Down the rabbit hole, part 5: Secure and private instant messaging

Instant messaging is hard.

There are untold numbers of instant messaging networks (not even taking SMS into consideration)—with companies like Google having, all by themselves, created a half dozen competing applications and networks. And, if you want those messages to be secure? Well, things get even more difficult—there simply aren’t many options. 

In my ongoing quest to make my life as secure and private as possible, I’ve found three instant messaging networks that are worth talking about. They’re not perfect, but they are significant improvements over using the many, astoundingly insecure platforms out there (such as Google’s Hangouts or Apple’s iMessage). Let’s go over those here, with their benefits and pitfalls. 

Signal 

One of the most often recommended of the secure instant messaging platforms is Signal from Open Whisper Systems. And it is recommended (including an endorsement from Edward Snowden) for good reasons. 

All messages are end-to-end encrypted, and the keys are stored only at the end points. Meaning the content of messages are never stored on the Signal servers in an unencrypted form. This is a very good thing.

Also good is that the Signal clients are open source and available to everyone on GitHub. The majority of the Signal server is also available as open source (though not the video chat functionality). All of that adds up to Signal being a pretty fantastic candidate for secure messaging.

Unfortunately there are some pretty severe drawbacks.

First and foremost: A Signal account is tied to a phone number. For anyone concerned with privacy or anonymity, this is almost a complete deal-breaker. For reasons that are so astoundingly obvious, it makes you want to open your hand to a fully extended, flat position and then proceed to strike your own forehead with your palm. In slow motion. Repeatedly.

--------------------------------------

Follow Bryan Lunduke’s quest to make his digital life as private and secure as possible:

• Part 1: Making my life private and secure
• Part 2: To ensure security and privacy, open-source software is required
• Part 3: If privacy is paramount, Linux and Torare key
• Part 4: Securing your email
• Part 5: Secure and private instant messaging
• Part 6: Secure and private online file storage
• Part 7: How to limit data collection from city cameras

--------------------------------------

Building on this problem: Signal runs only on cell phones. Period. End of story. Have an Android-based Tablet? Too bad. Signal requires a cell phone to install it, which means to use Signal, you need to carry around a cell phone. And that, almost completely, defeats the purpose of having a secure messaging platform. Again—another significant facepalm moment.

Even more crazy: Signal is not, in any way, available outside of the silos of Android’s Google Play Store or the Apple’s App Store. That means you cannot run a secure platform from which to utilize this secure instant messaging network.

When asked why Signal was not available outside of Google and Apple’s App Stores, the lead developer responded with this:

“We don't distribute our apps on f-droid because we feel it's insecure and because it doesn't provide the features we need to develop stable and secure software.”

He went on to say the company behind Signal would consider releasing the software outside of Google’s own App Store if the following were available:

“A built-in statistics gathering solution with a web interface that allows us to visualize aggregate numbers on device type, Android version, and carriers for our users.”

In a nutshell: Signal is tied to a phone number, runs only on cell phones, runs only on insecure platforms, and they’ll only consider allowing it to be installed outside of the Play Store/App Store if they can have good (and convenient) statistics gathering on their users.

The number of red flags raised here is off the charts. The red flags are raised higher with the understanding that these are not necessary inconveniences due to some technical limitation—these these problematic items are specific choices on the part of the Signal developers.

If those items were fixed, I would have no problem using Signal and recommending it to others. But as of this moment, those issues are a deal-breaker for anyone looking to secure their digital life.

Matrix

Then there’s Matrix—a decentralized (read: no single centralized server run by any one organization) instant messaging platform.

There’s a lot to like about Matrix. (I interviewed the head honcho of Matrix a few weeks back.) It’s completely open source and is not run by any single company (anyone can set up a Matrix server assuming they have the beefy hardware to handle it). And, unlike Signal, it’s not tied to a cell phone.

They’ve recently added end-to-end encryption, as well. Though, since this is new functionality, I’m hesitant to give Matrix’s security the thumbs-up until it’s been properly tested and audited. (To be clear: It seems well designed at first glance, but better safe than sorry.)

There are some downsides. The client is not as well-polished as the instant messaging software most people have become used to. And the decentralized nature of it is a little different as well, which while not a real problem, is a bit of a hurdle for getting new users comfortable with the system. And if you are looking to run your own server, be prepared to have a wickedly beastly box (there are some concerns about the scalability here, should Matrix become popular).

Wire

The third system I’d like to talk about is Wire. It has one noteworthy flaw, but I think this is the one I like the most thus far.

Messages are encrypted, end to end. The client applications are all open source (under the GPL). It isn’t tied to a phone number or cell phone (you can sign up with a simple email). All good things.

Wire also has some nice security features, such as the ability to verify devices of people you are in communication with. For example, if you meet up with a contact in real life, you can each verify devices of the other person. Then, if you receive a message from that contact in the future and it does not come from that verified device, you will be alerted as such. Very, very handy.

Also, if a device is used for the first time from an account, that device will not have access to any past messages. Meaning that if the account credentials become compromised somehow, the past message content will not be exposed.

Messages that auto-delete after a set amount of time are also supported.

All of that is absolutely delightful. And unlike Signal, Wire can be installed outside of Google’s Play Store (directly from Wire’s website). That means Wire can actually be run on a non-Google controlled and monitored Android-based platform. This is a big plus.

That’s not to say there isn’t one, major, downside to Wire: The server is not spen source. I like so much about Wire, but the lack of full source code to the server is a pretty big potential problem.

So, I sent a message to the CTO of Wire, Alan Duric, asking why the server was closed. He immediately got back to me to let me know that releasing the source code for the server was underway. When I pushed for specifics, I got the following response:

“License will be the same GPLv3 and timeline is next year.”

I would love to see the source code available right now, but if Wire is thinking about early next year (or at least not too far in), we’re really only talking about a wait time of a few months. I can handle that.

Conclusion

All of this leaves me in a position where I can’t yet fully endorse any of these instant messaging systems. All three are exceptional in their own right, but each has at least one problem that gives me pause.

As for right now? I’m using Wire. And I’m quite happy with it, though I am eagerly awaiting the availability of source code for the server. And should that source code not actually be released publicly, I will be quickly looking to move away from Wire to another service.

I would consider Signal, but it is in reality impossible for me to use it (at least without resorting to multiple hacks on their systems and using their software in ways they clearly don’t want me to). If Signal becomes available for secure platforms and becomes un-tied from cell phones, I would quickly take another look. It is, other than those issues, an interesting and excellent-looking system.

And Matrix is, likewise, excellent. I’ll be keeping an eye on it and trying it out from time to time while they continue to refine and enhance their system.

The reality is that all three of these systems are significantly better options than those currently offered from the likes of Google, Apple and Microsoft. All of them will make your data more private. They may not be perfect, but they’re better.

So, for now Wire is the instant messenger for me. But the entire instant messaging landscape is in a wild and crazy flux right now—so this is something to keep close tabs on over the coming months.