Encrypt your family: How to send safer, smarter messages
I just wanted my family’s messaging habits to be a little more secure. And the move was easier than I expected.
Nothing scares a parent more than letting their kid roam free — even just a little bit — online. I’m under no illusions that my daughters won’t run into something nefarious at some point, be it adult content, or a phishing scheme, or cyber-bullying. For the most part that’s all part of growing up. It’s just digital now, wherein back in my day (get off my lawn!) it was almost all analog.
Those are all things I can help educate against, though. Same goes for the basics — like having good password security.
What I can’t do anything about is the bad actors out there. True sniffing and hacking and what not. While I’m not quite ready to explain VPNs to my family, I have taken a couple of steps that should at least make things a little harder on anyone who targets us. (And, I’d argue, taking little steps instead of going full-IT on the folks you live with is probably the better route anyway.)
We’ve all used text messages, of course. But they’re hardly secure. Things get better if you’re in an all-iOS household, of course, because then iMessage gets thrown into the mix. That in and of itself is not a bad thing at all. But my household is mixed. (And platform-specific apps like iMessage are bad on principle anyway.) So it was time to move us to something new.
The wife and kid and I used Google’s Allo for a bit. It’s a very nice app. Runs great on Android and iOS. But nobody else we know uses it. (And it doesn’t do encrypted messages by default.)
I uninstalled Allo and Duo this week.
Kinda surprised it too this long.
— Phil Nickinson (@mdrndad) April 5, 2017
Then we switched to Signal for a bit. Think iMessage, only for everyone. It does SMS text messages and secure, encrypted messaging, in a single app. It’s open-source, which is great. And it’s free. I like it a lot.
Ultimately we moved to WhatsApp, though, along with roughly a billion or so other people. And that’s mostly why. Signal is great, but we know more folks on WhatsApp. Both also have good web components, so you can type longer messages on a real keyboard.)
So if you need me, I’ll be on one (or both) of those. It’s certainly easy enough to switch at any time.
Email is a little trickier, and I’d argue maybe not quite as important. Not that I’m passing secret messages all day long — I just wanted an option for easily encrypting email if I so desired.
Encrypting the content of an email is a tradeoff between security and convenience.
So I went down the rabbit hole that is PGP is pretty quickly decided it wasn’t something I wanted to (or had any real reason to) mess with, to say nothing of trying to explain public and private keys to my 10-year-old kid. … (I think I’ll try to slip that in when it’s time for The Talk. But let’s face it, my kid’s probably already smarter than me anyway, right?)
The general consensus (both out there in the real world as well as here at AC) is that ProtonMail is a really good place to start. So I gave it a shot and quickly made it my personal email service. It’s got a free version, which might well be fine for you. But I went ahead and ponied up $48 for the yearly upgrade, which lets me use a custom domain.
The gist: It looks and acts a lot like Gmail. It’s got a nice web interface, and the Android and iOS apps are excellent.
It does the usual end-to-end encryption for messages sent to other ProtonMail users. And it’s super simple to encrypt messages to recipients outside ProtonMail. Just hit the little lock icon, add a password (that you’ll have securely shared somehow beforehand), and then send. The person who you send that message to will then open the decrypted email in a web browser.
It’s an extra step, yeah, and not one I use every day. Or even every week. But it’s available if I need it, and it’s easy to use. And that’s really all I wanted.
The bottom line
There’s no one right way to do more secure messaging. (There are a lot of really good ones, though.) And there’s no way to guarantee that you might not get hacked somehow. Brute force is still very much a thing, and social engineering is even easier.
I just wanted to make it harder on someone who might just be sniffing around to get into our lives. So for that we’ve turned to WhatsApp for messaging, and I’m using ProtonMail for email.
Now I just have to figure out the best way to get the family onto a VPN when they need to.