Whatsapp and its owner Facebook may have secured valuable publicity by introducing end-to-end encryption on the instant messaging app. But they have been slow to join the pack. Others have pushed encryption for years.
You could be forgiven for thinking encryption was "the new black." Encryption is so en vogue even Whatsapp wants in on the action. Its decision to deploy end-to-end encryption was only a matter of when.
And it's certainly good for Whatsapp subscribers.
With tech firms in the US apparently fighting the good fight against surveillance-happy authorities, we consumers can delight in a warm and cuddly feeling that they've got our backs.
Whatsapp's move follows Apple's recent face-off with the US Federal Bureau of Investigation (FBI). Apple refused to indulge a court order to break into the iPhone of California shooter, Syed Rizwan Farook. The move was hailed all round. Facebook, which owns Whatsapp, joined a chorus of giants, including Google and Twitter, supporting Apple's stance. (In the end, the FBI says it hacked Farook's phone all on its own.)
Meanwhile, in Europe a flaming row continues over the UK's Investigatory Powers Bill and the EU-US Privacy Shield, which may replace "Safe Harbor," a dusty, 20 year old agreement on data protection as it flows between the two "partners."
But let's not forget there are those who believe encryption should be the standard. We shouldn't have to fight for secure messaging, or treat data privacy as something out of the ordinary.
And indeed some apps have offered encrypted messaging from the start. Here are a few (in no particular order):
Founded in 2011, Wickr is one of the originators among communications apps using end-to-end encryption and "self-destructing" messages. It has a 5 out of 7 rating on the Electronic Frontier Foundation (EFF) Secure Messaging Scorecard. Wickr considers privacy a universal human right, and says it uses "multiple layers of encryption," built on industry standard AES256 algorithm.
Telegram was reportedly used by those behind the November 13 Paris attacks. Telegram's basic settings give it a rating of 4 out of 7. But Telegram secret chats get a full 7 out of 7. The software supports two layers of secure encryption: server-client encryption for cloud chats, and client-client encryption as an additional layer in secret chats.
The move to encrypt all messages has given Whatsapp a bump that will go down well with its one billion users. It scores a hefty 6 out of 7 on the EFF score card. Whatsapp also uses industry standard AES256 and a "hash-based" message authentication code (HMAC). Facebook chat, offered by Whatsapp's parent company, scores a low 2 out of 7.
Messages and FaceTime
Apple's reputation as a defender of encrypted messaging and privacy has some history. Back in 2013, a leaked "internal document" from the US Drug Enforcement Administration said it was "impossible to intercept iMessages between two Apple devices." iMessage was launched in 2011 with secure end-to-end encryption out of the box. Both it and FaceTime score 5 out of 7 on the EFF scorecard.
Signal from Open Whisper Systems is free and open source. It offers encrypted voice calls and instant messaging for Apple's iOS and Android. In 2015, Open Whisper Systems formed a partnership with Whatsapp to integrate its Signal Protocol into Whatsapp. Its original voice encryption was based on the Zimmermann Real-time Transport Protocol (ZRTP), which is said to be secure against "man-in-the-middle" (MiTM) attacks - the act of intercepting a live call - and a "derivative" of the "Off-the-Record (OTR) messaging protocol for text encryption. Being open source means the code can be audited or improved by anyone. EFF score: 7/7.
Silent Phone is another top scorer and stands out for the fact that it offers hardware as well as software. The company, Silent Circle, says its Blackphone is "the world's first smartphone that is private by design." As with Signal, Silent uses ZRTP for peer-to-peer encryption and secure VOIP communication. ZRTP was developed by Phil Zimmermann, who created and published Pretty Good Privacy (PGP) in the early 1990s. It is the most widely used email encryption software. EFF score: 7/7.