Think Your Messages Are Safe? If You’re Not Using the Right App, They Could Be Intercepted

Keep your private messages, phone and video calls, group chats private and secure by using Signal. Beware platforms that don't have end-to-end encryption, your content could be intercepted.

Rightfully so, many Americans are more worried than ever about the interception of their personal communications and what to ensure the privacy and security of who they talk to and what they say.

The answer is simple: Use Signal (Signal.org) to ensure the privacy and security of your messages, phone and video calls, and group messages. 

Keep reading to learn why!

There are three requirements that a messaging service needs to meet to be sure it will protect your communications. It must satisfy the following conditions:

1. End-to-end encryption (E2EE) of the messaging service.

   1. End-to-end encryption means that the message is encrypted from the sender to the recipient, and only the sender and the recipient can see its contents because they are the only ones with the private keys required to decrypt the messages.

   2. To ensure the privacy of your messages, you must also trust the recipient (and trust you have the correct recipient). Since they will receive the unencrypted message, the recipient could copy, screenshot, save, or share it if they wanted to.

2. Trust in the service and the company that provides it.

   1. Do you trust the company that runs the service?

   2. Is the company investing in its software to keep it up to date, address vulnerabilities, and provide updated features?

   3. Is the company operating independently? Will it install “backdoors”, allowing a 3rd party to access E2EE messages?

3. The messaging service is privacy-first.

   1. Does the service have privacy features that protect users?

   2. Does the service responsibly store user data, and is this backed up in their Terms of Service or User Agreement?

Some common services that aren’t E2EE encrypted, where your communication isn’t secure or private!

Most things don’t have end-to-end encryption, because it is more difficult to implement from a technical perspective. I recommend that you assume the platforms you are using are not E2EE, and treat their use accordingly. Verify that a service is E2EE by conducting research before sending sensitive information using it.

1. SMS, MMS, and RCS. Don’t ever use these services. Not E2EE. Learn more about this from my earlier post on this topic: https://onlinesafety.substack.com/p/its-time-to-stop-using-sms-altogether.

2. Almost all email. This includes the most popular free email services like Gmail, Yahoo, and your work email. Although email is encrypted in transit, it does not have E2EE (meaning, for example, that Google or your company’s admin can read your email messages). Privacy & security-forward services like ProtonMail have E2EE for some scenarios, but not all. Not E2EE.

3. Most Telegram messages. There is E2EE for private chats.

4. All of the most popular social media messages and private messages (i.e. Instagram, Facebook, TikTok, Twitter/X). Not E2EE.

5. Slack messages. Not E2EE.

6. Google Meet meetings. Not E2EE.

7. Most Zoom meetings. Some Zoom meetings are E2EE, but the feature has to be enabled in the Zoom web portal. One way to tell: if the Zoom meeting allows phone call-ins, it isn’t E2EE.

Common services that do have E2EE

1. iMessage is E2E encrypted but requires you to share your phone number or email address. It can only be used from one Apple device to another. Backups are also encrypted.

2. WhatsApp is E2E encrypted, but you must share your phone number. Also, make sure you encrypt your backups.

3. Signal is E2E encrypted, and you can now use it without sharing your phone number. Signal only stores messages locally (no backups).

   Subscribed

For non-sensitive communications, iMessage and WhatsApp are fine. However, I highly recommend ONLY using Signal for anything sensitive because iMessage and WhatsApp have limitations.

Here’s why Signal is best

1. Signal is always E2EE, and uses an open source protocol (which can be independently audited for back doors, vulnerabilities, etc.). Signal’s E2EE isn’t optional, it is always there.

2. Signal provides E2EE for messaging, group messaging, audio, and video calls.

3. Signal works and is intuitive to use. It has all the standard features of a messaging app (group messages, emojis, photos, etc.). In fact, my parents were easily able to figure out how to use Signal (and they are in their 70s).

4. Signal is available for iOS, Android, and Desktop and enables linking of devices.

5. Signal is free.

6. Signal is an independent nonprofit, so it is not beholden to big tech companies or shareholders.

7. Signal provides excellent privacy features.

   1. Your phone number is private, and isn’t displayed unless you want it to be.

   2. Signal allows users to use usernames instead of phone numbers. This means that you can set up a secure chat with someone without giving them your phone number. It’s easy to find out who owns a phone number, so initiating a message without giving another contact your phone number provides a huge amount of privacy protection. By the way, you should protect your phone number by getting a secondary one. Check out how in my post https://onlinesafety.substack.com/p/use-a-secondary-phone-number.

   3. Signal allows you to set messages to disappear automatically after a certain amount of time, which you can customize.

8. Signal allows you to store contacts with usernames that only reside within Signal, which can’t be recovered by Signal (meaning that nobody knows who you are chatting with but you).

9. Signal allows you to confirm that the person you are chatting with is who they say they are by comparing safety numbers.

10. Nobody can register a device with your phone number without the Signal PIN (this protects a 3rd party stealing your Signal identity).

11. Signal enables Screen Lock, requiring your phone’s authentication (PIN, Face ID, etc. to access it)

12. Signal support in-app private payments via MobileCoin.

Why not iMessage or WhatsApp?

1. iMessage only works between iPhone users; you don’t always know when you send a message if someone is an iPhone user. You must also share a phone number or email address to message someone.

2. WhatsApp is owned by Meta (formerly Facebook), and I don’t personally trust Meta as a privacy-first company. You have to share a phone number to message someone.

Bonus: How to use Signal’s Username feature

For more detailed instructions, check out Signal’s support guide here.

1. Open Signal > go to settings (upper left) > click on your profile > click on the “@” symbol > enter a username.

   Note: usernames should never include your name, dob, or any identifiers that can be tied back to you.

Setting up a Signal username.

2. Once you have your username, you can protect your phone number by sharing your username with people instead of your phone number to use Signal to communicate!

   1. Here’s how you initiate a Signal chat without sharing your phone number.

      1. Tell someone your username.

      2. Share your QR code (click on the QR code icon on your profile)

      3. Share a link (click on the QR code icon on your profile)

3. Hide your phone number.

   1. Go to Settings > Privacy > Phone number.

   2. Select “Nobody” for “Who Can See My Number.” This means that only people with your number already in their contacts will be able to see it.

      

---

Stay Safe!

Tate