-
@ ScaleBright Solutions
2025-03-28 12:38:37This week would have normally been a “People” category post, but with the news of Telegram CEO Pavel Durov’s arrest in France, I thought it would be a good opportunity to talk about secure communications instead.
When we say “secure communications” you probably imagine a stereotypical spy movie scene where a character at a payphone delivers the line “…is this line secure?”. While the days of ubiquitous payphones are mostly past us, many of us still like the idea of having at least private conversations with others.
We’re going to get the most technical and difficult parts of all this out of the way first. The difference between public, private, and secure communications, and the most difficult of all, figuring out what you want.
Public communications: Social media posts, blog posts, news media, and advertisements are public. They’re meant for a broad audience and we typically don’t care who sees them.
Private communications: Traditional telephone calls and physical mail are private. They’re meant for only the sender and receiver to see, but we don’t usually go out of our way to stop others from seeing the contents (i.e. we leave our mail on our car seats and kitchen tables).
Secure communications: Paper cheques, tax filings, and love letters. We’re willing to take extra steps to make sure others don’t see them (i.e. security envelopes and in-person delivery).
Most of the time private will do just fine. Apple’s iMessage and SMS or RCS everywhere else for texting does the job. Facebook Messenger, WhatsApp, and email are also fine. The average ne'er-do-well would need to steal your device to get access, and even then screen locks and passwords will stop most of them.
Platforms like Facebook Messenger and Signal advertise something called “end-to-end encryption” (abbreviated “E2E”). This means that before the message is sent it’s scrambled in such a way that only the receiver can unscramble it to read it. The problem is that we’re required to trust the provider, whether it be Facebook, WhatsApp, or Apple, to not lie and spy on us. In the case of Telegram, France arresting their CEO pushed Telegram over some people’s risk boundary as Mr. Durov may be willing to trade his freedom for government access to everyone’s messages. Who you decide to trust is entirely up to you.
If your answer is “I trust none of them!”, you may be willing to put in the work to set up secure communications. The idea is to host the platform (or at least the security functions) yourself so you don’t have to trust someone else to do it for you. As of the posting of this article, there are 3 systems I can recommend. They all come with tradeoffs and a fair amount of work to set up.
Email with PGP: PGP is an E2E system for email. Most email clients have a built-in way to use it. The hardest part is usually getting your contacts you want to use PGP with set up as well. It can also be difficult to use on mobile devices.
SimpleX: While quite secure, this system is still very much in testing. It’s also difficult to set up and use in a way that doesn’t rely on the creator’s servers (remember the trust issue?).
Matrix: This one takes a bit of work to set up and can be slow depending on your internet connection, but it’s the most full-featured and mobile-friendly of the systems I’ve tested. The biggest tradeoff is that you’ll need your own server.
Want help setting up secure communications for your business or personal group? You can find us at scalebright.ca.