Follow the content below on how to protect batteries on your phone and understand why high-quality cryptography is not enough

In Kaspersky Blog, we publish several comparisons of secure messaging applications with end-to-end cryptography, we share recommended configurations and we describe the respective faults of these applications. But are people who want secure applications, rather than just technology connoisseurs? This blogpost is for them – based on an extensive study and published report entitled What is safe? carried out by a group of specialists from the Tech Policy Press and Convocation Research and Design agencies.

The report contains recommendations for users and developers. But since everyone has not read all 86 pages of text, we summarize the main conclusions of the article below.

Object of study

Researchers interviewed groups of users in Louisiana, the United States, and in Delhi, India, to determine the strengths and weaknesses of current messaging applications. The following popular forum applications reviewed:

• Apple iMessage
• Meta Messenger (Facebook)
• Google Messages
• Signal
• Telegram
• WhatsApp

The study focuses on how humans respond to application guidelines and how we understand the meaning of each resource. Most importantly, the interviewees were asked about specific questions and how they know that secure messaging applications can only be used in their lives. Some two interviewees said they were concerned about the possibility of physical violence, such as domestic violence, in relation to messages, while others fear persecution by the authorities. This has an important effect on your perception of “safe”.

Discover key

End-to-end cryptography is just one aspect of security. Encrypted messages will not solve all the problems that an American user is having. Therefore, it is necessary to think of a strategy against motivated opponents. Is there a risk of your phone being learned? Are you at risk of being forced to unlock it? Do you fear that someone is trying to obtain data from the company that owns the application through litigation or court order? Or infect your phone with spyware? Would it be easier for the bandits to try to extract the dice from the person who you are talking to? For many, the answer to every question above is not, therefore, an encrypted messaging application provides sufficient security on its own. Even though your answer is simple, there is no reason to give up cryptography and secure messages: they only need to be one layer of your defenses.

As you further point out, researchers recommend that groups of vulnerable users take various technical measures (more on the subject below), but, most importantly, do not carry their phones in locations where they can be physically learned or unlocked forcibly. We suggest getting a second phone for these dangerous places.

Good advice about secure messages

The greatest secrets are best revealed face to face. This digital communication method is completely secure. Therefore, the most dangerous information – especially whether it is represented by a heart in health or life itself – must be discussed personally, not in a debate.

Do not make decisions blindly. Users make conscious efforts to protect their privacy, but generally rely on popular opinion about security – not on verified sources. We rarely read the documents that accompany the message applications: terms of use or reports of transparency and sharing of government data. Check carefully to see if your message service is really useful and where you can share data and share information in the past. These information can be found in transparent reports.

Carefully review the configuration of the application. Understand each setting and activate all the safest options. Know which parts of the privacy settings can be hidden in the phone settings (especially for iMessage on iOS and Google Messages on Android) or some of the application settings (typical on Telegram).

Avoid hybrid modes. Various messaging applications offer support for encrypted and non-encrypted messages. In iMessage and in Google Messages, you can send open texts and encrypted messages in the same chat; However, this is one more idea, because these types of messages are always confusing. Both Messenger and Telegram have separate encrypted and non-encrypted modes, as well as the non-encrypted mode used by everyone. The journal recommends the use of messaging applications based on total cryptography: Signal or WhatsApp.

The more resources – the greater the risk. Extra resources, such as stories, bots or links for social network services, provide extra surveillance channels and data storage. It is best to deactivate these types of resources.

Desative link visualization, geolocation sharing and GIFs. At the same time, these resources are useful, but they can be used to track it in various places, including linked sites. Another potential streaming channel is to find and share GIFs in chats.

Messaging applications that work without a phone number in your possession. This includes, at certain point, Telegram, Messenger and iMessage, but some effort may be necessary to configure each user to use their internal username or email as an identifier during the process. According to the report, WhatsApp and Signal we also plan to add a resource like this.

Use disappearing messages. The most finicky among us can allow chats to be automatically excluded after a short period of time, like a minute. Unfortunately, in all applications of messages there are options such as these and, in some cases, the shortest visibility period is 24 hours. As messages that disappear we do little to protect it from cloth captures or other ways in which the bats can be saved. The automatic exclusion of messages is useful if you believe that you will receive your phone soon.

Encrypt bate-papo backups. Backups are new on a frequently downloaded channel, so it is imperative that they be encrypted (something that needs to be activated manually on WhatsApp and on iMessage), saved locally (for example, on an SD card if you are using an Android phone) or completely unlinked. Any local backups must also be encrypted.

CCompare the cryptographic keys with the people you talk to. This procedure is called Verification of Contact Password (not iMessage), Security Numbers (not Signal), Security Code (not WhatsApp) and Cryptography Key (not Telegram) and helps ensure that you are conversing with a certain person – using the correct device. Cryptography keys can be verified for each bate-papo by comparing codes or meeting them face to face.

Protect yourself against computer invasion by activating the authentication of two factors. This resource offers several names, such as verification in two stages, registration PIN or any other, but the essence remains the same: login in the same way counts on a new device requiring an extra verification stage.

Train as people with whom you speak. This is critical for groups that discuss sensitive issues. We also require that all members share and observe the following ethics and safety rules:

• Do not send messages with confidential information
• Do not capture material or copies of information in chat
• Support a culture of privacy within the group
• Use the application settings with knowledge.

SOURCE: Kaspersky Blog

We are Software.com.br, Official Representative of Kaspersky in Brazil and also a reference in technology solutions for the corporate world in Latin America. Count on our consultants specialized in Software Licensing, Cybersecurity, DevOps, Infrastructure and Data Analytics.

See more about Kaspersky on our site: Software.com.br