Encryption tools and communication services

While the transport encryption is not perfect, it at least secures the connection between users and the servers to exclude third parties during the transmission process. On the web, a website with only http does not offer transport encryption, but https does. Be aware: On an http website, all information is transmitted in plain text.

Unfortunately, users cannot decide on their own whether or not to use https for every website. It needs to be implemented by the website operator. However, the browser extension https-everywhere helps user to enable https every time if it’s technically possible.

Emails are still very popular, but also an unsecure communication channel if users do not secure it individually. An email without extra protection is like a postcard: Readable for everybody with access to it.

A necessary thing to do is never to send emails without transport encryption. This is done over a protocol called “SSL” or “TLS”. Most of the popular email providers use that today by default, but you should check in the settings whether it is really the case.

An additional way to secure emails is the end-to-end encryption. It means that only the sender and the recipient can read emails, but not the email providers or governments with access to the connection or mailboxes of the users. The most common way to enable end-to-end encryption for emails is PGP. It is an additional programme that adds encryption to the emails. Another approach is S/MIME.

While PGP is still considered to be secure, it is still not handy to use and is rarely spread. The largest email provider that uses end-to-end encryption by default is the Swiss company “ProtonMail”. All emails between ProtonMail users are automatically end-to-end encrypted. It also allows to send end-to-end encrypted emails to non-ProtonMail users while adding a password. It is also Open Source.

We do not recommend specific messaging services but provide the most important information about popular services. You could use this for your individual assessment and further reading. Please also look at our key questions.

Facebook Messenger

Pros

• high user-base
• usable without telephone
• self-destructing messages available

Cons

• Closed source
• Facebook account necessary
• End-to-end encryption not by default, only for individual chats (no groups) and only for the smartphone app
• Legally based in the USA: legal obligation to cooperate with governments?

Phone calls

Pros

• Everybody with a mobile phone number is reachable

Cons

• Bound to the telephone number
• Not encrypted
• National telecommunication service providers can read messages and are mostly obliged to grant access to governments

Signal

Pros

• Open Source
• End-to-end encryption for text messages and voice calls
• Mobile app and desktop version
• Self-destructing messages

Cons

• (still) Low user-base
• Bound with a telephone number
• Legally based in the USA: legal obligation to cooperate with governments?

SMS

Pros

• Everybody with a mobile phone number is reachable

Cons

• Bound with telephone number
• Not encrypted
• National telecommunication service providers can read messages and are mostly obliged to grant access to governments

Skype

Pros

• High user-base
• Users are reachable without a telephone number
• Mobile app and desktop version

Cons

• End-to-end encryption not by default and only for individual conversations (no groups)
• Legally based in the USA: legal obligation to cooperate with governments?

Telegram

Pros

• Open Source (partially)
• High user-base
• Mobile app and desktop version
• Self-destructing messages
• Two-Step Authentication
• Users are reachable without telephone number (telegram.me)

Cons

• Closed Source (partially)
• Bound with telephone number
• End-to-end encryption not by default and only for individual chats (no groups)
• Legally based in the UK: legal obligation to cooperate with governments?

WhatsApp

Pros

• High user-base
• End-to-end encryption for text messages, voice and video calls
• Two-Step Authentication
• Mobile app and desktop version

Cons

• Closed Source
• Bound with telephone number
• Legally based in the USA: legal obligation to cooperate with governments?

Wire

Pros

• Open Source
• End-to-end encryption for text messages, voice and video calls
• Not bound on telephone number
• Self-destructing messages
• Mobile app and desktop version

Cons

• Low user-base
• Legally based in Switzerland: legal obligation to cooperate with governments?

Encrypting files is relatively easy. If you already use PGP for your email encryption, you could also encrypt any file on your computer with PGP, both for yourself and for other people who also use PGP.

Another program you might consider is VeraCrypt. It is – like PGP – open source.