With Whisper Systems' TextSecure V2, encrypted messaging just got a whole lot slicker, faster, and easier to use. V2 drops both SMS and MMS in favor of a fully private and asynchronous messaging system that sends texts over a data network instead of via SMS protocol. TextSecure now behaves a bit like iMessage, but with added features like unlimited group chat and media attachments.Developed by a team that includes security researcher Moxie Marlinspike (who also created the secure RedPhone app), TextSecure encrypts users' text over the air through a data channel, but also locally on their smartphone (more on that below)."We've managed to take the desirable properties of perfect forward secrecy and deniability from protocols like OTR [Off-the-Record messaging] and translate it into this asynchronous environment," said Marlinspike of the new encryption behind TextSecure. "We've done this to eliminate common problems in traditional messaging like stale sessions or half-open sessions, and weird things where people have to reset things, or they get gibberish or whatever."As Marlinspike said, the team designed V2 so that it was as "low friction" or easy to use as iMessage or WhatsApp. Users simply want to download an app, set it up, and quickly being messaging, which isn't how end-to-end encryption apps are typically designed. Even Wickr, which also uses perfect forward secrecy, requires a lot of navigation to fully exploit its privacy features.After downloading and demoing TextSecure on my Android phone, however, it's clear that Whisper Systems really did nail ease-of-use on this iteration. From user interface to functionality, it's highly intuitive and fun to use to the point that it's really an unconscious effort.
Advertisement
Though the enhanced encryption is designed to be invisible to users, there is some pretty rad encryption protocols at the heart of V2. Marlinspike credited software and security engineer Trevor Perrin with doing the "heavy lifting" in innovating the fusion of the perfect forward secrecy of something like SCIMP (Silent Circle Instant Messaging Protocol) and Diffie-Hellman private keys for V2. Separately, the two protocols have deficiences, but together they offer stronger encryption. Perrin also worked on enhancing TextSecure's deniability through the OTR protocol. Users can send an IM to recipients, who can be sure the message is authentic but will be unable to prove the sender's identity to a third party (law enforcement, for example).As noted, TextSecure for Android provides local encryption. What this means is that basically anything stored on the app is encrypted on their Android devoice. So, even if a user doesn't delete a message, and someone is able to compromise their phone by gaining physical access, for example, they won't be able to get that data. The person with physical access could try to remove the storage media and check it with an electronic microscope, but they wouldn't be able to decrypt it.TextSecure's group chat, which is incredibly easy to set up, might just be its ace in the hole. With just a few taps, users can create a group, name it, give it an avatar, and invite recipients, who are all able to leave at will. This should, by all measure, make it a useful instrument for protest. But, as Marlinspike explained it, when shit hits the fan, users opt for the apps they use most often. The Arab Spring rebels used Twitter and Facebook, while London rioters opted for BlackBerry Messenger. If Whisper Systems has its druthers, TextSecure will be the go-to secure and encrypted messaging app for any situation, though Marlinspike does not deny its subversive political potential."I think it will be an excellent tool for people of all kinds who want to communicate privately or securely, and that definitely includes protesters, activists, and democracy advocates," said Marlinspike. "In those moments, it's unrealistic to expect that people will discover and install a new app. We're interested in supporting those moments, but we want TextSecure to be something that people are using before those moments begin."That, of course, will be TextSecure's big hurdle. No one is pretending that the app will reach the user base of WhatsApp or Snapchat over night. But, what Marlinspike & Co. did is significantly close the gap between fashion, functionality, and ease-of-use. With TextSecure, users can text as unconsciously as they do with the above apps, while knowing it is one of the most secure and private messaging apps on the market. Once TextSecure is ported over to iPhone, it should get another user adoption bump. At that point, hopefully word of mouth will take over, giving users the actual private, encrypted messaging app they deserve.I think it will be an excellent tool for people of all kinds who want to communicate privately or securely, and that definitely includes protesters, activists, and democracy advocates.