After all the Cloak And Dagger from our Friends and the NSA (or any few single letter Agencies) we now ask How Secure is My Text Message?!?. I’ll tell you now: “Unless you use Point to Point Encryption that You Control, your Security for your Text Messages means nothing!!!”
To quote a phrase: “TNO (Trust No One)”… In the terms of the Internet today TNO is a key reason… The minute you trust someone else (like a organization) you must then hope they have not been turned by anybody and keep your data safe. Internet Service Providers (ISP’s) claim to keep your data (what you surf and where you surf on the Internet) safe, but lo and behold it just takes a court order from a government agency and they give up your data in a heart beat. So to get around them you use a Virtual Private Network (VPN) to block their data recording habits.
When you use a service (like messaging: MSG) then you have to rely and trust that service in keeping your data safe. A very good example was the BlackBerry Message Service (BBMS), they promised the best end to end encryption known to man. They said know one could crack it and read your MSG’s… Well they were right until the company RIM (Research In Motion, now Blackberry) told the government bodies that if they wanted to ease-drop then they just needed to install their own BBMS Server in their country (which would decrypt all the MSG’s at their level) and watch. So much for BBMS being secure…
Now Apple says that their MSG service (iMessage) is very secure and encrypts from end to end. Well that may be true to a point if you are going from an apple device to an apple device and only using iMessage. The minute you cross to another device (non-apple) you are no longer using iMessage and the MSG is no longer encrypted. When using iMessage each apple device holds a unique security private key and a unique public key that then used between two or more apple devices the private and public keys work together to encrypt and decrypt from end to end. Because the service goes through Apple and Apple controls all the security keys, they could always slip in another key (without your knowledge) and decrypt your MSG without you knowing about it.
The only way you can be sure of secure MSG’ing is first write your own application. Between two or more devices using your app use Public Key Encryption (PKI) so you control the security keys (both private and public). Now by using PKI your fellow msg party’s that you connect with must meet physically and transfer the public security keys… Doing this ensures that no spying is done behind your back. The only problem is you must write the program on your device and on any other device you need to connect with, so I hope you are a great programmer…. If you are not then you must trust another programmer out there that uses PKI with open source (that way you can inspect the program). This kind of goes against TNO but unless you’re a competent programmer then at least you still control the security keys (public and private).
I still like PKI email… Email alone is in the open (anyone can read it on the Internet), but using PKI only those intended for can decrypt and read it. You control the security keys and any spying you know going on in the background has to try to decrypt the message (usually over 5-20 years with current technology depending on the strength of the keys).
Be careful though… By using and encryption what so ever, you are setting up red flags to those 3 letter spying agency’s who think they need to know everything. And the magnifying glass looking over your shoulder could get Very, Very Big…. So like I said… Be very careful…