What are the features of a secure and private communication service?@erotavlas
This article analyses the security and confidentiality features of the most commonly used communication services or applications.
Note: the comparison is made between WhatsApp (the most widespread 1.5 billion users), Telegram (the most secure and widespread 250 million users), Signal and Wire (the most secure and confidential) according to world statistics. A comparison in terms of functionality is available at this address.
Remark: for any communication service or application, absolute security and confidentiality do not exist. In fact, the use of secure and confidential communication techniques and protocols does not guarantee the absence of defects or bugs in their implementation. Moreover, any service or application requires trust in the service managers and in the following aspects:
- Design and implementation of a secure service;
- Absence of security and backdoor vulnerabilities;
- Presence of source code and possibility to verify the correspondence between it and the application;
- No changes to the application by the source from which it was downloaded;
- No incentive or reason not to protect user data;
- No will or impossibility to deliver user data to the authorities.
- Communication technique
- Communication protocol
- Software license
- Data storage
- Registration and authentication methods
- Contacts management mode
- Business model
- Censorship resistance
- Metadata collection
- Vulnerabilities list
- End-to-end or e2e encryption: encryption protection allows data to be read only by users who are communicating. No third party can read or alter data that is only stored in devices. Application: Signal, Telegram (secret chats and calls), WhatsApp, Wire. Note: the use of this type of encryption still requires the presence of a server to deliver data (messages, images, audio, video, files, etc.).
- Client-server or cloud encryption: cryptographic protection allows data to be read by the managers of the server where it is stored. Application: Telegram (private and group chats, channels).
- No encryption: no cryptographic protection. The data is transmitted unencrypted over the Internet.
Analysis: in theory, e2e encryption does not require any trust in the server that cannot read the data unlike client-server encryption. In practice, e2e encryption suffers from the MITM threat. Communication between users is only secure if it is possible to verify the fingerprints of the encryption keys (fingerprint) of the devices used. The verification allows you to ascertain the identity of your interlocutors and requires a secure channel (meeting in person). If not verified, e2e encryption requires trust in the server. In addition, in e2e encryption, adding a new device to the device group or installing the application again on the same device requires re-verification Trust On First Use (TOFU).
Signal and Wire notify the change in the encryption keys and require confirmation from the user to continue the communication. WhatsApp have this notification disabled by default and does not require any confirmation. Telegram closes the secret chat if the encryption key is changed (this is not possible for other applications as they have no alternative to e2e chats). In addition, Telegram in calls shows the encryption key using emoji easily verifiable.
Conclusion: e2e encryption is always preferable to client-server encryption as long as you can verify the identity of your partners. Otherwise, e2e encryption loses its effectiveness and remains susceptible to MITM attacks.
- Signal protocol: is an e2e encryption protocol, open and formally verified. It uses the cryptographic primitives Curve25519, AES-256 and HMAC-SHA256 hashing. No vulnerabilities are known. Application: Signal, WhatsApp, Wire (variant).
- MTProto protocol: is an e2e encryption and client-server encryption open protocol, the current version v2.0 is formally verified and meets the IND-CCA criterion. It uses RSA-2048, AES-256 and SHA256 hashing cryptographic primitives. No vulnerabilities known. Note: version v1.0 does not meet the IND-CCA criterion and uses SHA1 instead of SHA256. Application: Telegram.
Analysis: a communication protocol must be open to allow formal verification of both the functioning and the cryptographic and hashing primitives used in order to exclude the presence of vulnerabilities. Note: in cryptography, the design of a new communication protocol, instead of using a tested one, is considered a bad practice especially if carried out by a non cryptographer. Although this statement is acceptable, there is no evidence of its validity.
The Signal protocol, formerly known as TextSecure protocol, was born in 2013 from the Open Whisper Systems project that became Signal Messenger in 2018. The protocol is considered the state of the art for communication applications; in fact, the majority of them both open source (Signal, Wire) and closed source (Facebook Messanger, Skype, WhatsApp) use it. The MTProto protocol was born in 2013 from the Telegram project. Version v1.0 has received strong criticism from cryptographic experts because of some design defects (use of the primitive hashing SHA1 and the absence of the IND-CCA criterion) corrected with version v2.0 released in 2017. For both versions, there are no known vulnerabilities and crack contests have been made without winners. Note: Signal and MTProto protocols have been compared often in the past: the former has always been preferred to the latter (version v1.0) by encryption experts due to its design choices and the fame of its developer (Signal vs. Telegram).
Conclusion: openness of specifications and formal correctness are two fundamental requirements for any communication service.
- Open source or free: client and server source codes are available and anyone with sufficient expertise can analyze them. Generally, the source code is released on GitHub. Application: Signal (client and server), Wire (client and server).
- Semi-open source: only the client source code is available while the server code is closed. The application binary (client) is not obfuscated. Generally, the source code is released on GitHub. Application: Telegram (client).
- Closed source or proprietary: client and server source codes are not available. Generally, the binary of the application (client) is obfuscated to make it difficult, if not impossible, for third parties to analyze it. Application: WhatsApp (client and server).
Analysis: in cryptography, the Kerckhoffs's principle states that the security of a cryptographic system must not depend on the secrecy of the cryptographic algorithm, but only on the secrecy of the encryption key. This principle requires the availability of the source code to allow analysis by third parties. Any communication service is transparent if and only if the implementation details are known or if it is open source. Note: security through obscurity is an opposite principle to that of Kerckhoffs and considered weak by modern cryptography.
Signal and Wire are completely open and therefore transparent and can be analyzed by third parties. In addition, Signal allows you to verify the absence of changes to the Android application from the source from which it was downloaded. However, at the moment neither of them Wire and Signal provides a free version (without proprietary software) on the FOSS F-Droid catalogue. Telegram is open on the client side and has a free version on the FOSS F-Droid catalogue. The source code of the Telegram clients is published within a few days of the release of the new version. The clients are transparent and can be analysed by third parties while the server is closed and requires trust in the developer of the service Telegram. In addition, Telegram is part of a project known as The Open Network (TON) which plans for the opening of the source code of the server by 2021. WhatsApp is completely closed, the binary published in the catalogs (PlayStore and AppStore) is obfuscated and does not allow any analysis. As a result, maximum confidence in the developer of the service Facebook is required.
Conclusion: the opening of the source code is a fundamental requirement for any service, especially for a communication service.
- Locally: data is stored locally on your device. You don't need to trust third parties because the data never leaves your device. Saving is not intuitive, slow and takes up space on the device. Application: Signal, Wire.
- In the cloud on your own servers: data is stored with cloud encryption in the servers of the service managers. Saving is intuitive, fast and doesn't take up space on the device, but requires trust in the communication service managers. Application: Telegram.
- In the cloud on third-party servers: data is stored with cloud encryption on third parties servers. Saving is intuitive, slow, takes up space in the device, but above all requires double trust in the communication service provider and the cloud space provider. Application: WhatsApp.
Analysis: local data storage requires no trust, while cloud storage requires single and double trust in the servers. However, saving data locally must be done manually, requiring time and (minimal) technical knowledge. Almost all (95%) of the users are unwilling or unable to use this solution. Consequently, saving data in the cloud is the compromise to be accepted in favor of speed and ease of use and at the expense of confidentiality.
Signal and Wire allow only manual and locally encrypted data storage. Telegram stores data automatically and with cloud encryption on its servers and requires trust in the developer of the service Telegram. In addition, Telegram plans to store data in the decentralized network of the project known as The Open Network (TON) by 2021. WhatsApp stores the data automatically (after the first configuration) and with cloud encryption via Google Drive or iCloud and requires the utmost trust in the developer of the Facebook service and in the cloud operator Google. Note: Telegram and Wire allow you to delete sent data for an unlimited period of time (Telegram also provides the same functionality for data received in a private chat). WhatsApp allows you to delete the sent data for all within one hour while Signal does not provide any possibility of deletion. Note: Signal and Wire allow you to send timed messages in private and group chats while Telegram only in secret chats. Whatsapp does not provide this functionality.
Conclusion: saving data locally is the only solution that provides the confidentiality of the communication.
Registration and authentication methods
- E-mail: registration for the service is via an e-mail address. The method ensures greater security with less immediacy. Application: Wire.
- Telephone number: registration for the service is via a telephone number. The method is immediate, but insecure due to known vulnerabilities. Application: Signal, Telegram, WhatsApp, Wire.
- 2-factor authentication (2FA): uses two individual authentication methods together (PIN, password, token, biometrics, etc.). The 2FA improves security by introducing the need for two authentication methods instead of one. Application: Telegram, WhatsApp.
Analysis: registration via e-mail is secure and confidential: the first derives from the absence of unresolved vulnerabilities while the second is linked to the possibility of using anonymous e-mail services. Telephone number registration suffers from known vulnerabilities of the SMS service and should be avoided. The 2FA allows to eliminate the weaknesses of telephone number registration and to increase the security of e-mail registration; for these reasons it is recommended to enable it when available. Note: adding a new device or a previously used device requires a new registration or authentication.
Signal, Telegram and WhatsApp allow you to register for the service only using a phone number. Signal does not provide any 2FA other than Telegram and WhatsApp which provide the ability to enter, respectively, a 6-digit PIN and a password and retrieve them through an email address. Wire allows you to register for the service using both an email address and a phone number, but does not provide any 2FA. Wire and Telegram inform the user of the presence of a new device through a notification in the application installed in other previously added devices (Wire also sends an e-mail message if it has been used as a registration method).
Conclusion: e-mail is always preferable to telephone number as a method of registration. Where not available, 2FA must be activated.
Contacts management mode
- Username: a user is identified by his username. This mode provides greater confidentiality with less immediacy. Application: Telegram, Wire.
- Phone number: a user is identified by his phone number. This mode provides immediacy at the expense of lack of confidentiality. Application: Signal, Telegram, WhatsApp, Wire.
Analysis: the use of username is confidential because it does not require knowledge of the telephone numbers of users. In addition, the username allows you not to have to upload your phone book on the servers of the service providers. The phone number is personal data that should never be disclosed to the public.
Signal and WhatsApp do not provide for usernames and require you to upload your address book to their servers so that users can contact you via your phone number. In the case of Signal, the contacts are protected and made unreadable by the server. Telegram and Wire provide the username and users can contact each other without necessarily uploading their address book on their servers and sharing their phone number (including the e-mail address for Wire). Moreover, Wire, in case of phonebook upload, protects the contacts and makes them unreadable from the server.
Conclusion: the username is always preferable to the telephone number as a method of contact.
- Donations: the service provided is free and made possible by donations from third parties (users, agency, companies, etc.). Generally, this model is used by foundations and non-profit organizations. No advertising or user profiling. Application: Signal, Telegram.
- Additional paid features: the service provided is free for basic features and paid for additional features. Paying users allow to provide the free service for basic users. No advertising and user profiling. Application: Wire.
- User data: the service provided is apparently free, but in reality the payment is the user data. Presence of advertising and user profiling. Application: WhatsApp.
Analysis: an unclear business model or a seemingly free service mean that payment is the data or the life of the users. In general, it is preferable to pay for a service with a subscription or by donation and be certain of its genuineness than to have it for free without any certainty. Note: generally, foundations and non-profit organizations use a .org domain (Signal and Telegram) while for-profit companies use a .com domain (WhatsApp and Wire).
Signal Messenger, as of 2018, is a company supported by a non-profit foundation whose funds come from a donation by the co-founder of WhatsApp who was forced to abandon his original project due to differences with the management. WhatsApp, as of 2014, is owned by Facebook, a publicly traded U.S. company whose profits are 98% derived from advertising. Wire is a European GmbH company whose profit is linked to subscriptions for companies and users with advanced features. Telegram is a company whose funds come from the donations of its co-founder. Telegram plans to become a non-profit foundation from 2021 being part of the project known as The Open Network (TON).
Conclusion: a transparent business model is a fundamental requirement for any service, especially for a communication service.
- Comprehensive: the service supports freedom of speech and counteracts the control and limitation of communication by the authorities. The registered offices and servers of the service are located in states where the law on the disclosure of cryptographic keys does not apply. Application: Telegram, Wire.
- Partial: the service supports freedom of speech and counteracts the control and limitation of communication by the authorities. The registered offices and servers of the service are located in states where the law on the disclosure of cryptographic keys is applied. Application: Signal.
- None: the service cooperates in the control and limitation of communication by the authorities. The registered offices and servers of the service are located in countries where the law on the disclosure of cryptographic keys is applied. Application: WhatsApp.
Analysis: freedom of speech and confidentiality are two fundamental rights of users that must be guaranteed by a communication service. In general, these rights should take precedence over requests from government authorities and a communications service should be able to operate in the presence of blockages and censorships imposed by these authorities.
Telegram supports freedom of speech and opposes censorship. Moreover, it has never given data to third parties including government authorities and has therefore been blocked in Iran, China, Bahrain, Indonesia, Pakistan and Russia while continuing to operate through the use of proxies (excluding China). The operational headquarters is in Dubai while the servers are geographically distributed throughout the world in various jurisdictions to protect the data from interference by government authorities. Telegram is part of a project known as The Open Network (TON) which plans for the creation of a decentralized anti censorship network, parallel to the Internet, with integrated proxy and VPN services by 2021. Wire supports freedom of speech and has never passed on data to third parties. The operational headquarters is in Switzerland, while the servers are under the jurisdiction of the EU. Signal supports freedom of speech and opposes censorship. In addition, Signal has never transferred data to third parties and has therefore been blocked in Egypt, Oman, Qatar, the United Arab Emirates and Iran. The operational headquarters and servers are under the jurisdiction of the United States. WhatsApp does not support freedom of speech and cooperates in the control and limitation of communication by the authorities. The operational headquarters and servers are under the jurisdiction of the United States. Note: Signal and Telegram used the domain fronting technique to bypass blockages imposed by some states until Google and Amazon stopped their support.
Conclusion: resistance to censorship is a fundamental requirement for any communication service.
- Minimum: the service stores only the metadata necessary for its correct operation. Most metadata is protected and unreadable by the server and third parties. Application: Signal.
- Limited: the service stores some additional metadata in addition to those necessary for its correct operation. Metadata can only be read by the server. Application: Telegram, Wire.
- Complete: the service stores a large amount of additional metadata in addition to those necessary for its correct operation. Metadata can be read by the server and by third parties. Application: WhatsApp.
Analysis: metadata provides additional information (date and time, participants, locations, IPs, etc.) on user activities while not allowing you to read the content of exchanged data. In fact, metadata is used for user profiling and mass control by government authorities.
Signal stores in its servers the date and time of registration and the date of last connection. Moreover, it has recently introduced the possibility of masking the sender of a message or data while leaving visible the date and time, sender and recipient IP. Wire stores in its servers the date and time of registration and IP geographical coordinates; it also stores the date and time of creation, creator, name and list of participants of a conversation for 72 hours. Telegram can store in its servers IP, devices and versions of Telegram applications used, history of user name changes, etc. for up to 12 months. WhatsApp stores in its servers the date and time, image, profile information and settings, status, list, frequency and duration of conversations, IP, location information (GPS, Bluetooth, WiFi and cellular network), devices and versions of WhatsApp applications used, locations, etc. for an unlimited time. In addition, it also shares metadata with third parties like Facebook, Onavo, Oculos, Masquerade, etc.
Conclusion: minimising the amount of metadata collected is a fundamental requirement for any communication service.