The Internet makes it easier than ever to communicate with others. In a matter of seconds, you can be chatting with someone on the other side of the planet. But what if you want to communicate or send files privately? You need to make sure that you are using encryption.
Encryption, in its most basic form, involves obfuscating information so that no one but the intended recipient can read it. An extremely basic example of encryption is assigning a number to each letter of the alphabet, such as a = 1, b = 2, c = 3, and so on. You can then represent words as strings of numbers, and someone who didn’t know what you’d done wouldn’t be able to read your message!
Of course, that encryption algorithm is quite simple and easy to crack, but you can easily add complexity by changing the assignment of letters and numbers, adding nonsense characters, and the like. Such encryption methods have been used for thousands of years.
RELATED: What is encryption and how does it work?
Modern encryption algorithms work on similar conceptual principles, although the implementation is by necessity much more complex. computers are Excellent in the kind of brute-force guess-and-check approach that is often needed to crack encrypted information. Fortunately for all of us, it has proven easier to create new encryption algorithms than to create computers powerful enough to crack them.
However, the strength of the encryption depends on more than just the strength of the algorithm. How you use encryption is important.
Let’s say you’re messaging someone using an app installed on your phone. The message is sent from your phone to a central server and then forwarded to the recipient. If the message is encrypted as it passes from you to the core server and then from the core server to the recipient, the message is said to be encrypted “in transit.” Encryption in transit is better than no encryption, but it does mean that the central server can read the information you send.
RELATED: Why You Should Use Peer-to-Peer Messaging Apps
A more secure option is end-to-end encryption (E2EE). End-to-end encryption ensures that you encrypt information and can only be read by the intended recipient. No intermediary can read the information you are exchanging. However, it is not foolproof: if an endpoint is compromised, your data will not be safe.
Here is a collection of services that can be used to send end-to-end encrypted emails, messages or files. All the services listed here have been audited by third parties, so we can be relatively sure that they are safe.
ProtonMail is a secure email service based in Switzerland. Everything you upload is stored encrypted and the emails you send are end-to-end encrypted. ProtonMmake itail offers a few different tiers: a free account gives you a gigabyte of storage, a single email address, and 150 messages per day. If you pay for a premium account, you get more storage, access to more email addresses and a custom email domain, and unlimited messaging.
Proton also publishes transparency reports, which describe how often they have been asked to hand over data to the Swiss government.
Thunderbird with OpenPGP (email)
Thunderbird is a desktop email client developed by Mozilla. It serves the same purpose as programs like Microsoft Outlook and Apple Mail, and can fully integrate with just about any email service you use, including Gmail, Hotmail, Yahoo, and ProtonMail, among others.
RELATED: How to use OpenPGP encryption for emails in Thunderbird
Thunderbird comes packaged with Open Pretty Good Privacy, or OpenPGP, built in as of August 2020. OpenPGP is an encryption standard that allows users to be sure of two important things: that the participants in an exchange are who they say they are, and that the information that is exchanged is encrypted and has not been tampered with in any way.
Signal has become the ultimate app for encrypted private communication. Supports text messages, multimedia, video chat and calls. The token is protected using a robust encryption scheme called the Token Protocol. The Signal Protocol itself has been repeatedly audited by third parties and has consistently received good marks. A track record of good performance does not guarantee that the encryption scheme will remain effective in the future, but it is a positive sign.
If you’re looking for a privacy-oriented messaging app with all the bells and whistles we’ve come to expect, there’s currently no better option than Signal.
Telegram, as the name suggests, is another messaging app. Telegram supports voice and video chat, as well as regular text and multimedia messages. It’s important to note that you need to opt in to the app’s “Secret Chat” feature, but after that, all your communications will be encrypted using its internal MTProto protocol.
RELATED: PSA: Telegram chats are not end-to-end encrypted by default
WhatsApp needs no introduction. It is the most used messaging application in the world, with more than 2 billion users. WhatsApp has enabled end-to-end encryption by default for all conversations since 2016. All services offered by WhatsApp are encrypted, including text messages, multimedia messages, and voice and video calls. They’ve even added the option to encrypt your backups, ensuring your conversations stay private, even if your backup falls into the wrong hands.
Warning: End-to-end encryption is not the absolute end of privacy. WhatsApp changed its privacy terms in 2021 to an outright negative response. While WhatsApp can’t do anything with the content of your messages, it still collects metadata and shares it with its parent company, Meta.
Facebook messenger (chat)
Facebook has never been the poster child for privacy, but that hasn’t stopped it from making occasional positive changes. Facebook Messenger, like WhatsApp, supports end-to-end encrypted messages using the Signal protocol. That means that as long as the endpoints are properly protected, your conversations should remain private.
However, it is not enabled in Messenger by default. You have to go to a conversation’s settings to enable it.
Warning: Just because the content of a message is encrypted doesn’t mean that Facebook can’t collect metadata about your conversations.
RELATED: How to encrypt your Facebook messages with the “secret conversation” mode
Apple iMessage (Chat)
Apple iMessage is immensely popular and for good reason. iMessage has supported a host of advanced features for years, including chat reactions, reliable read receipts, and end-to-end encryption. It comes standard on every iPhone as the default texting app: other iPhone users are blue, while everyone else is green. The color difference is more than cosmetic, it actually gives you important information. Blue chat bubbles indicate, among other things, that the message was encrypted between you and the recipient via iMessage, while green messages have been transmitted via conventional SMS, which is notoriously insecure.
RELATED: Why SMS must die
iMessage’s seamless integration with iPhone, combined with the feature set and end-to-end encryption, make it an attractive app, even for Android users.
VeraCrypt is a fork of the open source project TrueCrypt. Veracrypt, like TrueCrypt before it, offers a simple and powerful way to encrypt everything from system drives to backup disks to individual files. It fulfills a very different function from the other apps listed in this article. Those apps are primarily designed to provide end-to-end encrypted communication, while VeraCrypt is designed to allow you to encrypt your files.
VeraCrypt works by creating a virtual encrypted disk that mounts like a real hard drive. Once the encrypted virtual disk has been created, you can move and create files as you would on any other file system. Once you’re done, you can store your encrypted files for later or transmit them, knowing that no one can snoop on what you’re doing. You can even hide all your data in a hidden VeraCrypt volume, if you want to be extra careful.
Of course, the recipient of the file must have VeraCrypt software installed and the password used to protect the file in order to open it.
VeraCrypt is much more convenient than the messaging apps in this article, so getting started with VeraCrypt takes a bit longer.
While there are many services that promise to transmit messages securely, the above are the ones we recommend and trust. Some options, like Gmail’s “confidential mode,” aren’t actually as secure as you might think, while we recommend avoiding lesser-known services that don’t have a strong track record and reputation for privacy and security.