Making sure all messages have backups could but your privacy at risk
In the digital age, we are always reminded to keep our computers constantly backed-up. To have a backup ready before updating our devices, in case the worst happens. When travelling, to make sure a backup is on hand. If you are in doubt, keep a backup. They are essential.
But with secure messaging, not so much. Secure chat backups put security back in place of convenience. For some, the priority is recovering the entire chat, regardless of what needs to be compromised. For others, losing older messages so that their privacy can be protected, as well as the people they talk to as more important. When you are choosing to have a backup for your secure messages remember, it is not just you at risk, it is everyone you have talked to as well. Their privacy is on the line.
Backup messages: How much do you have to give up for convenience?
When discussing back up messages, it can become complicated and detailed quite quickly. What do you have to give up to be able to get your data back? What is the middle ground between recovering what you have lost and keeping your privacy secure?
Back up messages have three main issues. Namely, what the risks are to the people you communicate with, how do you keep the backups protected and secure and if backups are a good idea to begin with?
Backups are designed for if your device or phone breaks, with it providing you the data you had lost. With apps, emails, photos and settings, it is extremely useful. Most of us, at some point, have has to back up our phones.
However secure messaging, E2EE especially, it is different. Should someone get hold of the backup for your device, there is the potential for them to take that and install onto another phone. With this, they can pretend to be and imitate you. Instantly, your privacy and security, as well as those you have messaged, has been compromised
Are there any other risks from backup messages?
It is not just you is at risk. Each backup of messages contains both yours and the receiver’s messages, potentially including attachments too. If your backup is unencrypted and someone were to get hold of it, how much could they learn about everyone you have talked to? This example may sound extreme, but a glance over at WhatsApp can show you that it is happening.
WhatsApp makes sure that automatically, chats are backed up to either iCloud or Google Drive. Sounds great right?
Until you find out that WhatsApp stores its backups in plain text. Completely unencrypted.
A complete compromise of privacy, this allows whoever has access to your device that has the backups, to read every message ever sent, as some people have sadly found out the hard way. And because WhatsApp decided to give users full protection from losing their entire chats, WhatsApp backups hold the complete history of chats that you have had with anyone you have messaged. Every single message. Another of the many issues that WhatsApp has.
“Puddle test” versus the “hammer test”: What does it mean to backup messages?
Centre to the issue of using backups for secure messaging is two tests, namely the “puddle test” and the “hammer test”. Which take priority? Getting the data back? Or being able to, if you wish to, permanently lose them? An article by Electronic Frontier Foundation (EFF), titled ‘Thinking About What You Need In A Secure Messenger’, they discuss the puddle and hammer tests.
Messaging developers sometimes talk about the “Puddle Test”: If you accidentally dropped your phone in a Puddle and ruined it, would your messages be lost forever? Would you be able to recover them? Conversely, there’s the “Hammer Test”: If you and a contact intentionally took a Hammer to your phones or otherwise tried to delete all your messages, would they really be deleted? Would someone else be able to recover them?
It is a question of losing your messages accidentally or deliberately deleting them. What takes priority: being able to recover the messages easily should you lose them or it making it as hard as possible to recover them, should you delete them intentionally? With passing the “puddle test”, you are presented with a problem. If you can recover your messages, would someone else be able too? Even the most encrypted backups can be easily exploited should the not have a strong enough password.
As also mentioned in the EFF post from above, there is also cases like this:
Cloud backups of your messages can throw a wrench in the “Hammer Test” described above. Backups help you pass the “Puddle Test,” but make it much harder to intentionally “hammer” your old messages out of existence. Apps that backup your messages unencrypted store a plaintext copy of your messages outside your device. An unencrypted copy like this can defeat the purpose of forward secrecy, and can stop your deleted messages from really being deleted. For people who are more worried about the “Puddle Test,” this can be a desirable feature. For others, it can be a serious danger.
It is a trade. Puddle or hammer. For our users, we believe that the risks in protecting puddles is far too great. Meanwhile the hammer test is what we aim to pass.
Hammering it home for backup messages
We see being able to make sure that your messages are gone and your security protected as more important than being able to recover messages should a device be damaged or be replaced. If your device is lost, wiped or restored, should messages be deleted or if you reset your SKY ECC password on the chosen device, then the messages are unable to be recovered, along with files stored on the device. Whilst potentially inconvenient, the trade-off allows for your privacy and security to remain. Whilst convenience is reduced, it allows for your communications to remain secure and protected.
Having a series of backups for your messages is not worth the price of protection and security. With computers and devices? Backups are a smart idea, but for secure chats? To keep your communications secure and protect the people you talk with, it is not worth it.
To learn about secure communications and discuss chat backups, contact us here at SKY ECC today