[No] Evidence — Tools for Digital Secret Swapping

“Businesses, governments, individuals and institutions around the world are all gradually waking up to the same realization. In the 21st century anything written down electronically, even in confidence, can be stolen or subpoenaed and come back to haunt the writer — and others — years later.”

– Peter Apps

For as long as there has been language, there have also been embarrassing, personal conversations.

Sharing private information with others is natural. It’s human. It’s how people build relationships, increase trust and relieve their collective consciences of the often overwhelming moral burdens that plague their lives.

For the majority of human history, this person-to-person exchange of secrets has been a relatively healthy, cathartic outlet. Though there have certainly been countless instances in which a person’s loose mouth has gotten them into trouble, the heretofore lack of concrete conversational record keeping has certainly lightened the ramifications of words misspoken. Even an intercepted letter was only a singular artifact which could easily be destroyed and forgotten.


In 1971, when Ray Tomlinson sent the historic first e-mail, everything changed, and human communication would never be the same again.

Stop the Presses

Fast forward to the 21st century.

November 25, 2009: The new edition of The National Enquirer hit the stands bearing the headline “Tiger Woods Cheating Scandal.” The article included details of Woods’ string of extramarital affairs, a scandal unearthed after his wife, Elin Nordegren, discovered text message conversations with his harem of extramarital love interests.

June 16, 2011: Democratic U.S. Congressman Anthony Weiner announced his decision to resign from his position in the wake of an embarrassing Twitter slip-up in which he sent a sexually explicit photo to a 21 year old girl.

August 13, 2013: “Time for some traffic problems in Fort Lee.” These 8 simple words, emailed from New Jersey Governor Chris Christie’s Chief of Staff to the NY/NJ Port Authority, put Christie at the center of a huge investigation which ultimately led to multiple resignations, including that of the Chairman of the Port Authority.

Though these highly embarrassing scandals were thrust into the public spotlight by the ensuing media firestorms, for each one of these high-profile ordeals, there have almost certainly been hundreds of thousands, if not hundreds of millions, of private controversies triggered by electronic paper trails.

Big Data: Big Espionage

The prying eyes of friends and family are, unfortunately, by no means the only threat to the security of private conversations and data.

A disillusioned government systems administrator, by the name of Edward Snowden, recently shocked the world by revealing documents outlining an extensive system of online spying carried out by the National Security Agency (NSA).

His testimony suddenly threw digital privacy concerns to the forefront of international technology conversation, and motivated a fundamental shift in the landscape of emerging communication solutions.

In recent years, app developers have set out to find new methods of protecting consumers from damning online breadcrumb trails and overreaching government observation.

The Road Less Traveled

As is true of any revolutionary concept, those who were first to market were faced with the difficult creative challenge of molding a formerly unexplored space. With no real basis for comparison, application developers faced a truly clean slate when setting out to address digital privacy. As such, there have a been a number of different approaches to this challenge, each, naturally, with its own strengths and weaknesses.

Some apps emphasize security, some focus on ephemerality, others on anonymity and still others are a hybrid combination of the above features.

Evan Spiegal, the young founder of SnapChat, which is perhaps the most talked about product in this new generation of messaging apps, believes that there is a diminishing distinction between digital and physical worlds, in large part due to the proliferation of smartphones. He believes that digital communication should be used to have conversations that more closely mirror real life dialogue and smash the current binary of offline and online; a system in which texting, emailing, instant messaging etc are seemingly the linchpin.

This radical viewpoint seems to be the inspiration guiding this fledgling app sub-genre, and the results are nothing short of fascinating and ingenious.


So, what’s out there? [Part I: Security]


Du jour…secure?

Since Snowden’s paradigm-shifting leaks, buzzwords such as ‘encryption’ and ‘disappearing’ have rapidly become essential app features that consumers seek.

But are the most buzzed about ‘safe’ communication apps really responsibly handling your data? Or does flashy marketing and slick product design distract consumers from gaping security holes?

For example, though millions of users trust SnapChat with their most personal photos and messages, the controversial company seemingly has a hard time maintaining the integrity of user data.

Apart from a slew of privacy policy concerns, legal issues and other disturbing accusations, in 2013 SnapChat embarrassingly fell victim to hackers who published the personal data of over 4.6 million SnapChat users.

SnapChat does not stand alone in the crosshairs of scrupulous security aficionados. Telegram, an up and coming messaging app that touts privacy and security as some of its primary selling points, also has its fair share of critics.

In his scathing review of the app titled “Telegram, AKA “Stand back, we have Math PhDs!” software security analyst Geoffroy Couprie warns would-be users to “Avoid [Telegram] at all costs.”

Couprie sites a number of vulnerabilities but primarily faults the developers for using a “flawed homegrown mix of RSA, AES-IGE, plain SHA1 integrity verification, MAC-Then-Encrypt, and a custom KDF” rather than using more tried and true security protocols.

So, who can you trust?

Though they may not receive nearly as much press attention as industry heavy weights such as SnapChat, there are a number of apps that seem to responsibly handle and protect user data.

TigerText

TigerText co-founder Jeffrey Evans claims that the app was named before the 2009 Tiger Woods infidelity scandal, but there is no doubt that this app could have helped to save Tiger’s hide.

This app, designed specifically for healthcare and enterprise use, offers a comprehensive set of safety features including (but not limited to):

  • The ability to restrict message copying and forwarding outside of the enterprise.
  •  Control over message lifespans.
  • Encryption that complies HIPAA, SOX, and other regulations.
  • Dropbox integration for secure file sharing.
  • The option to recall messages from the recipient’s before and after they have been read.
  • Perhaps most compelling — a $1 million guarantee against compliance violations.

For companies seeking to incorporate secure, real-time communication into their workflow, TigerText is an easy choice.

Confide

While TigerText stresses security, Confide focuses on ephemerality.

Confide’s approach is novel, and seeks to create a truly screenshot-proof system.

“Confide lets you say what you want, honest and unfiltered. Messages disappear after they’re read, ensuring all of your communication remains private, confidential and always off the record” claims Confide’s website; and their unique touch-to-reveal reading approach helps them make good on that promise.

Aside from the peace of mind provided by this feature, Confide also promises users end-to-end encryption and self-destructing messages.

This app is a great solution for facilitating honest, private conversations both in professional and personal settings.

TextSecure

Claiming to be a full, albeit secure, replacement for “the default texting app,” TextSecure emphasizes tight security and code transparency.

As compelling as TextSecure’s offering of encryption over the air as well as on the device is, it is the app’s development team that truly shines with its dedication to actively working with its community to grow and improve.

In TextSecure’s description on the Android app store, the developers expressly invite users to verify its security by auditing its fully open-source code — something that the developers of Telegram have been criticized for failing to do.

ProtonMail

For those looking for a secure email platform, ProtonMail is the answer. Despite a recent hiccup consisting of a java-script injection attack on the fledgling service, this product is still strong.

The team claims to have plugged the hole and has reiterated their commitment to “constantly making security improvements through [their] beta process.”

ProtonMail is exploring relatively uncharted territory by offering the extra safety precaution of client-side encryption, a challenging feature which the team is “working diligently to tackle.”

All this aside, for a system that is still in the beta development stage, ProtonMail offers early-adopters a compellingly robust feature set including:

  • Data protection under the Swiss Federal Data Protection Ordinance, which offers some of the strongest privacy protection in the world.
  • Double password protection — one to log in and a second (which is never sent to ProtonMail) to decrypt the data.
  • End-to-end encryption using the most trusted cryptography standards such as the most secure implementations of AES, RSA, and OpenPGP.
  • Open source libraries to guarantee “that none of the encryption tools [they] are using have clandestinely built in back doors.”
  • An optional self-destruct timer.

The Future

In a recent talk, Edward Snowden stressed to developers the importance of building products that protect privacy by design.

“It doesn’t end at encryption it starts at encryption” — Edward Snowden

In this dawning age of digital suspicion and increasingly invasive data collection practices, Snowden’s words ring out as especially poignant.

Whether an app’s security measures serve to safeguard a casual user from their own embarrassing digital paper trail or are intended to protect a multi-million dollar company from compromising data leaks, they should be a cornerstone in any digital product’s construction.

“We need to think about software as a means of expressing our freedom, but also defending our freedom,” concluded Snowden. “Technology gives us a new power — if we pair that with a responsibility to police ourselves, the way technology grows, and not sleepwalk into new technologies.”

Coming soon — Part II: Creative Alternatives

Here are some hot deals running on StackSocial right now:

The Productive Designer Mac Bundle for 95% off!

Designer Bundle

The Complete iOS8 + Swift Developers Course for 92% off!

The Mac Mastery Bundle: Become a Mac Power User for 92% off!

Mac Mastery Bundle

Be First to Comment

Leave a Reply