Security Checklist for Safe Group Communications In Instant Messengers
27 Nov 2019
TL; DR: Group communications in popular instant messengers do not provide users with security standards presented in one-on-one chats.
Security isn’t rocket science, but who said it was easy?
Not everything in security is complicated, but it changes every day, it cannot be generalized, it cannot be gained by merely hitting checkmarks. That’s why it is so tricky to figure out, even when the number one goal and only job we have to do is to protect our data. It doesn’t sound complicated, but it feels like it.
One particular security sin that’s committed too often contributes to this problem massively.
Thinking You Have Figured The Whole Thing Out By Doing Only Half A Job
To explain this problem more clearly, let’s look at secure instant messengers.
Often they are utilized in two variants: one-on-one and group communications. Messengers figured out the first part, but leave the other one without much-needed attention.
Many messengers call themselves secure, when in fact they can only offer security in one-on-one chats. Group chats are present, but they raise a lot of security questions, and valid questions at that.
This is why we feel like it’s time to define security requirements for safe group communications, even though StealthTalk doesn’t have that functional yet for a blatantly obvious reason - we don’t roll out popular features before we can guarantee secure communications in them.
The work is underway, and it will be done, but right now we can only point out well-understood requirements that are necessary for safe group communications in groups.
And to make those requirements more digestible, we will explain them with analogy that makes sense.
3 Security Pointers for Safe Group Messaging
Security of group communications in instant messengers should be comparable to a situation when a group of people communicate in an isolated room. Here are three vital requirements for safe group messaging:
1) Closeness. The door to the room is only open to invited and verified users, nobody outside the room can speak into the room.
2) Confidentiality. Nobody should hear the communication happening inside from outside.
3) Detectable delivery of messages and authenticity. Everyone in the room should hear the communication clean and have a hand on the pulse of the conversation. Everyone in the room should know who spoke.
While some of these requirements seem to be obvious, not a lot of instant messengers hit all three points, as proven in a proof of concept work called “More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema”.
More is less, and that’s why StealthTalk prefers to stay away from group communications until the satisfying level of security can be achieved. Nothing about StealthTalk security is in beta, so you can be sure that the options we offer (3 person calls and one-on-one chats) work like intended.
To try StealthTalk’s “less is more” approach, start your free 30-day trial today.