Digital conversations have become an important part of our daily personal and professional routine. We call friends and family on WhatsApp or Skype, chat with classmates on Facebook messenger, and send emails from personal, school or work accounts. We also text people from our mobile phones and argue with strangers on online discussion boards.
All these conversations travel through complex infrastructure involving multiple routers, servers, and cables. Various people or organizations – from half-amateur hackers to internet service providers equipped with sophisticated tools – can tap these conversations at any of these points. Whichever digital communication technology you use, the basic tips listed below can help you keep your online conversations private and secure.
1. Use encrypted and open-source channels
While there are many email services and messenger apps on the market, not all of them do an equally good job at keeping your conversations private and secure.
If you want to keep your conversations strictly between you and the people you are communicating with, use apps and services that offer end-to-end encryption. As mentioned above, your digital conversations travel through complex infrastructure and can be intercepted by various actors at numerous points. The only reliable way to secure your conversations is to use services that encrypt (that is, turn into a complex code) everything that leaves your device and do not decrypt it until it reaches the device of the intended recipient. Even if an encrypted email or call is intercepted somewhere between your device and the intended recipient, all that the people who intercept it will see is a string of meaningless characters.
You should also choose open-source apps over proprietary commercial products. Software is open-source when its code is accessible to anyone who wants to see it. It means that independent experts and tech-savvy users can inspect the code that makes up the app, detect and fix vulnerabilities in it, and see whether the app does a good job at securing user data.
ProtonMail offers a free and open-source and end-to-end encrypted email service that protects and secures your email communications. Among free and open-source messenger apps, Wire and Signal are the most secure free end-to-end encrypted options on the market. If you are on Telegram, make sure you use Secret Chats (regular Telegram chats are not end-to-end encrypted).
2. Secure your devices
While end-to-end encryption secures your conversations from being tapped on their way between you and the intended recipient, it cannot protect digital communication from being intercepted or monitored on your or the intended recipient’s devices. This can happen, for instance, when you leave your device unattended or lose it without enabling automatic screen lock. This can also happen when your device is infected with malware. A virtually invisible piece of malware on your device can, among other things, record every keyboard stroke and send it to someone.
Always keep software and hardware on your devices up-to-date. Set your devices to lock screens automatically after a brief period of inactivity. Make sure you have antivirus software running on desktops and laptops. Learn more about what you can do to protect your devices (and secure your conversations along the way).
3. Stop using SMS
Short messaging service (SMS) that people use to exchange texts on their phones is outdated and insecure. First, SMS messages are not encrypted. They can be intercepted, often without particularly sophisticated tools. Second, these messages carry metadata that identifies the sender and the receiver. Third, it is easy to spoof SMS messages – that is, to make them appear like they are sent by someone you know. So, you can never know for certain who a particular SMS message is really coming from. Finally, mobile service providers store SMS messages and their metadata for a long time, sometimes forever. This makes it more likely that your conversations will be seen by someone without your knowledge or consent.
If you want to keep the texts you exchange with other people private, use an end-to-end encrypted messaging app from the ones we identified above. When this is not possible, use Android or Apple built-in data-based messaging systems, rather than SMS-based messages.
- To make iMessage the default messaging system on an Apple device, go to Settings > Messages and turn on iMessage. With this setting on, you can send texts, photos, videos, and audio files to other people using iPhones, iPads or Macs over an encrypted connection.
- Most newer Android devices come with Messages, Google’s data-based messaging app. If your Android device does not have the Messages app, download it from the Play Store. To make Messages your default messaging app, go to Settings > Apps and notifications > Advanced > Default apps > SMS app. Then, select Messages as your default messaging app.
- To send encrypted messages through the Messages app, you need to enable chat features. To do so, open the Messages app on your device and tap the three vertical dots in the upper right corner. Select Settings > Chat features. Toggle Enable chat features on.
- If the Messages app is not available in your country or on your device, use an end-to-end encrypted messaging app from the ones we identified above.
4. Delete old messages
One way to protect text, photo and video messages on your device from prying eyes is to delete old messages regularly. By doing so, you make sure that other people do not see your messages if your device is lost or stolen (or if someone pressures you into unlocking the device for them). Deleting old messages also saves us space on your device.
It is a good idea to set your device to delete old messages automatically. Unfortunately, this option is not available in Google Messages on Android devices. So, if you use an Android device, you need to delete old messages manually on a regular basis.
To set an iPhone or iPad to delete old messages automatically, go to Settings > Messages. Scroll down to the section labelled MESSAGE HISTORY and tap Keep Messages. Choose 30 Days to delete all messages older than a month. With this setting on, your device will automatically delete all messages after 30 days. If you want to delete messages before they remain on your device for 30 days, you will need to do so manually.
Keep in mind that deleting messages on your device does not delete them on the devices of the people you sent these messages to.
5. Use disappearing (timed) messages
Most messaging apps allow you to send messages that disappear after a certain period or after they are seen by the person you are sending them to. This protects your messages from prying eyes in case your device is compromised or stolen (or if someone pressures you into unlocking the device for them). This also protects your messages from being accessed through the device of the person you are sending them to.
You should strongly consider using disappearing (timed) messages when sending texts, photos or videos. Keep in mind that setting your messages to disappear after a certain period, or as soon as they are read by the person you are sending them to, does not prevent the person from copying these messages and keeping them on their device.
6. Use strong passwords and 2FA
Protect every email and messaging-service account you use with a password that is impossible to guess or crack. A password is strong when it has at least 12 characters, including upper- and lower-case letters, numbers, and special symbols. Random combinations of these characters make the strongest passwords. Read more about how to create passwords that are hard to crack.
Make sure to use a unique password for every account you have. Read more about why it is a really bad idea to use the same or similar password for different accounts. Do not fret over having so many complex and unique passwords – you can use a password manager to “remember” and store them safely for you.
Unfortunately even the strongest password can be stolen or compromised in some other way. This is why you should use two-factor authentication (2FA) to protect your email and messaging-service accounts. When enabled, 2FA requires that you use a second way of proving your identity in addition to entering a password.
The safest way to use 2FA is to install an app on your smartphone that will generate temporary numerical codes. To access a social media account, you will need to enter such a code immediately after entering your password. Read more about how to use two-factor authentication to protect online accounts.
7. Think before sending
This is really simple: before sending a text, photo or video message, think honestly about whether you may one day regret sending it. Once you hit the “send” button, you often lose control of who has copies of your message. If you have something very private, confidential or sensitive to communicate, the best way to do it is by meeting the person face-to-face.