What’s goin' on 'ere then?
Firstly, it appears that the last update wasn’t made live on Kickstarter. Apologies for this mix up, you can now read it here.
Top Secret Alpha released!
Last week saw the release of the Top Secret Alpha. SECRET//POSTCARD backers and above can get their hands on an early version of the game and let me know what they think. Changes I've already to the desktop version based on Alpha feedback include:
- Simpler message composition
- Improved menu screens
- Visual tweaks to improve legibility
I’ll be updating the game throughout the week as more feedback comes in. Next up, the Beta!
You say Allo, I say goodbye
Last week, Google announced their new smartphone messaging app Allo. Should you use it?
Let me explain why.
One of the best ways of resisting mass surveillance is to use services where end-to-end encryption (E2EE) is enabled by default. E2EE means that only the sender and receiver of a message can read it. The NSA could still read messages by hacking into your phone directly, but they can’t (unless they hack everyone’s phones) read everyone’s messages this way. This is why widespread adoption of services such as WhatsApp (which uses E2EE) is a good thing.
With WhatsApp, iMessage, and Signal adopting E2EE by default, many were looking to see what Google would do with their latest product. Would they also use E2EE?
Well… sort of.
Allo only uses end-to-end encryption in ‘Incognito mode’. By default, messages are not encrypted this way. Furthermore, incognito messages are only stored for a few minutes. While good for security, this disincentivises continuous use of the mode. The likely result? The vast majority of Allo messages will not be securely encrypted. Google, and governments worldwide will be able to read, and analyse the messages of everyone using the service. This is a bad thing.
So which messaging service should you use if you care about human rights? To answer this question we have to briefly talk about metadata.
E2EE protects the contents of messages but not the metadata (who, what, where, when) of the parties involved. Metadata is just as important (if not more so) than content when it comes to mass surveillance - it’s easy to analyse in bulk and can be used to determine the important places, people, and daily patterns in your life. A good messaging app should protect not only the content of your communications but also the metadata.
WhatsApp uses E2EE but hasn’t said whether it stores metadata. Given that its terms explicitly allow for metadata collection we should assume that it does. iMessage also stores metadata. So what’s the alternative?
The general consensus right now seems to be that Signal is the best option. It uses E2EE by default and doesn’t store any metadata. It has clients for Android, iOS, and desktop and is a joy to use. Unlike WhatsApp, Signal is completely open source so anyone can check the code for security flaws or malicious behaviour. What’s more the tech behind Signal is so widely respected that both WhatsApp and Google have adopted it.
But don't just take my word for it. Signal is recommended by, among others, Edward Snowden himself.
You can download Signal here.
In the news
How Pentagon punished NSA whistleblowers - The Guardian
The Ukrainian hacker who became the FBI’s best weapon, and worst nightmare - Wired
China’s scary lesson to the world: Censoring the internet works - Washington Post
What it’s like to read the NSA’s newspaper for spies - The Intercept
Face recognition app taking Russia by storm may bring end to public anonymity - The Guardian