a key breaks through the screen of a phone

Gooder/Shutterstock Skylines/Shutterstock (Licensed) Cole Mitchell

Easy tips and habits to protect your messages

What happens in the DMs, should stay in the DMs.

 

Mikael Thalen

Tech

Published Aug 27, 2021   Updated Aug 27, 2021, 12:44 pm CDT

Communicating online, whether through email, text, or instant messaging, has undoubtedly become one of the most common ways to stay connected. With hundreds of billions of digital interactions every day, it’s likely that you and many people you know rely on numerous platforms and apps to keep in touch.

But not all communication methods are equal, and if security is a priority for you—as it should be, given how much our online activity is tracked and watched—then communicating in a way that best protects your personal data is a must.

While not all of your everyday messages are sensitive, you’d be surprised how often they actually are. Have you ever sent someone one of your passwords? Or perhaps you’ve messaged someone personal information like a birthday or your address? All it takes is one hack—from either your account or the person you’re messaging with—and suddenly all of that information in your messages can be used against you. 

Meanwhile, large tech behemoths use your data like the content of your messages and searches to create a profile of you that can be used to target ads. Those profiles are apparently creepily accurate. But those tech giants are also a potential vulnerability—since data breaches are becoming increasingly common. 

EASY: Tips and habits to protect your data

If you’re similar to many people online, you likely use some collection of WhatsApp, Gmail, Facebook Messenger, and Signal on any given day. Not all of these apps, however, come with the same security features. 

Although WhatsApp comes with end-to-end encryption, meaning no one other than you and your recipient can see your messages, the app continues to gather who you’re talking to, your location, when you’re talking to them, etc.— your “metadata.”

This means that Facebook knows not only who you talk to, how often, and when, but where you are when you talk as well. Facebook can also collect data from your phone unrelated to your conversations such as a list of your contacts, if you allow for it in your app settings. 

Facebook Messenger is even more invasive and can share staggering amounts of data, such as the browsing history on your phone, with third-party companies in order to serve you ads. It is also possible to curb this by opting out in Facebook’s settings. 

While these apps offer countless features that make messaging great, users should be aware of the data they give up just by having such apps on their phone. Facebook Messenger does not offer end-to-end-encryption by default either, meaning you have to manually enable it for every conversation.

The instant messaging app Signal is a much better option for private conversations given its focus on privacy and security. Unlike other apps, Signal collects nothing on its users other than their telephone number. 

But regardless of which app you use, adopting smart digital habits can go a long way in protecting you online. We’ll look at several popular apps, their pros, cons, and discuss how to use them best.

WhatsApp

With more than 2 billion active monthly users, it’s likely you know at least several people who use WhatsApp on a regular basis. The app is popular among a huge range of age groups due to its ease-of-use and wide array of features.

PROS

  • User-friendly
  • Offers end-to-end encryption by default
  • Features including instant messaging, group chats, as well as voice and video calls

CONS

  • Owned by Facebook
  • Collects metadata
  • Requires providing your phone number

Based on its strengths and weaknesses, what is WhatsApp best used for? Given its robust features, WhatsApp is great for everyday messaging, sharing memes, and group chatting with your friends.

It’s default use of end-to-end encryption also means that your conversations will stay between you and your friends, allowing you to hold private discussions that are immune to the dangers of bulk data collection.

But WhatsApp’s collection of metadata and other information on your phone means you may not want to use the app for more important matters. For example, using the app to communicate while attending a protest where your location data and contacts can be collected is ill-advised because that data could end up in an investigation if it is subpoenaed. Other apps, like Signal, would not have that kind of information to hand over. 

Facebook Messenger

The second most-used instant messaging app is Facebook Messenger. The app allows users on Facebook’s hugely popular social media platform to stay connected with chats, audio and video calls, and even group video chats as well. 

PROS

  • User-friendly 
  • Wide-range of features
  • Doesn’t require your phone number

CONS

  • Owned by Facebook
  • Collects metadata
  • No default end-to-end encryption

Based on its attributes, what should Facebook Messenger be used for? The app should ideally be avoided altogether or only used for chatting with people who you can’t talk to elsewhere or if you are sending extremely innocuous things like memes. 

You should not share any private information in the chats that you wouldn’t want Facebook to have access to. Given how frequent major data breaches are, you should also avoid sharing anything that you wouldn’t want to become public.

Not only does Facebook Messenger collect metadata and information about your phone and share it with third-parties, the app does not offer end-to-end encryption by default. Even worse, Facebook admits that it has full access to users’ conversations. Still, if you must use Facebook Messenger, enabling end-to-end encryption and the app’s automatic message deleting feature is your best bet. 

Enabling these features is generally straightforward and can be done with just a few clicks.

  1. First, select the new message icon in the upper right corner of the app.
  2. From there, select the “Secret” button in the top-left corner.
  3. Next, select the friend you wish to message.
  4. To have your messages deleted automatically, select the timer icon on the left side of the chat bar and choose anywhere from 5 seconds to 1 day.

Signal

Signal is considered by many security experts to be the gold standard for secure instant messaging. With millions of users and growing, the app, which features messaging, group chats, as well as voice and video calls (all of which is encrypted), has become increasingly popular as internet users learn more and more about just how vulnerable their data is online.

PROS

  • Built with privacy in mind
  • Offers end-to-end encryption by default 
  • Does not collect and store user’s information

CONS

  • Requires providing your phone number
  • Less features than leading apps
  • Smaller user base than leading apps

Based on its structure, Signal is by far the best app for speaking securely with friends and family. While you do need to provide Signal with a phone number to register your account, the app makes no attempts whatsoever to link that number to your actual identity. Beyond that, Signal collects nothing, and, thanks to its encryption, cannot access any of your conversations either.

“Conversations around end-to-end encrypted apps are usually focused on the value of privacy and the security the cryptographic systems provide. Another important feature that is becoming more relevant is verification,” WhiskeyNeon, a hacker with the Dallas Hackers Association, told the Daily Dot. “How do you know the person you are messaging is actually the person you intended to speak to, and not an attacker?

With SIM Swapping, SMS re-routing, and SS7 attacks, we see examples of how communications can be intercepted with potentially devastating outcomes. [End-to-end-encryption] messaging platforms ensure that we know who we are speaking to and know when/if another party is attempting to impersonate or intercept communications with the intended recipient.”

Although Signal may not come with the latest features, the app is the best choice for your most private conversations. If you must share sensitive or personal information, Signal also includes an option to automatically delete messages as well. Having messages auto-delete helps add a layer of protection in case your physical phone is compromised. If someone is scrolling through your messages, they won’t have an enormous archive of messages to snoop through.  

How to keep your email secure

No discussion on digital communications would be complete without mentioning email. With more than 4 billion daily users, email is one of the most prolific tools for staying in touch online. But as with any medium, there are considerations that need to be taken into account when it comes to privacy and security.

Since email is so ubiquitous with how we spend our time online, it is often a first target for hackers. Most of our accounts online are linked to an email address, which makes your inbox a goldmine for hackers not only looking for your personal information, but for potential access to much of your online life.

We all know not to click suspicious links in emails. We also know that using a strong and unique password for your email as well as two-factor authentication (2FA) is an absolute must regardless of which service you use. But there are also pros and cons to various email providers.

There are plenty of email options out there. But which service should you ultimately use?

The Daily Dot will break down two of the most popular email services—Gmail and ProtonMail—discuss their pros and cons, and what you should and shouldn’t send over email.

Gmail

With well over 1.8 billion users, Google’s Gmail is arguably the most prominent and popular email service in the world. Free, easy to use, and full of features, Gmail is often many people’s first pick when setting up a new email address.

Gmail also does an exemplary job in protecting its servers, ensuring that your data stays out of the hands of hackers. Gmail’s filters likewise keep spam, viruses, and malware from ever making its way to your inbox.

PROS

  • Secure
  • Easy to use
  • Free

CONS

  • Privacy issues
  • Ads in your inbox
  • Not open-source

But while Google may be protecting you from outside threats, it’s actually Gmail itself that you should be worried about. As is the case with most of its services, Google aggressively monitors all of its apps and tools in order to monetize your online activity.

For example, if you’ve downloaded any third-party apps or add-ons in Gmail, such as a task manager or document signing tool, those apps are often granted the ability to read your emails.

So, if you choose to use Gmail, what should you use it for? Given its strong security, Gmail can be useful for registering important online accounts. It’s wide-range of features also makes it great for running business accounts.

But due to privacy issues, Gmail should not be used for any correspondence that you wouldn’t want Google or third-party apps to potentially see.

Although it is ill-advised to send sensitive content over Gmail, there are other tools you can use to make your communications more secure. 

The service Privnote, for example, will let you create a note that will self-destruct after it’s been opened by the recipient. Simply visit the Privnote website, write your note, and send the link over Gmail. 

This might be a good service to send a Netflix password to a family member—making sure no one else gets their hands on it. 

ProtonMail

ProtonMail is a popular Swiss-based email service founded in 2013 that aims to put privacy and security first. If you’re looking for a more private and secure way of sending emails, ProtonMail is a great option. 

ProtonMail offers end-to-end encrypted email by default between users, which scrambles your conversations so that only you and the recipient can read them.

Not only that, ProtonMail stores all emails on their servers with zero-access encryption, which means not even ProtonMail can see what’s in your inbox.

PROS

  • Secure
  • Private
  • Free

CONS

  • Costs for additional storage
  • Less features
  • Phone verification upon signup

Although ProtonMail is free, heavy email users may have to pay in order to increase their storage. While ProtonMail may not have all of the bells and whistles that Gmail does, the email service is the best available for anyone looking to have private conversations.

The features ProtonMail does provide are aimed at securing your conversations with little-to-no work from the user. And since ProtonMail is based in Switzerland, your account is protected by some of the strongest privacy laws in the world.

Even though emails to non-ProtonMail users are not end-to-end encrypted, ProtonMail offers a feature that lets you send an alert to other email users that let’s them click a link and open a password-protected message on ProtonMail’s servers. So if you’re using ProtonMail and your friend doesn’t use it, you can set up a password for them to enter to view the message. 

ProtonMail even has a self-destruct feature that will delete your emails from other ProtonMail users’ inbox after a set amount of time. 

Due to it’s top-notch stance on privacy and security, ProtonMail is best used for those looking to securely communicate without fear that advertisers or other entities are joining in as well.

If you want to dive in with Signal, our next guide on staying safe with messaging will lay out exactly how to install the app on your phone. 

Before you go:

While we’ve laid out the pros and cons of the more popular messaging apps, there are always more ways to keep yourself safe online. Here are some frequently asked questions that you may be asking yourself as you start to try and think about locking down the security of your messages: 

  • If I get an unsolicited text message with a link attached to it, should I click it? 

No, you should avoid clicking on any links from unknown senders. An unsolicited link could be part of an attempt to either steal your information through a phishing attack, where a hacker tricks you into giving up login credentials, or to compromise your device with malware.

  • If I get an email with an attached file that has a virus, can I still get that virus if I open the email but don’t click the attachment? 

Generally, as long as you do not open any malicious attachments (or click on any links) you should be fine. Your best bet is to always avoid opening files from unknown senders.

  • Is it OK to send a password of mine to a family member over Gmail? 

If possible, you should avoid sending any passwords over email, including Gmail. Doing so can open you up to being hacked if your or your recipient’s email is ever compromised. While you may not have been hacked, sending an email means that message is in their inbox. If they get hacked, your message—in this case containing your password—is right there for the hacker to see. 

  • Should I use the same password for different apps and websites? 

You’ve probably heard this before, but no, you should use long and unique passwords for every site and service online. If just one of the services is hacked and your password exposed, an attacker will be able to access all of your accounts. A password manager can help you not only generate strong passwords but will securely store them for you as well.

  • What is two-factor authentication? 

Two-factor authentication (2FA) is an extra layer of security that ensures your online accounts are protected by more than just a password. For example, a service may text you a unique code after you enter your password to make sure that it is actually you accessing your account. Look in the security settings for the apps you use to see if 2FA is available and, if possible, use an app like “Google Authenticator” to generate 2FA codes right from your phone.

If you’re still itching for ways to keep your messages more secure online, check out our next guide, which will show you the step-by-step process to download Signal. 

MEDIUM: How to Use Signal on Your Phone

Signal

Signal’s greatest strength is both its simplicity and its strong default privacy settings. 

As we mentioned in our last guide: While tools such as Facebook Messenger and WhatsApp collect reams of metadata surrounding your online activity, Signal does not. 

Although WhatsApp can be configured to use end-to-end encryption, meaning your conversations can only be seen by you and the recipient, Signal offers encrypted text messaging, voice calls, video calls, group chats, and other features designed to protect your data from the get-go.

In our last guide, we mentioned the pros and cons of using Signal. 

PROS

  • Built with privacy in mind
  • Offers end-to-end encryption by default 
  • Does not collect and store user’s information

CONS

  • Requires providing your phone number
  • Less features than leading apps
  • Smaller user base than leading apps

But if you’re here, you probably have decided the Signal is something you want to explore as a way of keeping your messages secure. 

Available for Android, iOS, and Desktop, Signal offers the easiest and quickest way to begin communicating securely in just a matter of minutes. The Daily Dot will walk you through downloading Signal, giving you a great way to keep your messages secure. 

How to Use Signal on Your Phone

If you want to have an easy way to send private messages, downloading Signal is pretty much fool-proof. 

How to download Signal for free

  • Step 1: iPhone users can simply visit the Apple App store while Android users can head over to the Google Play store. And remember, Signal’s encryption is designed to work with other Signal users, so make sure to encourage your friends and family to download it as well.
  • Step 2: Once downloaded, Signal will ask iOS users to provide their phone numbers in order to “Activate This Device.” Signal will then send you a six-digit code over SMS. Enter that code into Signal and select “Submit Verification Code.” For Android users, simply enter your phone number into Signal and hit “Register.” Your number will be automatically verified as a result. Signal will then ask you if you’d like to use Signal as your default SMS messenger. 
  • Step 3: To send your first message using Signal, simply click the pencil icon in the top-right corner of the app and select a Signal user. Once selected, you can either begin messaging, select the phone icon in the top-right corner to make an encrypted call to that user, or select the camera icon in the top-right corner to initiate an encrypted video chat. That’s it! All your communication will be automatically encrypted, ensuring your conversations are protected as they travel between you and your recipient.

Before you go:

  • Does Signal encrypt messages to non-Signal users?

No, Signal messages will only be encrypted if the recipient is using Signal as well.

  • Can I make Signal my default messaging app?

On Android you can set Signal to be your default messaging app—but that means messages from people without Signal will show up in the app. However, Signal has a pretty easy way to decipher which messages are encrypted and which ones are not. If your message wasn’t encrypted (sent or received from someone not on Signal) a little icon of an unlocked lock will appear next to the messages you send and receive.

Additionally, the button you click before sending a message will be a different color. If the button is blue, it means the message is encrypted. If the button is grey, it means you are sending the message to someone who doesn’t have Signal.

You can’t make Signal your default message app on iOS, which means you can only communicate with other Signal users on iPhones. The same goes for using Signal on your desktop computer.

Now that you’ve got Signal installed, our next guide will show you more advanced features that will truly make your messages even more secure.

HARD: How to use Signal with a secondary number

Using Signal for your everyday communications is great, but what if you don’t want your recipient to have your personal number? Or what if you want a phone number that you can publicly share? And what if you want to lock Signal down even further than it is by default?

Registering Signal with Google Voice

Step 1: Set up Google Voice

One of the best methods for setting up a secondary Signal number is to use Google Voice. 

By doing so, you can register a new Signal account that isn’t linked to your personal device. Google won’t have access to any of the data related to your new Signal account either, so no need to worry there. The new number on Signal is similar to a username.

First, you’ll need a device to run Signal on that isn’t your primary phone. 

You can run Signal on a separate phone or right from your computer. Next, head over to voice.google.com, select “For personal use,” and choose “Web” when prompted.

Step 2: Pick An Available Phone Number

You will next get the option to choose which area of the country you want your phone number to be associated with.

Once you’ve selected an available phone number by city or area code, click “Verify” and enter either your personal cell phone number or a landline number. Google will send you a code to enter to verify your account.

Now that you have your Google Voice number, simply enter it into your new Signal account when registering. Signal will send your verification code to your Google Voice account. Once completed, any Signal message sent to your new number will go straight to your Signal account on your new device.

Registration Lock

From there, you can lock down your new Signal account even further. 

Step 1: Registration Lock

If you’re using your new Signal account on a phone, one of the first things you’ll want to do is enable the “Registration Lock.” 

This allows you to set a secure PIN to protect the phone number you use for Signal. For example, if you lose your Google Voice number and someone else obtains it, they won’t be able to register a new Signal account without your PIN. 

To enable the feature on either iOS or Android, select Settings, Privacy, and Registration Lock. After creating a secure PIN, you are good to go!

Disappearing Messages

The next feature you’ll want to turn on for added privacy is “Disappearing Messages.” 

Step 1: Enable Disappearing Messages

“Disappearing Messages”, as the name implies, makes sure that you and your recipient’s messages disappear off of one another’s phones after a predetermined time. This way, if anyone gets ahold of your phone, older messages will no longer be visible.

For iOS users, enabling Disappearing Messages starts by selecting the recipient’s profile picture at the top of your conversation. 

From there, toggle the Disappearing Messages option and choose how long before you want messages to begin disappearing. You can select a range of time frames between 5 seconds after a message is sent all the way up to 1 week.

For Android users, select the three dots in the top-right corner of any conversation, select “Disappearing Messages,” and likewise choose which time frame works the best for you.

Disabling iCloud backup for Signal call data

Another important step for iOS users is to ensure that none of your Signal data gets backed up to iCloud. 

Step 1: Disable iCloud backup 

Signal calls by default show up in your phone’s regular call history—which includes who you communicated with, for how long, and when. If you also regularly sync your phone’s data with iCloud, that Signal call metadata can be included as well. 

To stop your phone’s call history from including Signal calls, simply enter the Settings menu in Signal, select Privacy, scroll down to “Show Calls in Recents” and toggle the option off. 

If you’ve ever shared a link in a chat, you’ve likely noticed that a link preview of that link will appear. This allows you to see a glimpse of the site you are about to visit without actually clicking the link. Signal is no different. 

In order to provide you with a preview, messaging apps—including Signal—have to communicate directly with the webpage you’re linking to. This means that the website will know that a Signal user shared their link.

To disable link previews on iOS or Android, select Settings, Privacy, and toggle off the “Generate Link Previews” option.

Further securing your device

Signal’s end-to-end encryption is designed to protect your conversations as they travel from you to your recipient, blocking any third parties such as your cell phone carrier from being able to read their contents.

But if someone obtains your unlocked phone, all your messages could be exposed. In order to protect yourself from such threats, there are a few additional steps you can take.

Screen Lock

Step 1: Enable Screen Lock 

Just like your phone has a lock screen, so does Signal. 

In order to enable this feature on iOS and Android, go to Signal’s Settings, select Privacy, and toggle on the “Screen Lock” option. 

Signal will now be protected by the same method you use to protect your phone, whether that’s a PIN on Android or Face ID on iOS. 

Step 2: Choose how long to keep Screen Lock on

You can also set how long until Signal locks you out by selecting a time next to the “Screen Lock Timeout” option.

Obscure Signal in the app switcher

Another important feature is the ability to obscure Signal in your app switcher. When flipping through your apps, it is easy to expose what you are doing on an app if anyone is looking over your shoulder. Thankfully, Signal offers a way to make sure your conversations never show up in the app switcher.

Step 1: Obscure Signal in your phone’s app switcher

To enable the ability to obscure your Signal message while switching apps, select Settings, Privacy, and toggle the “Enable Screen Security” option.

Before you go:

  • Do I have to use Google Voice for my secondary number?

No, you can also obtain a secondary number by purchasing a new SIM card. Simply plug the SIM card into a phone and set up Signal as you normally would.

  • Do I need a new number to use Signal Desktop?

No, you can link an existing Signal account to your Desktop if you prefer. On the phone running your current Signal account, select Settings, Linked Devices, and Link New Device. Next, Signal will open your camera and ask you to scan the QR code that appears when you open Signal Desktop.

That’s it! You can now securely send messages over Signal with your secondary phone number. Make sure to check out the Daily Dot’s other guides to learn how you can further lock down your digital footprint. 

Share this article
*First Published: Aug 27, 2021, 12:31 pm CDT