Russia-backed separatists have long used unsecured text messaging since the beginning of the Ukraine conflict to identify Ukrainian citizens and armed forces. Now that the conflict has become a primary source of discussion on social media, Russian intelligence units have stepped up monitoring of social media and texting services. They use the information gathered to find and punish people opposing the invasion. Exercising a bit of scepticism and individuality lessens the danger.
Text messaging has been around almost as long as the internet and predates mobile phones altogether. It’s not only a great way to surveil unwitting people but a great avenue for cybercriminals and oppressive nation-states to infect personal devices with malware.
Popular apps are vulnerable
According to Statista, the most popular messaging apps in the world are Whatapp, Facebook Messenger, WeChat, QQ (QQ?) Telegram and Snapchat. None of them is actually secure. Telegram is the most popular texting app in Ukraine and with teenagers worldwide and WhatsApp is the single most popular messaging app worldwide,
WhatsApp, Telegram and Snapchat are “sorta” secure if they are properly configured with end-to-end encryption (E2EE), but they don’t come that way. You have to dig into the settings to encrypt them. The rest all have proprietary code and claim to be secure, but the Chinese government has backdoors in them, and God knows what Facebook is doing with that data.
Moxie Marlinspike, founder of the Signal messaging app, in December 2021 offered a lengthy Twitter thread about why Telegram and Facebook Messenger are not truly secure.
“Actual privacy tech is not about trusting someone else w/ your data,” he said. “It’s about not having to. A msg you send should only be visible to you and (the) recipient. A group’s details should only be vis(ible) to the other members. Looking up your contacts should not reveal them to anyone else.”
Marlinspike urged people to realize that an encrypted messenger should, at minimum, mean an app where all messages are e2ee by default. “Telegram and FB Messenger are built exactly the same way. Neither are encrypted messengers,” he claimed.
To date, there have been no credible arguments against his position.
Ironically, WhatApp built its encryption on the Signal’s EE2E technology, widely considered to be the gold standard. But the app comes with the encryption disabled by default.
Signal is a non-profit organization offering the app for free. Users can make monthly donations as low as $5. Signal does not accept advertising nor does it present itself as a cool product. It merely keeps you more secure, if not entirely secure.
Ads create the problem
So, you may rightly ask, if the most popular texting apps are not secure, or only sorta secure, why are they so popular? Because they are free… sorta. All you have to do is accept texts from advertisers. Many, many advertisers. And they need you to allow them to track you as you traverse the digital world. That makes them inherently insecure.
There are, however, many alternatives, including Signal. Apple’s iMessenger also has true E2EE and is rated second to Signal as the most secure texting app. However, enabling iCloud backups of your iPhone makes some iMessages visible to law enforcement, foreign intelligence agencies, and probably hackers, according to FBI training documents.
Unfortunately, doing a search of “most secure messaging apps” tends to include WhatsApp and Telegram.
Users within and without political and military conflict areas should concern themselves first with security, not using the most popular free apps.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.