By now you should’ve learnt about the key points to analyse before choosing an instant messaging app and those apps we advise against as well as three apps we like a little more, but there are a lot of nuances to add at the end of this series. In this last chapter, we will discuss how to use the applications and how you should analyse what you communicate online.
To start with, let’s quickly talk about threat modelling. Threat modelling is an easy way to understand what level of security you need. Someone who simply uses their phone for trivial things does not have the same threat model as a journalist reporting on human rights or as an activist targeted by the government. Because an increase in privacy and security comes with the tradeoff of less usability, one should understand their threat model and act accordingly.
When we have talked about applications that respect your privacy, they are very good at avoiding big corporations to steal your data, and moderately good at stopping governments from targeting a big majority of people. What we mean with this is that anyone talking to their friends about how good last night’s party was should avoid using Instagram direct or WhatsApp not because they are concerned about their security being compromised, but because those companies make a profit from selling our data, and the more technology self-defence we practice as a community, the less powerful those mega-corporations are.
That does not mean that you should discuss illegal activities on signal. When thinking about what you should or shouldn’t say on a messaging app, ask yourself “do I ever want this message to be read in court?” If the answer is no, DO NOT send it.
No application is safe if there is spyware installed on your devices, which means that if your threat modelling puts you as a vulnerable target to spearfishing attacks by industry or governments, you should take extra steps, like only communicating about specific things face to face in a public space and not messaging anything online, regardless of how encrypted the messaging app is.
If you need to use technology to discuss things that you believe are a concern, you should take a few extra steps. Using a burner device that will be disposed of after the action, or after all the information has been gathered to write an article might be a good solution. Throwaway accounts that are not connected to any identifying information like emails or telephone numbers (using Session could be a great idea for that) is also a useful suggestion.
Within those communication apps, you can also toggle on-screen security, which would stop the application from allowing screenshots. This would help if there is spyware installed on your device that is trying to record your screen.
A quick note on “code” communication. There was a whole ass Cold War going the last century, with many intelligence agencies spying on each other. Your code words to describe situations “There is a lot of lemonade in my shopping trolley” will be easy to decipher by a judge, let alone an intelligence officer. Just don’t.
Ultimately, it is up to you to decide how much information you are putting on your device. Encryption means nothing if someone is directly spying on your phone, and if you wouldn’t say in front of a cop what you’re about to type to your mate, just don’t type it. Meet with them, have a chat whilst you walk around in the woods WITHOUT your phone and agree on your next meet up date face to face.
For everybody else who does not feel the government is a direct threat to their privacy, data companies ARE a direct threat to your privacy. This is a major problem that involves us all, and you should practice community self-defence. Ditch those spying apps from your phone and move over to stuff that respects you and your friends a little more. It only takes about a week to get used to a new application!
PRIVACY IS SELF DEFENCE!
UA Tech&Sec support.
PS: We spend a great amount of time and energy learning to teach the public about this kind of stuff. If you appreciate our work, please consider donating to our project. UA is everybody, and within all of us, we can make a platform that will hopefully help in the revolution. Monero and Bitcoin donations are recommended (find our wallet addresses on the website), but if you can’t we also have PayPal and Patreon.