How to Secure Your Online Communication
“Don’t confuse privacy with secrecy. I know what you do in the bathroom, but you still close the door. That’s because you want privacy, not secrecy.” – Fábio Esteves
In this article, I want to provide some tips and insight for online privacy and secure online communication. This is especially important if you are working in or going to “closed nations”, but really it is for all of us.
Why online privacy/security?
Often people will think that they have nothing to hide so why should they bother with security? But it’s not so much about what you have to hide. Would you hand your phone to a stranger and let them look at all your photos? For example, our front yard has a fence around it. So when I play with my boys in the pool, I feel safe but if there was no fence around our yard, I would probably act or play differently. But that is not because I have something to hide.
In his article, Fabio also points out that it is a human right. Article 12 of Universal Declaration of Human Rights states: “No one must be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation.”
Firefox also has some funny videos about online privacy, take a look.
Now that we looked at some reasons why this is important, let’s have a look at some easy steps we can take to work on our online security/privacy.
Make sure you actually have a password, code or fingerprint on your phone or computer. Without a password, anyone can use your device if they get access to it.
Besides passwords, you can often encrypt your devices. This means that the files on your device get scrambled up, making it a lot harder/impossible to get to the data if someone were to get access to it. With encryption, you can now only open/use the files with the right ‘credentials’.
Most new IOS devices have device encryption turned on by default. For Android, often you will have to turn this on yourself. If you want to check if your IOS device is encrypted, you can check the settings explained in this article. For Android, you can follow this article on Android Authority or this one on “How To Geek“.
There is a number of secure apps available for free to securely message friends, family, and co-workers. There are also paid options but I’ll just focus on the free ones.
Secure messaging usually works by encrypting messages either while stored on your phone or also while sent to other users of the same app.
Signal is an open source app for secure messaging that also works for normal texts available for IOS and Android. On Android, you can also make this your default messaging app so the app does normal texts, as well as secure messages to other Signal users. Signal also does encrypted phone calls.
ChatSecure uses the XMPP protocol and because of this you can use public XMPP servers and communication can work between different apps as long as they support the same protocol. For example, you can connect with Google Hangouts or Facebook Messenger but unless both you and the recipient use ChatSecure, it is not secure. https://guardianproject.info/howto/chatsecurely/
Silence is Android only but can replace the default messaging app. It encrypts all messages on the phone and messages to other Silence users are also encrypted when sent.
Ring is still in Beta so it is not very mature yet but it looks interesting as this also allows for (video) calls, media sharing etc. Also, the communication for Ring uses all of its user’s connections to avoid the use of centralized servers.
Why not WhatsApp, Facebook Messenger or iMessage?
WhatsApp announced a while back it was going to start sharing information with parent company Facebook to allow for targeted advertisements. Messages are protected by encryption.
Facebook Messenger only has secured messaging in a separate Secret Conversation mode.
iMessage does use encryption but it is Apple’s own product so we don’t really know how it works or how secure it really is. Facebook Messenger and WhatsApp use the same protocol as the app Signal for encryption.
More recently, apps like WhatsApp, Facebook Messenger, and others have adopted encryption so it doesn’t mean they’re all bad but also not perfect. We also have to look at the companies behind these apps.
Secure email works very similarly to secure messaging, it uses secure connections and encrypts your email. Sometimes you can also send timed messages that self-destruct or send encrypted emails even to users that don’t have a secure email by allowing them to use a preset password. Some of these are available for free and some offer only paid accounts. I personally only have experience with ProtonMail, which has been a good experience.
Starts from $30 per year, with 2GB storage and goes up to $50 and $90 per year, with more storage, better support for your own domain etc.
Hushmail has an annual fee of close to $50 but for that money, you get 10GB of storage, support etc.
ProtonMail has a free account that gives you 1 user, 500MB storage, and a limit of 150 emails a day. Also with the standard ProtonMail domain, you choose between .com or .ch. for 4 euros per month, and with the premium account, you have more storage and other features.
A free account through Tutanota you get 1 user, 1GB of storage and a standard Tutanota domain. A Paid account with more features is 1 euro per month.
VPN stands for Virtual Private Network, a VPN allows you to surf the web anonymously. Basically, you select a location where you want to surf from and to others it will look like you come from your selected location. It works like a secured tunnel connection between 2 devices. Many VPN providers don’t keep logs of your activity. With choosing a VPN you do have to consider where you will be when you use it, speeds may vary depending on your location.
ExpressVPN boasts to be the fastest VPN service in the world, where you can select 136 different locations in 87 countries. Reports online say support and speeds are really good. They are more expensive than some others but some say that they are worth it. $9.99 per month or $99.95 per year (USD)
Also seems like a good option from different reviews, they have servers in 60+ countries. They keep no logs and have 24/7 support. $10 per month and $77.99 per year (USD).
NordVPN is also a service that often is listed in reviews of different VPN services. They have servers in 56 different countries, boast that they encrypt the data twice but that they are also very easy to use. $11.95 per month and $69 per year (USD).
I hope this information helps you to consider what steps you can take towards online privacy or communicating more securely.