Our videos have over 5 million views on Youtube! Visit our channel now »
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users, which may also affect the product's ranking on the website.

Why Encrypted Messaging Apps Should Not be Trusted

Fidelis Cybersecurity have recently expressed their growing concern related to the safety of using messaging apps like whatsapp, signal and others. We spoke to John Bambenek, Threat Systems Manager at Fidelis Cybersecurity, to find out why messaging apps may not offer users the expected level of privacy, what’s problematic and what can users do to maintain their privacy.

Which messaging apps have you found to be most vulnerable and why?

WhatsApp and Confide both have had public issues reported this year.  That said, there is only a subset of issues researchers can test (namely the applications themselves and the public interfaces to their backend).  There may be vulnerabilities in the backend of the infrastructure these applications use that could expose people to eavesdropping or other issues.

What kind of abuses are most common on messaging apps?

Although so far there hasn’t been much in the way of large scale scamming, I would characterize the use of messaging apps is either highly targeted or experimental.  Generally it involves abusing someone’s trust that “encrypted” messaging also means “trusted” when they are no more inherently trustworthy than other messaging apps.  They provide you protection against eavesdropping but there are many other forms of malfeasance.

What is the Do Not Call Registry? And how can it help prevent fraud and spam on messaging apps?

The Do Not Call Registry is part of a program by the U.S. Federal Trade Commission where you can place your phone number on a list that telemarketers are required to have and use to prevent them from calling you. The problem is that enabling legislation only applies to phone calls, and there was no consideration of non-telephony communication such as encrypted text messages or phone calls (i.e., apps such as Signal).

What can people using messaging apps do to protect their privacy?

The important thing to realize is that you need to verify the identity of new contacts outside of the application (i.e. call them on the phone, send an email).  Take notice of odd changes or linguistical oddities of messages.  For instance, if a contact is American and they start spelling words like “colour”, something could be up.

In your opinion, what should messaging app operators do to ensure the safety of their users?

As with any encryption system, having transparent, third-party verification of their encryption and their security should be published so users can have greater confidence in the providers.  They should also proactively look for spammers, scammers and others who would abuse their systems and block them.




About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
Voted by Users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.