Secure Messaging Apps: The Pros and Cons of Each Platform
Communicating with a sensitive source has always been difficult for journalists. Sources who reach out to the media are potentially putting themselves into dangerous situations, breaking contracts, breaking laws, breaking promises and breaking trust.
Meeting in a parking garage at 4 a.m. in trench coats — while still effective in certain circumstances — works less in the era of CCTV and mobile phone tracking. When it comes to secure communication, phone calls are out, normal email is laughably awful and SMS is only worse.
Enter: secure messaging apps.
These apps, operating under the same principles as PGP email encryption, are the new front line in securing communications between journalists, sources and contacts. All of these apps offer end-to-end encryption. If the company running the servers is ever subpoenaed, the only thing they can hand over to prosecutors is essentially gibberish.
However, the problem with some of these services is that you have to trust that your data is secure, as proprietary companies usually do not open source their software.
I’m going to discuss a few of the pros and cons of several secure messaging apps and offer a few suggestions for which ones journalists should use. Please remember that there is no right answer for everyone. Depending on who you’re hiding from, some apps are more practical or useful than others.
4.) Tox (a Skype “replacement”)
5.) Allo (Google’s newest messaging platform. Yes, another one)
If you’re reporting on the big boys (U.S., Russia, Israel, China), then even these services may not help you. The encryption protecting your messages probably won’t be broken, but the possibilities of malware on your device — or a very sophisticated man-in-the-middle attack — are much higher. In this case, there are many other internet security issues to be considered as well.
However, if you’re only worried about securing your standard day-to-day communication, I’d recommend Signal. Broadly speaking, if you’re a step below international espionage, iMessage, WhatsApp or Signal all fit the bill.
The biggest key to successfully using any of these tools is normalizing their use. If your team is using Signal, use it for everything. As the adage goes, those on the offensive only have to be lucky once; defenders have to be lucky all the time.
This post was also published on IJNet, which is produced by ICFJ.