose as a way to send messages that avoided SMS charges. Messages get sent over the internet, not the phone network. Apple users can send each other messages that travel over the data network. Apple users can text non-Apple users and it gets sent as a regular SMS message instead.
Messages between Apple users are encrypted from end-to-end. They’re stored on Apple’s servers in a way that even Apple can’t decrypt them. Messages sent via SMS are sent unencrypted and get seen by a phone company.
3. Skype
Skype was created in Sweden as a secure platform for private videoconferencing and chat. It was purchased by Microsoft, who consolidated the data centers within the US and gave intelligence agencies unfettered access to all Skype servers.
In 2018, they doubled down on anti-privacy and anti-security by giving Skype “social” features. Now, anyone can figure out who you’ve been Skyping with and who’s in your address book. If you want to delete your account so someone can’t do that, they enforce a 60-day period before deleting the data, probably to alert the NSA to take one last look.
Skype is popular, but don’t expect discretion or secrecy. And if you’re a lawyer who wants your client list kept private, don’t expect that either.
4. WhatsApp
WhatsApp is one of the world’s most popular messaging platforms. It’s owned by Facebook, but they promised to keep it private and secure. They promise a lot of things. And the penalty for breaking those promises is…nothing.
Indeed, when Whatsapp founder Brian Acton left Facebook, he declared in interviews that Facebook was pushing to compromise WhatsApps’ privacy. But of course they say you can trust them, so I’m sure it’s true.
5. Signal
Which brings us to Signal. Signal was created by security fanatic Moxie Marlinspike, and is now funded by the very same Brian Acton. It’s encrypted end-to-end. They have centralized servers for routing data and connecting you with contacts, but voice and video conversations go directly between the two people communicating.
Signal is constantly working on ways provide secure, private communication with their own servers being involved in the process as little as possible. It’s also 100% open source, so its integrity can be externally verified.
Signal is my platform of choice.
6. Facebook Messenger
Facebook Messenger is the poster child for evil. It’s chock-full of all the privacy-invading, psychological-profiling, manipulative addiction we’ve come to expect from anything Facebook touches.
Facebook scans your conversations to profile you for ad targeting. They keep copies of your entire message history with everyone, forever. They accidentally leak user data to hackers, purposely give it to their business partners with no oversight, and use it to deliberately manipulate people to influence elections, which they did as an experiment as far back as 2012. More recently, they’ve refused to testify when summoned by Parliament, causing Parliament to take the unprecedented action of seizing internal Facebook emails by force.
If this is your cup of tea, or think the marginal convenience is worth enabling this bad behavior, this is your platform of choice. And rest easy. Facebook messenger almost certainly won’t get you slaughtered in your sleep. Just ask anyone from Myanmar.
7. Google Chat and Hangouts
Then there’s Google and Android. Google Chat and Google Hangouts are their free communication tools. According to a 2015 article and later articles, Hangouts is not really secure. It has some encryption but Google hasn’t answered questions about the end-to-end security.
You can trust them, though. When they do to things that might give you pause (like accidentally exposing your data to the outside world), they do the responsible thing and own up to it immediately. Just kidding! Like everyone else, they lie and cover up their actions in order to “protect their brand.”
We do know for sure that Google scans your email without a warrant to prevent the spread of certain illegal content, and they turn you over to the police if they find it. Whether they do this with Google Chat messages as well is unknown.
I’d use the Google Chat and Hangouts for non-sensitive work conversations, but not for anything else. After all, we can believe them when they say “Do The Right Thing.” It’s just…right for whom?
8. SnapChat
Snapchat started by letting teenagers send naked pictures to each other that vanished after 10 seconds. Of course, it turned out that they didn’t really delete the naked pictures after all.
Now, Snap is a full-on media company in a chat app. Now, lots of things don’t disappear, and the app is oriented around watching video “stories” from advertisers.
If you want a general media app with questionable content, Snap may be just the thing! If you want true privacy and security, it may sort of do that kinda.
9. Confide
Confide assumes someone can physically look over your shoulder. Messages are displayed blotted out. Hold your finger over the display to see the decrypted text.
In 2016, researchers found that Confide’s security could be compromised with the right sort of attack. Confide promised to address the problem, but I’ve been unable to find a source for whether or not they have.
For protecting against over-the-shoulder spies, it’s the only choice. Whether or not it’s secure enough to protect you from cyberspying isn’t as clear.
10. Kik
Kik is a chat app oriented around group messaging. It does it all: group chat, messages, pictures, etc. Forty percent of U.S. teenagers use it. Anyone can register with an anonymous profile.
According to an article in August 2017 METRO, KIK messages are stored unencrypted on the servers. You may be anonymous, but your anonymous messages can all be read by KIK.
They have a whole web page devoted to telling parents and teens about law enforcement and emergency procedures. They don’t actually mention abduction and murder, but we’re smart enough to read between the lines.
(Whoa. Stop the presses. When I wrote that last line, I thought I was joking. Only…upon further investigation, I wasn’t. Kik was implicated in the 2016 murder of a 13-year old girl.)
The newspaper articles on Kik all seem to stress that its anonymity has allowed it to be widely used for child exploitation and by pedophiles to groom young children.
So there’s that…
11. WeChat
WeChat is the gigantic Chinese chat app used by a gazillion people. It’s a Chinese chat app, used by the Chinese government to track every citizen and wipe out non-conformity. I’d imagine the Chinese government can read, profile, and track everything that happens on the app. ’Nuff said.
What Messenger App Should You Use?
I hope I’ve terrified you by now. If you want lots of snarky detail with more in-depth revelations of evil, check out getitdoneguy chat.
Only one company seems to have the right mission and the privacy and security chops to pull it off: Signal from Open Whisper Systems.
Grab Signal today. And if you must chat, chat safely.
I’m Stever Robbins. Follow GetItDoneGuy on Twitter and Facebook. If you’re self-employed or a small businessperson, Get-it-Done groups help you stay focused on what’s important, and develop the habits you need for consistent, successful progress. Learn more at Stever Robbins.
About the Author
Stever Robbins was the host of the podcast Get-it-Done Guy from 2007 to 2019. He is a graduate of W. Edward Deming’s Total Quality Management training program and a Certified Master Trainer Elite of NLP. He holds an MBA from the Harvard Business School and a BS in Computer Sciences from MIT.
