Have you wondered how your private messages are sent on the internet?
Encryption is how messages are secured using a key and math.
In most cases, a key is a giant number.
- A number big enough,
like hiding a grain of sand at the beach
where after looking for millions of years,
there'd still be a >99.999% chance you wouldn't have found it.
This key is only known to you and the other party.
Next, your messages are sealed with that key
By using a math equation that is easy to do in one direction, but nearly impossible to do in reverse.
Sometimes, there's no key used.
In that case, messages could be read by others.
- If you ever notice a website has http:// at the top (instead of https://), it's possible others could see that message while it's being sent.
Most websites and apps: banks, messaging apps, Netflix, are encrypting your communication.
On the other side, a robot (the website or server) unlocks your message and deals with it accordingly.
- e.g. on YouTube, the robot reads your search query and sends you back some videos
When sending a private message,
The robot forwards your message along to the recipient. But the robot could take a peek at your message.
Some robots will pass the message along, not opening it.
Some robots might scan the message to make sure it's not spam.
But, an opened message could also be stored insecurely without encryption,
Or read & copied by spying parties.
Another method is called end-to-end encryption.
With this, only you and the final message recipient have the key,
To the robots eyes, it's passing along random numbers between two people.
Many messaging apps are not end-to-end encrypted by default,
and instead could be reading your messages for ads targeting, enforcement of rules/laws, or otherwise.
Here's what I could find among the top messaging apps
where an app has different messaging modes with different encryption, I've specified.
Top messaging apps (2019) encryption:
+ end-to-end encrypted:
- Telegram Secret Chats
- Facebook Messenger Secret Chats
- KakaoTalk Secret Chats
- Snapchat Snaps
= client-server encrypted:
- Most email (gmail, yahoo, outlook, etc.)
- Google Hangouts
- Facebook Messenger
- Google Hangouts
- Snapchat Chats
- SMS Text Messages
With the exception of SMS text messages, all popular messaging apps uses some form of encryption.
Client-server encryption is when a message may be opened by the server
While end-to-end encryption, if done properly, ensures that can't be done.
Modern technology gives us a perfect tool to whisper to someone else
so why doesn't every app use end-to-end encryption?
There are a handful of convenient features which may require some knowledge of your messages:
- Cloud backups - so you can read your messages if you lose your device, or from other devices.
- Search - searching 100,000+ messages may be too difficult to do on your device, and might require the server's help.
- Suggestions - e.g. auto-complete, tagging people by name, setting reminders, scheduling events, etc.
- Spam prevention - without being able to read the contents of messages, it's difficult for a server to detect spam, phishing, or other abuses of the service
Depending on the app, trading perfect secrecy for these features may be worth the trade off.
However, messaging is a relatively simple concept, and differences in features are minor between apps.
Take a moment to think about your choice.