Are Secure Messaging Apps (like TigerText) really secure?

[suziezfranks]

I was wondering is secure messaging apps (like TigerText) and others that feature encryption, auto-delete messaging and are non-SMS so they don't leave copies of the message all over the place, truly secure? I mean can the NSA read them?

It seems like the encryption and auto-delete would make it impossible, and in the case of TigerText has HIPAA and SOX level security, but is the NSA or hackers now able to defeat this level of message security?

 

[Laura Knotek]

I doubt if there is anything the NSA cannot get if they really want it.

 

[suziezfranks]

Thanx for the response Laura.

It seems like if you use TigerText or some other secure messaging apps, then the probability that the NSA is willing to spend the time and effort to hack the messages; would be low. Unless they really thought you were a terrorist or something. With encryption, private network and auto-deleted messages, I would think secure messaging is a lot more secure and harder to hack then SMS messages so it is probably secure enough for normal use.

 

[hopmedic]

They are just as secure as the servers are, and as trustworthy as the developers who create them. In other words, without some way to validate the trustworthiness of those developers and the security of their servers, we're just playing a guessing game.

 

[jasqid]

Laura beat me to it, but if you post it "They" can get it. Eventually.

 

[Pete]

The NSA aren't interested in you. No one is sitting at a computer terminal reading through messages and laughing at your selfies.

 

[jasqid]

The NSA aren't interested in you. No one is sitting at a computer terminal reading through messages and laughing at your selfies.

you're right they aren't. But you still don't get it. People have to get away from the idea that "I'm not doing anything bad, so let them."

 

[Pete]

I'm not going to entangle myself into a political/civil privacy debate here, but I'll express a personal opinion.

Having been personally affected by an act of terrorism, I fully support any attempt to prevent such acts happening in the future. I don't want to see suffering like that again. Supporting the use of anti-NSA snooping helps to prevent that work happening as effectively as it could.

I'll not be drawn into further discussion on this. You have your view, I have mine.

 

[TheIsaacG]

I was wondering is secure messaging apps (like TigerText) and others that feature encryption, auto-delete messaging and are non-SMS so they don't leave copies of the message all over the place, truly secure? I mean can the NSA read them?

It seems like the encryption and auto-delete would make it impossible, and in the case of TigerText has HIPAA and SOX level security, but is the NSA or hackers now able to defeat this level of message security?

Reported to the NSA.

 

[N1NJ4K1LL3R]

HIPAA isn’t an encryption, it’s just a policy, basically, it means you will make your best effort to protect patient data, and its used as a certification sometimes. Hell, even a Fax machine is HIPAA compliant, as long as the Fax machine on the other end isn't in a public area.

Anyways, here are some lulz
nsa calls iPhone users zombies

 

[xratola]

I'm not going to entangle myself into a political/civil privacy debate here, but I'll express a personal opinion.

Having been personally affected by an act of terrorism, I fully support any attempt to prevent such acts happening in the future. I don't want to see suffering like that again. Supporting the use of anti-NSA snooping helps to prevent that work happening as effectively as it could.

I'll not be drawn into further discussion on this. You have your view, I have mine.

Agreed

 

[derDaniel]

Hike is pretty good

 

[th0mas96]

The problem are always the servers and the key transfer. Theoretically, you can just make up a key that's extremely secure and no one will be able to break it - but you can only use it one time, and it has to be as long as the data. And the problem is transferring this key, since you can't just send it to the chat partner (everyone could monitor it). The only messenger I've read about that has open sourced their security is telegram (Windows Phone client coming in January!!) which features Diffie-Hellman for transferring the key, which is extremely secure as of now. And RSA 2048 should be pretty hard for anyone without a quantum computer ;D
To TigerText, I haven't found anything on why they should be more secure than others on their homepage, maybe I need to take more time..

But always consider, if the NSA is behind you they'll get your texts, they have many people focussed on decrypting and even took part in developing security standards, so they MIGHT have included backdoors. Additionally, every app with servers in the US can be forced to give the NSA their data. So, there's not 100% secure way, but apps like Telegram are really good to go. The only theoretical threat to Diffie-Hellman known now is a MITM-attack, but that can be prevented by using certificate pinning or other verification methods.