Sometimes you need to chat about a subject and you can’t chance the information getting into the wrong hands. Maybe you’re sending personal data or discussing sensitive company details. Regardless of why you need to ensure a secure conversation, the bigger question is “How do you go about it?”
Fortunately, you don’t have to install an encryption engine, type your text, encrypt it, and copy and paste the encrypted message into the chat app (although you could do that). Instead, you can take advantage of one of the many secure chat apps available. Desktop apps, web-based apps, and mobile apps — you’re covered on all platforms. Let’s dive in and look at some of the best free apps for securely chatting with your friends, family, staff, and clients.
Note: This article is also available as an image gallery and a video hosted by TechRepublic columnist Tom Merritt.
ChatSecure (Figure A) is an open source chat app for both Android and iOS that uses Off-the-Record (OTR) Messaging over XMMP. You can use this app to chat via your preexisting accounts (Google Chat, Facebook Chat, VKontakte, Yandex, Hyves, Odnoklassniki, StudiVZ, Livejournal, Jabber, and more).
It allows you to set a master password to keep prying eyes out of the chat app itself, supports WiFi Mesh Chat (chatting with others on the same local wireless or mesh network ─ no server required), and even enables you to create anonymous “burner” chat accounts. If you have to do anonymous chatting, and you’re behind a firewall, you can install the Orbot proxy tool, which will get you through. (Orbot is also required to create “burner” accounts.) With ChatSecure, two-way encryption cannot take place until a user has been verified (done through the app). Once verified, you can encrypt conversations and each sent message will indicate if it is encrypted or not.
Cryptocat (Figure B) is a secure open source messaging extension for the Google Chrome browser. All messages are encrypted before they leave your computer, so there’s no concern that plain text is being sent and then encrypted on a third-party server.
With Cryptocat, you can do group chats, file sharing, connect to Facebook Messenger, and more. Cryptocat includes a built-in key generator, so you don’t have to worry about importing your own encryption keys. There’s one caveat to using Cryptocat: The person you’re chatting with must also be using Cryptocat — this goes with Facebook Messenger chats.
One interesting Cryptocat feature is the ability to join what is called the “lobby.” Within the lobby you can chat with any other Cryptocat users who happen to be hanging out. To start a chat, you enter a name for the chat, create a username, and click Connect. Once you’re in, tell the other users the name of the chat room and have them join. Cryptocat is a bit of a nod to old school IRC chats, but it gets the job done quickly and easily.
3: Surespot Encrypted Messenger
Surespot Encrypted Messenger (Figure C) is an end-to-end symmetric encryption messaging tool (using 256-bit AES-GCM encryption) that creates keys using 521 bit ECDH shared secret derivation. It’s private — period. The best thing about Surespot is that all the privacy is built-in, so you won’t even notice the security layer.
When you first run Surespot, you create a username and password. It is important that you not forget this password, as there is no way to recover it. You’ll also want to back up your Surespot identity once created. If you don’t do this, and you need to re-install the app, you won’t be able to log back into your Surespot account. With this locked down system, it’s nearly impossible for someone to steal your Surespot identity. One nice touch is that you can’t even take a screenshot of an in-progress chat.
Surespot is free, but you can purchase an encrypted voice messaging feature. (It’s free to receive and play messages; it costs only to record and send voice). The cost for the voice is $1.99 USD and is an in-app purchase. Surespot is available for both Android and iOS.
Tox (Figure D) is somewhat new to the world of secure chatting. It was created as a reaction to concerns of Skype’s privacy (or lack thereof). Tox uses dispersed networking and strong cryptography to create a secure (using NaCl crypto library) messaging system for everyone. Users are assigned a private and public key and connect to one another directly — no middleman or third party involved.
With Tox, you can do text, phone, and video, all secure. Tox is free, open source, and available on Linux, Windows, and Mac. Its interface is incredibly easy to use (anyone of any skill level can start using right away) and doesn’t require you to connect with your Facebook, Google, Twitter, or any other account.
ChatCrypt (Figure E) offers another nod to old-school chatting tools, with a web-based system that encrypts all messages before they leave the browser (so they can’t be read on the server side). You enter the site, create a room and username, set a password for the room, share the password to anyone you want to join, and start chatting.
The system works by utilizing the AES-256 algorithm in CTR mode. So long as the secret (strong ─ hint, hint) password created for the chat doesn’t end up in the hands of the wrong people, the chat will go off securely and no information will be leaked. The only caveat with ChatCrypt, is that you get text chatting only. But at least you can invite as many people as necessary into the chat.
- Five mobile reference apps for quick access to the info you need
- Keep your data safe with one of these five cloud backup tools
- Five mobile news readers for tracking the info you need
If you’re looking for the means to securely chat with your fellow staff, friends, or family, the tools are available. All you need to do is look beyond the conventional means and you’ll find the right app or service to communicate your ideas securely.
What secure chat apps would you add to the list? Share your recommendations with fellow TechRepublic members.