Skip to content

Secure Messaging Security Checklist

Intro

Choosing the right messaging platform and following secure communication practices is essential to keeping your conversations private. End-to-end encryption, open source code, and reputable developers are all key factors to look for.

Checklist

Critical or Essenital Activities

  • Only Use Fully End-to-End Encrypted Messengers
    Priority: Essential
    End-to-end encryption (E2EE) ensures that messages are encrypted on your device and only decrypted by the intended recipient, protecting them from interception or server-side access. Any actor who intercepts traffic cannot read the message contents, nor can anybody with access to the central servers where data is stored.

  • Use Only Open Source Messaging Platforms
    Priority: Essential
    Open source code allows for independent auditing to ensure there are no backdoors, hidden vulnerabilities, or other security issues.

  • Use a Trustworthy Messaging Platform
    Priority: Essential
    Choose apps — like Signal, Matrix, etc. — that are stable, actively maintained, and backed by reputable developers.

  • Secure Group Chats
    Priority: Essential
    The risk of compromise rises exponentially the more participants are in a group, as the attack surface increases. Periodically check that all participants are legitimate.

Optional Activities

  • Agree on a Communication Plan
    Priority: Optional
    In certain situations, it may be worth making a communication plan that includes primary and backup methods of securely getting in touch with each other.

  • Verify your Recipient
    Priority: Optional
    Always ensure you are talking to the intended recipient, and that they have not been compromised. One method for doing so is to use an app which supports contact verification.

  • Avoid SMS
    Priority: Optional
    SMS may be convenient, but it's not necessarily secure. If possible, use Signal, RCS, or another more secure message channel.

Advanced Activities

  • Consider a Decentralized Platform
    Priority: Advanced
    If all data flows through a central provider, you have to trust them with your data and metadata. Decentralized platforms reduce this risk, as you cannot verify that a centralized system is running without back doors.