We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Why Encrypted Messaging Apps Should Not be Trusted

Ditsa Keren Technology Researcher

Fidelis Cybersecurity have recently expressed their growing concern related to the safety of using messaging apps like whatsapp, signal and others. We spoke to John Bambenek, Threat Systems Manager at Fidelis Cybersecurity, to find out why messaging apps may not offer users the expected level of privacy, what’s problematic and what can users do to maintain their privacy.

Which messaging apps have you found to be most vulnerable and why?

Both WhatsApp and Confide have experienced publicized problems this year. However, researchers are only able to examine a limited set of issues, specifically focusing on the applications themselves and the public interfaces to their backend. It is possible that vulnerabilities exist within the backend infrastructure utilized by these applications, which could potentially put users at risk of eavesdropping or other security concerns.

What kind of abuses are most common on messaging apps?

Although so far there hasn’t been much in the way of large scale scamming, I would characterize the use of messaging apps is either highly targeted or experimental.  Generally it involves abusing someone’s trust that “encrypted” messaging also means “trusted” when they are no more inherently trustworthy than other messaging apps.  They provide you protection against eavesdropping but there are many other forms of malfeasance.

What is the Do Not Call Registry? And how can it help prevent fraud and spam on messaging apps?

The Do Not Call Registry is part of a program by the U.S. Federal Trade Commission where you can place your phone number on a list that telemarketers are required to have and use to prevent them from calling you. The problem is that enabling legislation only applies to phone calls, and there was no consideration of non-telephony communication such as encrypted text messages or phone calls (i.e., apps such as Signal).

What can people using messaging apps do to protect their privacy?

The important thing to realize is that you need to verify the identity of new contacts outside of the application (i.e. call them on the phone, send an email).  Take notice of odd changes or linguistical oddities of messages.  For instance, if a contact is American and they start spelling words like “colour”, something could be up.

In your opinion, what should messaging app operators do to ensure the safety of their users?

As with any encryption system, having transparent, third-party verification of their encryption and their security should be published so users can have greater confidence in the providers.  They should also proactively look for spammers, scammers and others who would abuse their systems and block them.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address

Thanks for submitting a comment, %%name%%!

We check all comments within 48 hours to ensure they're real and not offensive. Feel free to share this article in the meantime.