Our videos have over 5 million views on Youtube! Visit our channel now »
The listings featured on this site are from companies from which this site receives compensation. Read the Advertising Disclosure for more information
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Why Encrypted Messaging Apps Should Not be Trusted

Fidelis Cybersecurity have recently expressed their growing concern related to the safety of using messaging apps like whatsapp, signal and others. We spoke to John Bambenek, Threat Systems Manager at Fidelis Cybersecurity, to find out why messaging apps may not offer users the expected level of privacy, what’s problematic and what can users do to maintain their privacy.

Which messaging apps have you found to be most vulnerable and why?

WhatsApp and Confide both have had public issues reported this year.  That said, there is only a subset of issues researchers can test (namely the applications themselves and the public interfaces to their backend).  There may be vulnerabilities in the backend of the infrastructure these applications use that could expose people to eavesdropping or other issues.

What kind of abuses are most common on messaging apps?

Although so far there hasn’t been much in the way of large scale scamming, I would characterize the use of messaging apps is either highly targeted or experimental.  Generally it involves abusing someone’s trust that “encrypted” messaging also means “trusted” when they are no more inherently trustworthy than other messaging apps.  They provide you protection against eavesdropping but there are many other forms of malfeasance.

What is the Do Not Call Registry? And how can it help prevent fraud and spam on messaging apps?

The Do Not Call Registry is part of a program by the U.S. Federal Trade Commission where you can place your phone number on a list that telemarketers are required to have and use to prevent them from calling you. The problem is that enabling legislation only applies to phone calls, and there was no consideration of non-telephony communication such as encrypted text messages or phone calls (i.e., apps such as Signal).

What can people using messaging apps do to protect their privacy?

The important thing to realize is that you need to verify the identity of new contacts outside of the application (i.e. call them on the phone, send an email).  Take notice of odd changes or linguistical oddities of messages.  For instance, if a contact is American and they start spelling words like “colour”, something could be up.

In your opinion, what should messaging app operators do to ensure the safety of their users?

As with any encryption system, having transparent, third-party verification of their encryption and their security should be published so users can have greater confidence in the providers.  They should also proactively look for spammers, scammers and others who would abuse their systems and block them.

 

 

 

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.