Security and privacy are synonymous terms. Security ensures the absolute integrity of an exchange that is supposed to remain private. The recent Legion hack showed how easy it is to compromise individuals and corporations alike.
So, what is the best way out for individuals? It is security through obscurity (living off the grid), but this requires some extreme measures. The privacy and security needs of an individual are different from those in regulated industries like financial services, where they are required to comply with legal provisions to ensure absolute data integrity.
Remember, if you are not paying for a service, you are the product! Social networks (like Facebook/Twitter) are current fads but come at a huge cost to your personal privacy (not to mention a number of vulnerabilities makes it easy for any skilled person to get your private data). Say no to Facebook!
There are number of ways to compromise anyone (using email accounts, phone numbers and scrutinising social networks) that has real world repercussions. The scary part: your biometric identification (like fingerprints) taken from your devices like iPhone/Android can be fabricated to authorize transactions in your name. Biometrics, in current form, is poor security and privacy practice.
Your location data is constantly being leaked and Facebook/WhatsApp/Google always listens to conversations, even in the background. This is part of extensive metadata that can be reconstructed and be used to identify you as an individual. By default, all collected data can be easily accessed by the government as well.
Why generate that data in the first place?
Herein are suggested some ways to ensure your privacy and security at the same time. The emphasis is on those services which don’t use mobile phone numbers.
BlackBerry 10 had pioneered device user permissions, which makes it impossible to get user data unless specifically opted in. The device is encrypted at rest, by default. This device has received number of certifications to be used for regulated industries (including the coveted NIAP certification); therefore it is safe for general use as well. BlackBerry 10 cannot be rooted, altered or modified under any condition and no public record exists to its compromise.
BlackBerry made a conscious shift to Android (Priv, DTEK50/60) and secured it to the max! It has been able to deliver regular monthly security patches and a recordw2q1 unmatched even for Quadrooter vulnerability. This means your device stays current and safe from the emerging threat landscape. This in addition, to hardware root of trust and other special encryption sauces that ensures malicious apps are unable to breach the integrity of your device. The only way to make it more private is to ensure that Google is switched off (by disabling Google services), restricting background app usage and use the open source Netguard firewall (open source) — which doesn’t require the device to be rooted. Netguard blocks every app on mobile and Wi-Fi networks; therefore restricting background usage. A unique feature on BlackBerry on Android is it’s DTEK app that works like a visual privacy indicator of how your critical data (contacts, location, text messages etc) are being accessed in the background by all apps.
Everyone is talking about encrypted email. ProtonMail/Tutanota are contenders in this space but its secure only if you are sending it to other mail users on the same service. Apps are major sources for privacy leakages because they have deep access to file systems. Therefore, I personally recommends Fastmail. Although a paid option, their service is absolutely stellar. It offers a number of options to secure access to email, including my personal favorite, YubiKey, based on the U2F standard. FastMail offers a number of enhanced, secured options for logins (both for individuals and businesses alike). BlackBerry Hub with contacts/calendars syncs beautifully with Fastmail’s servers (with easy setup instructions). It also supports IMAP push protocol, which is as good as MS Exchange (minus the privacy hassles of using Microsoft). Proton email has recently introduced two factor authentication but they don’t have IMAP and other full blown services of Fastmail.
Chat: BBM and Threema
WhatsApp announced that it was using the open source Signal Protocol. However, giving up your phone number and your contact list increases risks of identity theft. Therefore Signal isn’t recommended. The implementation of protocol hasn’t been disclosed; therefore it remains vulnerable. For secured communication, BBM Protected (runs on BBM enterprise) is recommended that is now a standard part of Unified Enterprise Management (UEM) from BlackBerry. Apart from generating encryption on the device, it ensures absolute security and privacy of shared communication between individuals. It helps to know that it has the highest level of certification as well. You only need your email to confirm your BlackBerry ID and it’s heartening to know that the chat database is encrypted that stays on device (unlike WhatsApp that stays unencrypted and can be read easily by anyone having access to your device). Likewise, Telegram has issues with its crypto protocol.
Threema is an interesting alternative to WhatsApp. Unlike WhatsApp, it doesn’t require your phone number. Like BBM, it requires you to have a PIN that is completely anonymous, is generated on your device and works totally end-to-end encrypted. It is available cross platform. It uses open source encryption protocols. The groups work exactly like WhatsApp and allows for sharing of any file. Although paid (it costs less than two cups of cappuccino) it helps to support independent development. My personal favorite features are password-protected private chat and the ability to create polls on device (for groups). The best part is it’s metadata restraint (unlike WhatsApp). The servers don’t save any metadata and therefore the users are completely safe.
Threema is a highly recommended alternative to BBM Protected.
Security and privacy are shifting goal posts. It helps to be aware of importance of your privacy and choose your products wisely. Stay secure!