As it stands now, without government intervention, your iPhone’s text messages are more secure than email. Why? How? Apple builds end-to-end encryption (E2EE) into Messages. That’s good, right? Secure, too, right?
Not. So. Fast.
As always in humanity– and everything about our devices and online activities are created by humans, for humans– there are loopholes. Jason Graham:
There are varying degrees of privacy or protection among the chat and communication platforms.
It’s never perfect and never absolute, but there are degrees of privacy and security. Apple’s Messages provide more each than basic email which is not encrypted by default. However, encrypt your Mac to prevent access, and that means messages– only on your Mac– are encrypted and protected, too.
Encryption, says Apple on its website, is used to protect trillions of online transactions every day, for shopping, paying bills and communicating with programs like its own iMessage or FaceTime, or Facebook’s Whatsapp.
Encryption used to be protected and unavailable to the masses of humanity because it was considered munitions, therefore, protected by the government, used only by government agencies.
Those days are gone.
Today, encryption in one form or another is ubiquitous. Criminals, hackers, and terrorists are no longer required to use general email or text messages to remain hidden from the law and authorities. They can roll their own encryption. They do roll their own encryption.
Still, that hasn’t stopped authorities from trying to find ways to dominate citizens.
U.S. Attorney General William Barr:
We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity
The real problem with end-to-end encryption is the other end. Your messages might be secure on your iPhone but may not be secure on someone else’s iPhone.
It’s even worse beyond Messages.
Messages written via popular web programs like Google’s Gmail, Microsoft’s free version of Outlook or Yahoo Mail are not encrypted by default, nor is government or corporate e-mail.
Even if it was, one unencrypted source could reveal messages from anyone else. What’s required is end-to-end with no hole in the middle or weakness at either end.
There are ways.
Signal, Wire, Rakuten Viber and Whatsapp are popular apps to look to for secure encrypted written and spoken conversations. Yes, the same Whatsapp that’s owned by Facebook, the company that’s apologized many times for security breaches.
For times when I must have secure communications, I rely on Signal.
State-of-the-art end-to-end encryption (powered by the open source Signal Protocol™) keeps your conversations secure. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.
The only weakness is the same as any other encrypted device. The other device.
That led me to what I call an axiom of online life. Nothing online is private and secure. There are only varying degrees of privacy and security.