End-to-end Encryption (Messaging)

From SI410
Revision as of 23:56, 27 January 2023 by Benproe (Talk | contribs) (Complete Signal and Intro)

Jump to: navigation, search

End-to-End encryption (E2EE) is quickly being adopted by more messaging applications as users become more conscious of how secure their digital communications become. The cryptography of each application works differently, but the concept of E2EE is similar for each application. When two users begin a conversation on an E2EE application, a private/public key combination is generated; when messages are sent, the message is encrypted using the public key on the senders' device[1] . Now the encrypted packet can be sent to the server to be delivered to the recipient; only when the message reaches the recipient with the correct private key can the message be decrypted and read. Most End-to-End encrypted messaging applications claim that “Messages are end-to-end encrypted. No one outside of this chat, not even [messaging service], can read or listen to them, [2] ” each service has a different privacy policy that fundamentally changes the amount of privacy afforded to the users. There is little clarity given to the consumer on how secure their data is after it has reached the recipient and, for example, how each company deals with violations of their terms of service or if there are governmental requests for the information. This article seeks to provide information to potential users about the fine print contained within the privacy policy of the applications that promise to keep our messages and personal data safe.

Signal

Signal messenger was initially released on iOS in 2014 and Android in 2015 by Open Whisper Systems (OWS) after combining their existing technologies of RedPhone and Text Secure[3] 

. Signal was the first free service to allow users to make end-to-end encrypted calls, something that would have cost ~4¢/minute on the next cheapest service in 2014.

PRivacy Policies

From the outset, Open Whisper Systems was committed to keeping its users' information private and secure. The service was designed so that OWS could only see when a users’ account had been created, the phone number linked to the account, and when they had last connected to the Signal Servers [4] . Signal can offer privacy that other end-to-end encrypted messaging platforms cannot because it is built as an open-source project; collectively built by developers who are concerned about their privacy and will look for bugs and loopholes that are present within the service.

Governmental Pressures

OWS stood firm on their core values, and in October of 2016 when they received their first subpoena for data on one of their users[5] . The Federal Bureau of Investigation subpoenaed Signal for the records of two individuals who were using Signal as their main form of communication to run a crime ring. Signal did comply with the demand for information, but they were very limited in the information that they were able to provide. Signal only collects data on

  1. The phone number used to create the account,
  2. The time that the account was created and,
  3. The last time that the account was connected to the Signal Servers

Creation Of The Signal Technology Foundation

In 2018, Moxie Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Technology Foundation, whose mission is "to support, accelerate, and broaden Signal's mission of making private communication accessible and ubiquitous"[6] . During this time the Signal Foundation continued on their mission of creating a more accessible private communication system by including support for more devices, still at no cost to the end user. As Signal continued to work on building a private communication system, it started to gain more traction, especially during the George Floyd and subsequent Black Lives Matters protests of 2020[7]. Protesters were worried about how the United States government and police forces would react, and they knew that Signal was time tested in not releasing user data. Organizers were concerned about the privacy policies of competing applications like WhatsApp because “WhatsApp is owned by Facebook, so it makes money off of who is talking to whom, when.” In addition to having the most secure privacy policy, Signal has other features that make it popular among people trying to avoid government oversight, like automatically blurring people's faces in photos.

Signal Protocol

The Signal Foundation (Open Whisper Systems at the time) created the Signal Protocol (formerly TextSecure protocol), an open-source, non-federated cryptographic standard used to encrypt all calls and texts within Signal. The signal protocol is constantly being upgraded to allow developers to incorporate more privacy features in the products they create, including sealed sender which encrypts everything except the address the message is supposed to arrive at, further protecting the users. Numerous closed-source applications have adopted the Signal Standard, including WhatsApp[8] , (some of) Google Rich Communication Services[9] , Facebook Messenger (secret conversations only) [10] , and Skype Private Conversations[11] . Despite private companies using the Signal Cryptographic Standard, they can choose how much metadata they wish to encrypt in the packet, allowing companies to collect more data on their users than what Signal does.

WhatsApp

Privacy Policy

Governmental Pressure

Telegram

Privacy Policy

Governmental Pressure

iMessage

Privacy Policy

Governmental Pressure

References

  1. IBM. (2022). What is encryption? Data Encryption defined. IBM. Retrieved January 24, 2023, from https://www.ibm.com/topics/encryption
  2. WhatsApp Help Center. (2021). About end-to-end encryption: WhatsApp help center. About end-to-end encryption. Retrieved January 24, 2023, from https://faq.whatsapp.com/820124435853543/?locale=en_US
  3. Greenberg, A. (2014, July 29). Your iPhone Can Finally Make Free, Encrypted Calls. Wired. Retrieved January 24, 2023, from https://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/
  4. Delima, D. (2022, July 21). Big Brother: Recent subpoena response reveals exactly how much data Signal collects about you. Hindustan Times. Retrieved January 24, 2023, from https://tech.hindustantimes.com/mobile/news/recent-court-filing-reveals-exactly-how-much-data-signal-collects-about-you-71619595504148.html
  5. Signal Foundation (2016, October 4). Grand jury subpoena for Signal user data, Eastern District of Virginia. Signal. Retrieved January 24, 2023, from https://signal.org/bigbrother/eastern-virginia-grand-jury/
  6. Marlinspike, M. (2018, February 21). Signal Foundation. Signal. Retrieved January 26, 2023, from https://signal.org/blog/signal-foundation/
  7. Nierenberg, A. (2020, June 11). Signal Downloads Are Way Up Since the Protests Began. Retrieved January 26, 2023, from https://signal.org/blog/signal-foundation/
  8. Marlinspike, M. (2016, April 5). Google is rolling out end-to-end encryption for RCS in Android Messages beta. Signal. Retrieved January 26, 2023, from https://signal.org/blog/whatsapp-complete/
  9. Bohn, D. (2020, November 19). Google is rolling out end-to-end encryption for RCS in Android Messages beta. Retrieved January 26, 2023, from https://www.theverge.com/2020/11/19/21574451/android-rcs-encryption-message-end-to-end-betasp
  10. Meta (n.d.). End-to-end encryption. Facebook Messenger Support. Retrieved January 26, 2023, from https://www.facebook.com/help/messenger-app/1084673321594605/?helpref=breadcrumb
  11. Skype Support (n.d.). What are Skype Private Conversations? Retrieved January 26, 2023, from https://support.skype.com/en/faq/FA34824/what-are-skype-private-conversations
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=End-to-end_Encryption_(Messaging)&oldid=113528"