Is Your Favorite Private
Chat App Really Secure?



From our earliest history, humans have evolved in ways that keep us safe and comfortable. Our need as a species for comfort and safety has ensured our survival. To make life easier and keep us alive, our ancestors learned to invent and use all sorts of tools, and come up with new ways to protect ourselves from possible threats. In order to survive, we had to find ways to predict future changes and adapt to them in advance. Fire, shelter, and weapons have been some of the many areas in which our innovative skills and inventions have kept us safe and secure. After all, security is one of our most fundamental basic needs, and a major driving force for our continuing evolution.
This evolution in technology continues to the present day.




From our earliest history, humans have evolved in
ways that keep us safe and comfortable. Our need
as a species for comfort and safety has ensured our
survival. To make life easier and keep us alive, our
ancestors learned to invent and use all sorts of tools,
and come up with new ways to protect ourselves
from possible threats. In order to survive, we had
to find ways to predict future changes and adapt to
them in advance. Fire, shelter, and weapons have
been some of the many areas in which our innovative
skills and inventions have kept us safe and secure.
After all, security is one of our most fundamental
basic needs, and a major driving force for our
continuing evolution
.
This evolution in technology
continues to the present day.


An ancient method of secure messaging.
As groups of humans expanded around the globe, entered new territories, and encountered new peoples, we needed to find ways to protect ourselves and our interests. We needed to adapt to survive. Competition for resources and territories grew. For example, to ensure the security of information, people went to extreme lengths. At one time, in Ancient Greece, in order to convey an important message, the hair
of the appointed messenger would be shaved, a message tattooed onto his skin, and his hair allowed to grow again.

With the message safely concealed by his hair, the messenger would finally make his way to the destination to deliver the information he carried. We can consider this messenger to be the first form of encrypted chat—no one knew the message was
hidden under his hair!
This secure messaging method was not ideal, but it worked.
An ancient method of secure messaging.
As groups of humans expanded around the globe, entered new territories, and encountered new peoples, we needed
to find ways to protect ourselves and our interests. We needed to adapt to survive. Competition for resources
and territories grew. For example, to ensure the security of information, people went to extreme lengths. At one time, in Ancient Greece, in order to convey an important message, the hair of the appointed messenger would be shaved,
a message tattooed onto his skin, and his hair allowed
to grow again.

With the message safely concealed by his hair,
the messenger would finally make his way to the
destination to deliver the information he carried.
We can consider this messenger to be the first
form of encrypted chat—no one knew the
message was hidden under his hair!

This secure messaging method was not ideal,
but it worked.
Today, our methods for keeping information secure have evolved considerably—from tattoos to complex computer systems. And security itself has become much broader than it once was; it has expanded beyond simply surviving to, for example, the security of personal correspondence on the web. Personal security remains an element of individual survival, translated into the digital world. It's absolutely necessary to protect yourself with reliable means online or, just like in the days of our early ancestors, we become easy prey. In fact, Hillary Clinton lost her potential presidency for this very reason!


Today, our methods for keeping information secure
have evolved considerably—from tattoos to complex
computer systems. And security itself has become
much broader than it once was; it has expanded
beyond simply surviving to, for example, the
security of personal correspondence on the web.
Personal security remains an element of individual
survival, translated into the digital world.

It's absolutely necessary to protect yourself with
reliable means online or, just like in the days of
our early ancestors, we become easy prey. In fact,
Hillary Clinton lost her potential presidency for
this very reason!


These messenger apps use approximately similar encryption algorithms.
Modern humans are luckier than our primitive counterparts. Security technologies are widely available and include a huge variety of tools that increase security. Let's consider the most secure messaging apps 2019 such as WhatsApp, Signal, Viber, Threema, Facebook Messenger, Hangouts, Wire,
and so on. These messenger apps use similar encryption algorithms such as DES and AES to encode the messages and elliptic cryptography, RSA, and the Diffie-Hellman algorithm for encryption keys exchange.

These messenger apps use approximately similar encryption algorithms.
Modern humans are luckier than our primitive counterparts. Security technologies are widely available and include a huge variety of tools that increase security. Let's consider the most secure messaging apps 2019 such as WhatsApp, Signal, Viber, Threema, Facebook Messenger, Hangouts, Wire,
and so on. These messenger apps use similar encryption algorithms such as DES and AES to encode the messages and elliptic cryptography, RSA, and the Diffie-Hellman algorithm for encryption keys exchange.

But Are These Algorithms Good Survival Tools in the Digital World?
But Are These Algorithms Good
Survival Tools in the
Digital World?
Each of these private messengers has its advantages and disadvantages. And for each, there are a large number of qualitative comparative tests, but they do not fully take into account several very important factors, and therefore the assessment of security quality may be inaccurate. Namely, these factors are:
Each of these private messengers has its advantages and disadvantages. And for each, there are a large number of qualitative comparative tests, but they do not fully take into account several very important factors, and therefore the assessment of security quality may be inaccurate. Namely, these factors are:
1
Encryption
The cipher used to encode the messages. Most systems use the AES algorithm or its modifications, which is considered to be quite reliable. Does it provide unbreakable encryption? No, because any block cipher can theoretically be cracked by brute force attack. Due to this, it's clear that the most reliable messenger app will be one that uses the most reliable cipher for security messaging.
2
Key transmission
The method of encryption keys transmission. Common modes of encryption keys transmission (RSA algorithm and its modifications) will be vulnerable to hacking by quantum computers very soon, perhaps tomorrow. No one can say for sure when it will occur; there are only assumptions of when it will happen. And there is no way out of this situation yet. To date, even in the NIST post-quantum project there is no ready and proven solution for this problem. Therefore, we need the most secure method for transferring keys.
3
Independence
User security. If the traffic goes through the developer's server, even if's encrypted the developer has the potential to track your traffic, behavior, and metadata. Telegram, an advertised and free service, spends $1M monthly on infrastructure. But why haven't they gone bankrupt yet? How can you call the best encrypted messenger safe if it theoretically has the ability to monitor users? The most secure messenger should not be able to monitor your actions.
1
Encryption
The cipher used to encode the
messages. Most systems use the
AES algorithm or its modifications,
which is considered to be quite
reliable. Does it provide
unbreakable encryption? No,
because any block cipher can
theoretically be cracked by brute
force attack. Due to this, it's clear
that the most reliable messenger
app will be one that uses the most
reliable cipher for security messaging.
2
Key transmission
The method of encryption keys
transmission. Common modes of
encryption keys transmission
(RSA algorithm and
its modifications) will be
vulnerable to hacking by quantum
computers very soon, perhaps
tomorrow. No one can say for
sure when it will occur; there are
only assumptions of when it will
happen. And there is no way out
of this situation yet. To date,
even in the NIST post-quantum
project there is no ready and
proven solution for this problem.
Therefore, we need the most
secure method for transferring keys.
3
Independence
User security. If the traffic goes
through the developer's server,
even if's encrypted the developer
has the potential to track your
traffic, behavior, and metadata.
Telegram, an advertised and free
service, spends $1M monthly
on infrastructure. But why haven't
they gone bankrupt yet?
How can you call the best encrypted
messenger safe if it theoretically
has the ability to monitor users?
The most secure messenger should
not be able to monitor your actions.
Certainly, many of the existing secure messaging apps are good, but they're far from perfect. These secure messengers increase survival, but do not guarantee it.
Certainly, many of the existing secure messaging apps are good, but they're far from perfect. These secure messengers increase survival, but do not guarantee it.
The Formula for the Best Secure Chat App Is Very Simple. We Just Need to Try to Combine These Three Conditions.
The Formula for the Best Secure
Chat App Is Very Simple.
We Just Need to Try to Combine
These Three Conditions.

The First Vital Component in Private Chat Is the Encryption Algorithm (Encoding) of the Transmitted Messages.

Currently, the strongest cipher is the Vernam cipher or one time pad. It is the only cipher that has absolute cryptographic strength, which was scientifically proven in 1949. There's still no code safer than the Vernam cipher. Logically, if the messenger uses another method of encryption, it cannot be called the best secure chat app.
Currently, the strongest cipher is the Vernam cipher
or one time pad. It is the only cipher that has
absolute cryptographic strength, which was
scientifically proven in 1949. There's still no
code safer than the Vernam cipher. Logically,
if the messenger uses another method of
encryption, it cannot be called the best
secure chat app.

The Second Vital Component Is the Way of Exchanging Encryption Keys.

A personal meeting is the most reliable way for encryption keys transmission.
From a private messenger security perspective, the most reliable and easiest way to transfer encryption keys is
a personal subscribers' meeting. It completely eliminates
the possible risks of key interception in the network. Even
a quantum computer is powerless with this method! Moreover, the simpler the system, the more reliable it is. Each additional link in the system is a potential place to attack. If you completely refuse keys transferring through
an insecure network environment, the reliability of the private chat app increases significantly.

Almost all existing encrypted chat apps place a focus on convenience, which is very commendable, but convenient doesn't always mean safe. Some might say that a personal meeting might be an inconvenient way to improve the safety and reliability of the safety messaging app. But remember that we're talking about a security system designed to provide the greatest possible mobile security.

The user always has a choice between convenience and security. Shaving your head
and tattooing information on your scalp isn't exactly a convenient process either, but it was
an effective way of securely transmitting information for a long time! Survival can be inconvenient at times, but the one who takes the right steps will invariably come out on top.
A personal meeting is the most reliable way for encryption keys transmission.
From a private messenger security perspective, the most reliable and easiest way to transfer encryption keys is
a personal subscribers' meeting. It completely eliminates
the possible risks of key interception in the network. Even
a quantum computer is powerless with this method! Moreover, the simpler the system, the more reliable it is. Each additional link in the system is a potential place to attack. If you completely refuse keys transferring through
an insecure network environment, the reliability of
the private chat app increases significantly.

Almost all existing encrypted chat apps place a focus
on convenience, which is very commendable, but
convenient doesn't always mean safe. Some might say
that a personal meeting might be an inconvenient way
to improve the safety and reliability of the safety
messaging app. But remember that we're talking about
a security system designed to provide the greatest
possible mobile security.

The user always has a choice between convenience
and security. Shaving your head and tattooing
information on your scalp isn't exactly a convenient
process either, but it was an effective way of securely
transmitting information for a long time! Survival
can be inconvenient at times, but the one who takes
the right steps will invariably come out on top.

The Third Vital Component of Encrypted Chat Is the Messaging Infrastructure.

Users can use сloud services as an independent server from the developer.
As mentioned earlier, not a single byte of information should fall into the developer's hands. The confidential chat app should only use an independent infrastructure that is not controlled by the developer. Cloud services such as Dropbox, Onedrive, PCloud, Google Drive and many others have become very popular methods of sharing and syncing. They are convenient and easy and safe to use. Is it possible to use them as a tool for private messaging app?
The answer is … yes! An encrypted messaging app may use protected cloud services like an independent server from the developer.

In such services, there is a familiar mechanism called a shared folder, which is perfect for this role. In such a scenario, the encrypted messenger encrypts your message and sends it to your shared folder in your account. Your chat partner downloads the message from the shared folder in his/her account, decrypts it, and reads it. After that, the encrypted message is deleted from the shared folder and from both devices. You control your folder and can choose who can access it, which completely eliminates spam. What could be easier and more reliable?
Users can use сloud services as an independent server from the developer.
As mentioned earlier, not a single byte of information should fall into the developer's hands. The confidential chat app should only use an independent infrastructure that is not controlled by the developer. Cloud services such as Dropbox, Onedrive, PCloud, Google Drive and many others have become very popular methods of sharing and syncing. They are convenient and easy and safe to use. Is it possible to use them as a tool for private messaging app?
The answer is … Yes! An encrypted messaging app
may use protected cloud services like an
independent server from the developer.


In such services, there is a familiar mechanism called
a shared folder, which is perfect for this role. In such
a scenario, the encrypted messenger encrypts your
message and sends it to your shared folder in your
account. Your chat partner downloads the message
from the shared folder in his/her account, decrypts it,
and reads it. After that, the encrypted message is
deleted from the shared folder and from both devices.
You control your folder and can choose who can
access it, which completely eliminates spam.
What could be easier and more reliable?
Through our research, we have discovered that the possibility of independent and secure communication exists and can be used right now.

A Messaging App Built on the Ideas from the Formula Above Will Provide
Secure Conversations Even into the Quantum Era.
A Messaging App Built on the Ideas
from the Formula Above Will
Provide Secure Conversations
Even into the Quantum Era.
The Quantum computer IBM Q.
Those users valuing security over convenience can use such a protection tool and take advantage of this great opportunity to prepare in advance for a problem that will hit us in the not-so-distant future. The biggest problem is that when this quantum computer appears, it will have the ability to decrypt messages that were sent many years ago. Suppose that in 2027 somebody wants to know what the user was writing in 2019. Using a quantum computer, they can easily hack into everything that is protected by the RSA today.

All the "secure" messages sent through the network now will be there forever, so it won't be a problem to find and decrypt them. That's why it's so imperative that users begin to look at alternative methods of secure messaging now.
The Quantum computer IBM Q.
Those users valuing security over convenience can
use such a protection tool and take advantage of
this great opportunity to prepare in advance for
a problem that will hit us in the not-so-distant
future. The biggest problem is that when this
quantum computer appears, it will have the
ability to decrypt messages that were sent many
years ago
. Suppose that in 2027 somebody
wants to know what the user was writing in 2019.
Using a quantum computer, they can easily hack
into everything that is protected by the RSA today.

All the "secure" messages sent through the network now will be there forever, so it won't be a problem to find and decrypt them. That's why it's so imperative that users begin to look at alternative methods of secure messaging now.
Would it be right to conclude that all of our existing secret messengers are already under threat? Absolutely. Today, the existing leaders in the field of secure messengers are no longer safe—not necessarily because they have already been hacked, but they will be in the not-so-distant future. If you'd like to avoid the consequences of this threat to encrypted messaging security, take care to use the right encryption tools … and start protecting yourself today.
Would it be right to conclude that all of our existing
secret messengers are already under threat?
Absolutely. Today, the existing leaders in the field of
secure messengers are no longer safe—not necessarily
because they have already been hacked, but they
will be in the not-so-distant future. If you'd like
to avoid the consequences of this threat to encrypted
messaging security, take care to use the right
encryption tools … and start protecting yourself today.