Signal instant messenger app — now on all my platforms!

This is my White Whale: a messaging application I can use securely on any device I own, mobile or desktop, and any device my recipients are likely to own.

Recently, Open Whisper Systems released the iOS version of their Signal application that allows users to synchronize contacts and messages to a desktop application running as a Google Chrome app. Finally! I can send a message typed in through a full-sized keyboard and it will arrive on Sarah’s iPhone, or my parents’ Android phones, or any of their computers. It will arrive securely and without anyone or anything scanning it for marketing or surveillance purposes. Continue reading Signal instant messenger app — now on all my platforms!

More thoughts on consumer privacy and electronic communication

The Guardian and NDR are reporting allegations that Google handed over journalists’ private personal data en masse in response to “catch-all” warrants against WikiLeaks’ employees, and then was not allowed to inform its clients, the journalists, that it did so for more than two years. On the NDR article page you can watch an interview in English with Sarah Harrison, an editor at WikiLeaks.

WikiLeaks’ founder asserts that Google was complicit in the USA’s violation of its own constitution. I am not a lawyer, journalist, spy, political agitator, or hacker1. But the slippery slope facilitating that hand-over of data, irrespective of its legality, creeps me out. Continue reading More thoughts on consumer privacy and electronic communication

  1. in the criminal sense. But I do try to make software do what I want it to do where I am allowed to, so I guess I am a hacker in that sense. []

Who else is reading my messages to you?

I have never been a Facebook user. I think that surprises a lot of people, but it’s true. I heard about Facebook around 10 years ago in the midst of an intercontinental move and a big career change. It sounded too much like the high school snobs invading my refuge of online communities, and so I didn’t pay any attention. When it caught on among pre-teen and post-fifties users, and everyone in between, we took a look and decide it was way too ugly to spend any time with. Then privacy concerns started to arise:

  • intensely personal stuff leaking out onto advertisers’ radar, or into public view
  • drastic revamps of data collection policies in quick succession
  • user-unfriendly opt-out mechanisms

A lot has changed, of course. Facebook hold-outs are the exception now, not the norm. Just so we’re clear: I’m not judging anyone. 1 It’s got broad appeal and usefulness for a lot of people, and I miss out on a fair amount of social info by staying away from it.

I am not TedMy Facebook abstinence may seem on the surface like just one step down the kooky road to technology paranoia. I’m interested in the technology of communication primarily, but secondarily uncertain about the implications of big companies and their privacy policies. And the recent purchase of WhatsApp by Facebook doesn’t leave me with a warm fuzzy feeling of trust that you and I are the only ones reading the messages we exchange.

What have I got to hide?

I am sure I don’t have any need to hide my communication from any foreign or domestic government agency. I’m not running a spy ring or acting as a go-between for any freedom fighters resistance movements, terrorist cells … um, dubious third parties. But I’m not sure I trust those big companies (Facebook, Google, Microsoft, Apple) and also smaller ones (Dropbox, LinkedIn, Xing, perhaps Twitter)

  1. to handle my data with MY best interests in mind, and
  2. to keep my stuff2 safe from external prying eyes

What’s in it for me?

Who benefits when their machines read my stuff? They suggest new professional contacts or funny tweeters to follow or car rental agencies for that next vacation we’re thinking about. To a rather limited extent, Clippy letterI guess that’s a perk for me. More often though, when I want more, I seek it out myself. I tend to get annoyed when a real, live person pigeon-holes me directly — I find such behavior by a machine intensely disturbing. But I think they stand to gain a lot a lot more than I do. Maybe that’s the cost of using those otherwise-free services. I read somewhere that when a profit-oriented company offers you a free product or service, YOU are the commodity being exchanged. At least Clippy gave you the option to tell him to take a hike. Buying a license to use that software resolves any qualms I might have about that.

What am I going to do about it?

I’m not turning into a recluse or a vigilante or an rms-accolyte (despite my choice of selfie above and the recent beard). But I am considering my choices of technology providers perhaps more carefully than I or others have in the past. Using Threema instead of WhatsApp is part of that.

I read a couple of good articles on this topic recently:

Threema keeps your short messages encrypted all the way from your mobile device (Android or iOS) to the recipient. It’s a tiny company making smart choices about the technology they use to ensure that. They can’t turn over your message contents to any other party (governmental or hacker), because they can’t.

  1. They don’t log them.
  2. Even though the messages temporarily reside on of their servers while awaiting retrieval by the recipient, they are in an encrypted state, and only the recipient can decrypt them.

Yeah, but what about email?

Another part of that security-conscious electronic communication is using email in an encrypted way. That’s much harder to implement: effective security is not simple, and vice versa. 4 While you can use Threema to send short text messages or videos or pictures from your phone (or iPod touch, though I haven’t tried that yet) à la WhatsApp, you can’t use it to send just any file securely. Encrypted email is a really good choice for that.

Other apps and services?

Skype (owned by Microsoft), Facetime (owned by Apple), Google Talk (owned by…you know), LinkedIn, Last.fm, Spotify also potentially capture stuff about me. And I have explicitly signed up for that. Do I mind? Yes, but not enough to not use their services. When it’s pure text, written by/to me, I see a bigger risk of invasion of my privacy than what could come of

“We noticed you like Led Zeppelin. How about this Allman Brothers Band playlist?”

If Facetime or Skype starts parsing my phone calls with my parents (is that even possible? Let’s ask Siri.), you can be sure I’ll find another way. I don’t use the other social networking services much. I peek in there every now and then to see if I’m missing something. So far, so good.

And the Regensblog? Twitter?

Those are intended for public consumption, but the content is supplied by the end user. 5 We’re conscientious about not revealing more about ourselves via those services than our comfort levels allow. So extra layers of technical security seem pretty useless there.

Does this mean I’m not going to use WhatsApp anymore?

Not really. It means I’m going to prefer other means — Threema for now, but if something better comes along, I’d consider that, too — but I’m not ready to cut myself off from the majority of WhatsApp users. The bottom line is that this topic doesn’t stick in everyone’s craw, but that doesn’t mean I want to lose touch with them. If you have my mobile phone number, you can still reach me on WhatsApp, but be prepared for me to suggest we keep it just between you and me.

What’s your take on all this?

Am I way off-base here? Idealistic beyond any realistic expectation? How have you managed to reconcile your own sense of privacy with the desire to stay in touch with friends and family? I would love to hear another perspective. Let’s chat. Right here, out in the open.

  1. Except Facebook, and similar companies with too much interest in my details, I guess. []
  2. What kind of stuff? Travel plans, insurance policies, bank statements — super boring stuff, unless you’re perpetrating identity fraud, right? []
  3. German for “Threema: an app to annoy the NSA” []
  4. Still, if you would like to exhange email with me and guarantee that no one else can read it — neither a governmental agency nor a hacker infiltrating a mail server — let me know that I am happy to help you set it up. It can work nearly seamlessly in email programs on Windows, Mac OS or Linux alongside plain old email traffic. For a lot of people, the big catch is that encryption is hard or impossible to implement on top of webmail systems like Gmail or Yahoo! mail, but the barrier to entry is much lower on stand-alone mail clients like Apple Mail, Microsoft Outlook or Mozilla Thunderbird. []
  5. It stings when you accidentally confuse a public tweet and a direct message, but an ID-10T error can happen to anyone. []