Blog
SafeSwiss
Is your secure messaging service abusing your privacy?

Is your secure messaging service abusing your privacy?

Why don't we re-encrypt messages with keys generated offline? Because it's a terrible idea. It's akin to storing plain-text passwords on your email server instead of salt-hashing them, it's as absurd as using WEP encryption on your router that a 14-year-old hacker with a homemade wardriving unit could crack in around five seconds.

Encryption needs to happen in real-time or else it's worthless

However, this is exactly the thing that WhatsApp - the messaging service that over 1 billion people use - decided to do, presumably because they don't understand the definition of security. As always happens, hackers eventually discovered the flaw and exploited it, allowing them to intercept and browse through encrypted messages in the service.

This isn't an entirely uncommon practice, but what makes this situation unique is the zero-disclosure to individuals when their encryption key changes. This means anyone with access to encryption keys can force messages sent and received to be re-encrypted using the new key - without any notification to the individuals using the service.

Because Whatsapp servers can simply forward entire conversations when re-encrypted offline, the security of the entire service is compromised. This makes all data easily accessed -  by anyone with a request order, such as any government in the world. 

Governments often request access to private communications.Governments often request access to private communications.

What matters is transparency in security

The history of encryption is rife with these situations. 

When the Advanced Encryption Standard (AES) cipher was introduced in 1998, it was considered US property - even using AES to encrypt something outside of the US was highly illegal and classed as trafficking munitions.

In 2014, the US Government imposed a $750,000 fine on an Intel subsidiary for exporting encryption to Russia, Israel and China.

The argument for and against encryption is driven by access to information by government agencies. Governments argue that banning encryption will help fight terrorism.

The counter argument is that you can't improve security by undermining it through banning encryption - which finance and many other industries rely on. As recent as 2014, the US Government imposed a $750,000 fine on an Intel subsidiary for exporting encryption to Russia, Israel and China. 

At the heart of the matter is the privacy of the individual, forcing many companies such as Reddit, Protonmail and Wickr to post an updated warrant canary - an arbitrary law-bending message that indicates there hasn't been a request for information on service data. 

Why encryption is central to SafeSwiss

If companies claim that they offer true encryption, vulnerabilities to the service need to be made clear when they arise.

At SafeSwiss, security is paramount, with our service applying military-grade encryption to all voice calls, text-chats and data exchanges including documents, pictures and video files. If you need a secure method of communication, choose safety with SafeSwiss.

Archives

Available Now

Download the iphone app store
Download the Google Play app store
Download the Windows app store

Home | FAQ | Blog | Company Profile | Contact | Privacy Policy