Hi all. I’m looking for a hopefully free messaging app that’s encrypted on the whole shebang. I have a friend in a Middle Eastern country that is looking to get out and also needs to communicate with me by text that can not be searched by his government. His life will depend on this. We both use iPhones so my first question is…is this encrypted enough? If not, what would you recommend or would you still be hesitant? He has no idea where the servers are for his country and what laws would be in place. He definitely doesn’t trust cell phone calls. Any ideas to help me?
I think the best choice is Signal. However, if “caught” with phone one could be forced (under duress) to unlock it and there could be history left. I think Signal can be set to auto-destruct messages, but I have never used that feature.
When it really matters, I might be temped to pay for and use Threema. It’s less common, so that may mean it stands out more, but it may also mean it’s less likely to be noticed at all. You can speak voice (assuming you can’t meet in person) and verify the key of each side, so it’s nearly impossible to man in the middle it.
My biggest concern, no matter which app you choose, is how you know you are getting a safe version and not directed to some “man in the middle” broken version.
Also be aware of the risk of “special attack messages” that install backdoor spyware: https://www.cbc.ca/news/technology/omar-abdulaziz-spyware-saudi-arabia-nso-citizen-lab-quebec-1.4845179
Thank you…I’ll look into Signal. Unfortunately their economy has collapsed and inflation is around 110% right now. He has gone from being comfortably upper middle class to poor within a few months. He’s not in Syria, it’s Lebanon if that makes any difference. Things are heating up with the Revolution that he’s a part of, the collapsed economy and now covid and the explosion at the port. Hezbollah is on the aggression again and if they capture the government, he, as a Christian (Maronite Catholic) will be in severe danger.
I can’t even imagine living like he does! He’s 21 and has attended American University of Beirut with straight A’s. But, like so many there, he’s had enough. He has an escape plan…it’s a good one…and our current method of communicating may not last much longer. We want to be sure we stay in touch, this an alternate method using good encryption.
I’ll make sure to find a legit site to download and send him the link! Glad you pointed that out!
I want to start by quoting you “His life will depend on this”. I think this is a statement most of us cannot really relate directly to. Therefore I will state an opinion that relying on any app or service that is not completely open to scrutiny by experts should be avoided. It may work perfectly, right up until it doesn’t.
Again, an opinion that everyone can shoot holes in. I would suggest all messages be encrypted and decrypted offline by so called bullet proof encryption, and transferred in as private a manner as possible. Something like Veracrypt might be a possibility. If you both use a computer on the same OS, you could consider using Bitlocker. on Windows, and File Vault on Mac. These methods require setting up a shared password one time, probable over the phone or through snail mail.
Another thing to consider is how you would transfer the messages. Obviously you do not want to send them where someone can see them. And though there are encrypted email services, the simple fact a message has been sent is a clue to government agencies that could get their attention. That is why they keep track of all the metadata, so they can detect communication. Me, I would set up an account on a web based email service, again, share the password one time with the other person, and create a folder on that service where we could each simply deposit our encrypted messages. No actual email going across the internet. But than, again, I am not a security expert, just some wanna be geek spitballing ideas.
Anyway, best of luck to your friend.
We ruled out email as he suspects all email is scanned by the bad guys and an encrypted email would raise alarms even if it can’t be read.
I looked into Signal and will test it with my daughter as the one feature I really like is you can wipe the messages when ever you like. This is a pretty safe option as he can receive my messages and then safely delete them when he feels safe to do so. It would never be opened if he was in public.
The government has just shut off wifi in the country so cell service is the only way he can text. It’s still operating for now. If that gets disabled as well, there’s nothing we could do until he leaves. While that would distress me more than him as he knows he safe and I won’t! If they cut off cell service, however, the rioting would get really intense as everyone there uses cell phones.
I’m going to have him look at Signal. He can decide if it feels safe enough. He used to dealing with his corrupt government and is a savvy kid but he’s also not a technical wiz…other than the amount every young person is these days!
Thanks for your suggestions…I’ll see what he wants to do…