I’ve come to realize that it’s actually pretty difficult persuading friends and family to switch to an encrypted messaging service. From my personal experience it really boils down to two things: 1) most people don’t care about (or necessarily understand) digital privacy and verbatim will often state the “I have nothing to hide” or “you’re being monitored anyway” argument; and 2) they don’t want to go through the trouble of installing another app on their phone – oftentimes Facebook Messenger is the app that they and all their friends use and anything with a word like “encryption” sounds hard.
Why We Need Encryption
We live in an age where normal people believe the government in spying on you and giant internet companies collect every piece of data about you, and it’s crazy to believe that they’re not doing these things. Using an encrypting communications services is one way to mitigate this for anyone who still believes they have a fourth amendment right. If any company, state, or simply a bad actor intercepts your communication that is end to end encrypted all they will see is random blogs of garbage since your intended recipient is the only one with they key to decrypt it. This type of communication is absolutely vital for journalists and people under oppressive governments, but normal everyday people as well. Now my threat model isn’t that of a journalist or someone living in an oppressive country, but being in the United States, I’m personally more concerned about surveillance capitalism.
This isn’t to say there’s other ways to intercept communications on your device. For example, an adversary could install a malicious application on your device without your knowledge that records everything you do on your device – or simply stand over your shoulder and read your messages.
Facebook – The Advertising Behemoth
Facebook collects information not just about what you “like”, what you watch, who you engage with, and what you’re doing online even when you’re not using their services – they also collect data from your personal messages on Facebook Messenger. This information combined into a neat advertising profile in which Facebook sells the keys to the highest bidder, namely advertisers. This profile is essentially a score about what you’re likely to engage with (ie a click, like, comment, share, etc).
Advertising by it’s very nature is a means to manipulate you into performing an action (in this case clicking/viewing) with the ultimate goal of buying a product or even swaying you who to vote for. I should note that I’m not saying that Facebook directly shares your entire message with advertisers (at least not to my knowledge), but by scanning your conversations they’re able to further build an advertising profile about you which is then shared with advertisers. Of course we all agreed to this type of data collection when we signed up for the service, but I’m willing to bet that you (like me) didn’t read through the Terms of Service.
I’m picking on Facebook here, but other messaging services will often do the same thing.
Why not revert back to SMS?
This is pretty straight forward. First of all, wireless carriers have begun implementing encryption into SMS, though every carrier is different and I for one wouldn’t trust carriers with the keys to my personal data.
Secondly, we have become accustomed to rich messaging services where we can send higher resolution photos, videos, GIFs, stickers, read receipts, voice messages, and seeing when the other person is writing a reply, it’s a hard task to convince people to go back to the limitations of SMS. With Signal, my preferred encrypted messaging app, your account is essentially your phone number which makes it significantly easier to transition as most of my friends still have each others numbers. However you also get the added benefit of not only rich messaging but also end-to-end encryption.
When people (ie normies) hear the word “encryption”, then tend to lose interest and run the opposite direction because it sounds complicated. The reality is that it’s far from being complicated especially with services like Signal and Protonmail at our disposal and are completely free for anyone to use. With these services we are not the product. Signal happens to be a non-profit and has received a large donation from the co-founder of WhatsApp (which is a very interesting story and I recommend you read up on it). Protonmail has paid tiers for more storage, more customization, the use of custom domains, and more. Do yourself a favor by checking out these tools and maybe take back control of your privacy.