Messaging apps listed here do not expose your phone number or email address. Notes within [brackets] are potential negative attributes:
In a world of encrypted services, a potential solution could be to go back a few decades. It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved - they’re usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication. This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions and certainly doesn’t give any government power they shouldn’t have.
We’re not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we’re normally talking about suppressing a notification on a target’s device, and only on the device of the target and possibly those they communicate with. That’s a very different proposition to discuss and you don’t even have to touch the encryption.
-Ian Levy is the technical director of the National Cyber Security Centre, a part of GCHQ.
-Crispin Robinson is the technical director for cryptanalysis at GCHQ.
The new law, which has been pushed for since at least 2017, requires that companies provide a way to get at encrypted communications and data via a warrant process. It also imposes fines of up to A$10 million for companies that do not comply and A$50,000 for individuals who do not comply. In short, the law thwarts (or at least tries to thwart) strong encryption.
Companies who receive one of these warrants have the option of either complying with the government or waiting for a court order. However, by default, the orders are secret, so companies would not be able to tell the public that they had received one.
The following scoring table includes messaging apps that can be used across multiple platforms that synchronize conversations to all devices:
|Application||Additional sharing features- files, photos, etc||Group chats||Unified UI across platforms||Messages sync to all devices||Open source||Perfect forward secrecy||Ephemeral Messages||Contact Verification||Based outside the 5 eyes: +.5
Based outside the 14 eyes: +.5
|BabelNet||1||1||1||1||0||1||1||1||1 (Czech Republic)||8|
|Riot (Use with Caution)||1||1||1||1||1||1||0||1||0 (UK)||7|
|Keybase||1||1||1||1||1||.5 (exploding messages)||1||0||0 (USA)||6.5|
|Blackberry Messenger Enterprise||1||1||1||1||0||0||1||0||0 (Canada)||5.0|
The following scoring table includes messaging apps used on a single device:
|Application||Additional sharing features- files, photos, etc||Group chats||Open source||Perfect forward secrecy||Ephemeral Messages||Contact Verification||Clients on multiple platforms||Based outside the 5 eyes: +.5
Based outside the 14 eyes: +.5
|BabelNet||1||1||0||1||1||1||1||1 (Czech Republic)||7|
|Threema||1||1||.5||.5 (only on the network layer)||0||1||1||1 (Switzerland)||6|
|Riot (Use with Caution)||1||1||1||1||0||1||1||0 (UK)||6|
|Keybase||1||1||1||.5 (exploding messages)||1||0||1||0 (USA)||5.5|
|Conversations (XMPP)||1||1||1||.5 (OMEMO only)||0||1||0||.5 (Germany)||5|
|Blackberry Messenger Enterprise||1||1||0||0||1||0||1||0 (Canada)||4.0|