Encrypted messaging: No magic but important

Posted by Rose Molly on December 21st, 2018

Encrypted communication is often thought to be too complicated for a mainstream use, but open apps like Signal have grown to be a no-brainer for data privacy. With different security-minded features, like identity-confirming safety code, disappearing messages, secure chat applications can duly give you that peace of mind. Using them should have no second thoughts.Having said that, though, there is no such thing termed as perfect security, feeling invincible is no good option as it can get you in trouble.

End-to-end encryption renovatescommunications into garbledpieces of codethe moment user presses the send option. Afterthis, the text isnot re-formed into its understandable form until it is received by the recipient. While it’s on its way, the communication is in unreadable form, safe from those prying eyes.

"These end-to-end encrypted platforms are immensely better than those traditional messaging methods.the famous cryptographer, Matthew Greenat Johns Hopkins University says "But encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to, you’re screwed."

At a point it becomes obvious that both the sender and the recipient have access to the encrypted communication—that's the goal. But it is quite easy to forget that user you are messaging can show the messages to somebody else, retain the conversation on the device, ortake screenshots.

Former Trump campaign leader, Paul Manafortfound this ugly truth the hard way, when the FBI tracked messages he shared over WhatsApp from those who received it.

It is also very important to keep track of the number of devices your encrypted messages are stored on. If you sync the chats between, your smartphone and laptop, or have a backup in the cloud, there holds a higher potential of your data being exposed. Services, like WhatsApp and iMessage, either have nudge users or cloud backups set by default to streamline the user experience. Manafortoffered another useful illustration, where investigators had access to his iCloud to match the previous information, along with gleaning new information about the activities. All the chats were encrypted by WhatsApp, but the backups weren’t.

"Digital systems strew data all over the place," Matthew Green, a cryptographer at Johns Hopkins University notes. "And providers may keep metadata like who you talked to and when. Encrypted messaging apps are valuable in that they tend to reduce the number of places where your data can live. However, the data is decrypted when it reaches your phone."

Here operations security plays an important role, the practice of protecting information by holistically considering all the different ways data can be obtained, defending against every single one of them. “opsec fail, occurs when the data gets leaked because they didn't think of a method an attacker could use to access it, or they didn't carry out the procedure that was meant to protect against that particular theft strategy. Relying solely on these encrypted messaging tools without considering how they work, and without adding other, additional protections, leaves some paths exposed.

Kenn White, director of the Open Crypto Audit Project stated "Good opsec will save you from bad crypto, but good crypto won't save you from bad opsec," while referencing theclassic warning from The Grugq, "It's easy for people to be confused."

Eva Galperindirector of cybersecurityat Electronic Frontier Foundation states, "Encrypted communication apps are tools, and just like any other tool, they have limited uses".

In fact, simply choosing encrypted messaging may have unknown risks. Though  Signal, WIRED's secure messaging service, is open source, but it has proved its reliability in 2016 case as the Developers, Open Whisper Systems wasquestionedto having details like user names, telephone numbers, addresses, and email addresses, but Signal retained none of it.

While end-to-end encryption is vital that can thwarting different types of surveillance, we still need to be aware of other avenues the attacker or the government could obtain the chat logs. Even if a service works perfectly fine there can still be avenues from where our communications can be accessed. If you are using any encrypted chat applicationlike Signal for data privacy, no need to worry. But, if you are relying on the conventional messaging options, you are putting yourself at great risk more than you realize it.

source : http://dataprivacycoalition.org/encrypted-messaging-no-magic-but-important/