5 of 10Image
On the spectrum of privacy apps, Telegram sits somewhere between TextSecure and Snapchat and apparently has benefited big-time from Facebook's acquisition of WhatsApp.
Telegram has the usual self-destruct option for messages, and has promised no ads, no subscription fees, and no outside investment — except for a generous donation that helped kick it off.
The cloud service hopes its combination of 'normal' chats and 'secret' chats bridge the knowledge gap among most users about security.
Telegram claimed to have gained five million new users on the day Facebook announced its WhatsApp acquisition.
Secret chats use end-to-end encryption and are not stored on Telegram's servers and can only be accessed from the devices they were sent to or from.
Telegram was bankrolled by VKontact founders and brothers Pavel and Nikolao Duroy, however it says it's a Berlin headquartered company with no connections to Russia.
Nikolao developed a custom, open protocol called the MTProto Mobile Protocol and Pavel in December offered $200,000 in Bitcoin to any hacker who could break it. The competition closed on March 1 without a winner and it's planning on launching a new competition soon.
Silent Circle's Silent Phone and Silent Text
Silent Phone is the next product of PGP creator Phil Zimmerman. The app allows encrypted peer-to-peer calls on 3G, 4G and wi-fi networks using the ZRTP — Zimmerman's key exchange program for VoIP — and TLS to encrypt data packets.
According to Silent Circle, only Silent Phone users exchange keys for each peer-to-peer call. The keys are not held on a server, meaning that governments can't request the service provider to hand over the keys.
The Silent Text IM app allows encrypted messaging between devices with the app installed. Silent Text uses Silent Circle's own IM protocol with encryption keys staying on the device and not on the company's servers.
"Each message receives a new key that is only used once and then destroyed. Only you and the person that you are texting can decrypt and read the information. The Secure Authentication String or SAS is unique to each text and used only once. As a result, the threat of retroactive compromise is eliminated," according to Silent Circle.
Silent Text's version of a self-destructing message is a Burn Notice. Users can set the message to delete from both the sending and the receiving device between one minute and 23 hours 59 minutes.
The Silent Circle mobile bundle, which includes Text and Phone, is available for $99.95 a year.
Silent Circle privacy apps will soon start shipping on the Black Phone unveiled last month.
CryptoCat has faced its fair share of criticism over security flaws — but, according to cryptography experts, its code is maturing.
CryptoCat's desktop encrypted IM service is implemented in the browser and was designed to make using encryption easier.
After an initial rejection, last week CryptoCat's founder Nadim Kobeissi succeeded in getting Apple's approval to distribute its new iOS app on the App Store.
Kobeissi explains: "Users enter a conversation using a one-time nickname. There are no buddy lists or account activity or account history to link back to the user. This way, CryptoCat offers a unique ephemerality that makes setting up encrypted conversations immediate and without any lasting history that can be traced back to users.
"CryptoCat for iPhone uses the [Off-the-record] OTR protocol for private conversations, and our solidly maturing multi-party protocol for group conversations. With our current research into mpOTR, we hope to soon offer an upgraded global standard that brings CryptoCat’s encryption system to other platforms as well."
According to encryption experts, OTR is a well-studied protocol for one-to-one communications, but question marks still hang over the multi-party variant. An Android app is on the way.