Talk and Chat Privately
I am old enough to remember the days when, if someone wanted to converse with another person who wasn’t nearby, both people would talk into analog devices called “telephones” to have real-time audio conversations. Perhaps you’ve seen such devices in old movies or read about them in antique documents called “books.”
I kid, but analog telephones are rapidly on the way out. My home phone, which I used to refer to as a “landline,” bypasses the phone company altogether and relies on a box that plugs into my broadband router. I happen to use Vonage for my home VoIP (voice-over-IP) telephone service, but I could have chosen a similar service from my broadband provider or from any of numerous other companies. In other words, for me, telephone service is a variety of internet service.
And then there’s my smartphone, which is almost never out of reach. I use it for conventional audio phone calls maybe once a week on average. Of course, I constantly use it for email, instant messages, SMS, Twitter, and video chats—most of which, again, travel over the internet—and even those occasional audio calls may use a VoIP app such as Skype.
Meanwhile, my computers and tablets have software for a long list of services that provide real-time text, audio, and/or video communication—not just Skype but also Google Hangouts, Apple’s FaceTime and Messages, and numerous others you may or may not have heard of, to say nothing of the chat services built into games, Facebook, and other social networking services. Xbox, PlayStation, and Nintendo game consoles all support messaging and voice chat too.
The question is: How private are any of these real-time communication services?
Understand the Privacy Risks of Real-Time Communication
One of the best ways to acquaint yourself with the risks of real-time communication is to watch the HBO TV series The Wire. Yes, all five seasons. (Go ahead and do that, if you haven’t already, and then come back to this page.)
I’ve mentioned The Wire because a lot of it has to do with electronic surveillance (hence the name)—but the main target of this surveillance is ordinary mobile phones. On the show, law enforcement agents need both special equipment and legal permission to monitor the mobile phone use of suspected criminals. But the process ultimately poses little technological challenge, and the people being monitored have no way to know their conversations aren’t private.
Now, think about that and consider the fact that monitoring real-time communication over the internet is potentially easier. And, although government and law-enforcement entities have greater access to this sort of data than ordinary citizens, professional hackers and even casual snoops likely have the capability to see (or hear) far more of this data than you might suspect.
As with everything else I’ve discussed in this book, precisely what that means to your personal privacy depends on what you say and to whom, but in principle there’s almost no limit to your potential risk. However, let me now backpedal a bit and point out a few mitigating factors:
Audio data is more difficult to store and analyze than textual data, and video data poses a bigger challenge than audio data. Due to the inconvenience of dealing with such large amounts of data, it’s slightly less likely that audio or video calls will be kept or searched than email, text messages, or chats. Of course, if your VoIP connection were compromised, a computer could attempt to transcribe every word of a conversation and turn it into searchable text without having to store the audio or video. So although there are no guarantees, on the whole, I consider voice and video communications over the internet to be marginally safer than any sort of text-based communication.
The previous point notwithstanding, available technical details and anecdotal reports suggest that Apple’s encrypted iMessage service—which can be used for text messages and file transfer between Macs and iOS devices—is highly resistant to hacking and eavesdropping. (See the sidebar just ahead for more information.) Other secure messaging services include:
Like iMessage, these services are proprietary, requiring that the people you chat with have accounts on the same service. (For another type of secure messaging, see the sidebar Using Keybase for Identity Verification and Chat, ahead.)
Communication that takes place entirely over the internet (for example, Skype-to-Skype calls or FaceTime chats) or entirely over analog phone lines is probably safer than communication that crosses between the two (such as using Skype or a VoIP service to call a landline phone) because calls that traverse multiple networks have more potential points of interception.
Improve Your Real-Time Communication Privacy
If you have money to burn and a powerful need for a “secure line,” you can buy secure telephones (landline) or crypto phones (mobile) with built-in hardware encryption. There are also various hardware and software products (for example, Silent Circle) that can work with existing phones to achieve the same effect. But end-to-end encryption means both parties will need interoperable equipment or software.
For the purposes of this book, I’m assuming you don’t need such a heavy-duty solution. For improving your day-to-day privacy in real-time communication, I suggest the following:
Read the privacy policies. Your mobile carrier, ISP, VoIP provider, instant messaging service, and other such companies will have boring pages of legalese, but you should at least be able to scan them to see if the services encrypt your data, and under what circumstances they may share your information with others.
Use end-to-end encryption when available. Apps mentioned earlier in this chapter—such as KeeperChat, Messages (using the iMessage Protocol), Signal, WhatsApp, and Wire—offer end-to-end encryption that the providers themselves apparently can’t crack. Use one of those if possible. If not…
Use obscure products. If you’re unable to use end-to-end encryption, you can gain a small advantage by using an app that isn’t one of the major players. After all, tens of millions of people use Skype, making it an attractive target for both official surveillance and hackers. Newer and less-popular communication services—more of them are popping up all the time—might not be large enough to attract that sort of attention. Of course, they also may not have the expertise or resources to engineer or operate a high-quality service.
Favor higher-bandwidth communication. All things being equal, if circumstances permit, choose video before audio, and audio before text—simply because anything other than text makes it less convenient to capture, store, and analyze your conversation (and all the more so if it’s encrypted). Remember, none of this means audio or video is entirely safe from snooping, but the odds are more favorable than when using text-based communications.