which apps really protect your conversations?

In early August, a 17-year-old American woman and her daughter were prosecuted in the state of Nebraska in the United States for illegal abortion on the basis of data transmitted by Facebook to investigators. The case has returned to the center of the debates the question of the confidentiality of communications on the main messaging platformswhile this kind of requisitions could multiply in the future in the American States where the right to abortion is in danger.

In France, too, “in the context of a serious offence, investigators have the possibility of asking all those who have important information about the suspects, including social networks and search engines, to give useful information for the investigation”, explained on RTL the lawyer Alexandre Lazarègue, specialist in digital law.

Currently, no service offers a perfect privacy solution. Users have the choice between practical and attractive messengers, such as Messenger or Instagramwhich bring together the majority of Internet users through their many gateways with their respective social networks but on which conversations are not really secure, or encrypted applications, such as WhatsApp, Signal or Telegramwhich guarantee a high level of confidentiality but offer fewer fun and social features.

Conversations are not encrypted by default on Messenger unlike Signal or WhatsApp

To secure exchanges, these applications use end-to-end encryption, an IT security protocol that guarantees strong data protection thanks to a system of encryption keys which are only held by the people who exchange in a conversation.

This means that without direct physical access to one of the devices where the conversation is stored, the content of the messages is unreadable for all third parties who are not aware of these keys, whether they are the platforms hosting these conversations, access providers or law enforcement agencies.

This technique is offered by default by the Signal application, whose protocol was integrated into WhatsApp in 2016. These applications, which make data protection a commercial argument, cannot transmit the content of conversations to justice, except with rare exceptions, if the trading history is saved in a cloud, for example.

End-to-end encryption was only integrated into Messenger in 2016, in the form of an option to be activated in the settings to start a secret conversation between two users or in a group. This technique is little known to users even today, which means that Facebook can access the vast majority of private exchanges that are held on Messenger.

Regularly cited among the most secure applications, Telegram is also a special case. Communications are not encrypted by default on Telegram. The application only encrypts the content between the phone and its servers. But when you chat with a person or in a group on Telegram, there is no end-to-end encryption. This means that someone on the Telegram side can intercept the communication. On paper, Telegram employees could therefore deliver information to a third party.

Data backups are not always encrypted

To benefit from complete end-to-end encryption protection, the question of conversation backups must also be taken into consideration. Most couriers offer to save them in the cloud to be able to find them on other devices or simply archive them. This data contained in the cloud must also be end-to-end encrypted so that the platforms cannot access it.

This is the case on Signal and WhatsApp, where it is necessary to go through the user’s device to decrypt them. The situation is a little more complex for Apple and its messaging app Posts. While data stored on the user’s device is directly protected by iOS end-to-end encryption, it can also be backed up to iCloud. In this case, Apple will hold a decryption key to be able to return the backup to the user in the event of omission of the password or to transmit them to the authorities upon presentation of a warrant. However, it is possible to exclude messages from online backup by activating an option so that they remain end-to-end encrypted on the iPhone.

In practice, Signal and Telegam are the least talkative with the authorities

The FBI listed the secure apps most likely to share data with authorities in a working paper. According to this document, the messengers least inclined to share their users’ data are Signal and Telegram. Which isn’t really a surprise. Founded in 2018 and regularly recommended by experts for its renowned unbreakable end-to-end encryption protocol, Signal only provides the date and time of account creation and the last date of use of the application. For its part, Telegram, created in 2013 by opponents wishing to escape the surveillance of the Kremlin in Russia, may be required to share the IP address and the telephone number of a user in the event of suspicion of terrorism.

Judging by this document, the most popular encrypted apps are also the most permissive. Upon presentation of a search warrant, US federal authorities can thus easily access the conversation history of the Messages application.Appleif the user in question has synchronized their messages with the cloud.

Investigators can also easily access the content of conversations WhatsApp that are not protected by end-to-end encryption when stored in the cloud. They can also collect message metadata in real time, namely the numbers with which the smartphone has exchanged, but also the time and frequency of interactions. WhatsApp also provides address book contacts upon presentation of a search warrant. Facebook has plans to boost the app’s privacy in a future update that will protect chat backups with end-to-end encryption in the cloud.

The editorial staff recommends

The news by the RTL editorial staff in your mailbox.

Thanks to your RTL account, subscribe to the RTL info newsletter to follow all the news on a daily basis

.

Leave a Comment