Encrypted communication used to be too complicated for mainstream use, but approachable apps like WhatsApp[1] and Signal[2] have become a no-brainer for digital privacy. With all of their security-minded features, like disappearing messages and identity-confirming safety numbers, secure chat apps can rightfully give you peace of mind. You should absolutely use them[3]. As the adage goes, though, there's no such thing as perfect security. And feeling invincible could get you in trouble.
End-to-end encryption transforms messages into unintelligible chunks of data as soon as a user presses send. From there, the message isn't reconstituted into something understandable until it reaches the receiver's device. Along the way, the message is unreadable, protected from prying eyes. It essentially amounts to a bodyguard who picks you up at your house, rides around with you in your car, and walks you to the door of wherever you're going. You're safe during the transport, but your vigilance shouldn't end there.
"These tools are hugely better than traditional email and things like Slack" for security, says Matthew Green, a cryptographer at Johns Hopkins University. "But encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to, you’re screwed."
On one level it's obvious that both you and the person you're chatting with have access to the encrypted conversation—that's the whole point. But it's easy to forget in practice that people you message with could show the chat to someone else, take screenshots, or retain the conversation on their device indefinitely.
Former Trump campaign chair Paul Manafort found this out[4] the hard way recently, when the FBI obtained messages he'd sent over WhatsApp from the people who received them.
'Encryption isn’t magic. You can easily