mjensen.org

It's time to stop using SMS

Secure message

The important information

How would you feel if any text you’ve ever sent suddenly became public?
“5-Year Breach May Have Exposed Billions of Text Messages” <- That’s a real headline from 2021.

There are two main problems with SMS(regular texting) for communication; it is not private and it is unreliable. These seem like two basic things that we should expect from any messaging app.
TLDR: You should switch to a messaging app that is private and reliable. See my short list of alternatives below.

Why aren’t SMS messages private?

When messages are sent over SMS/MMS, they are captured by your phone provider, the provider of the recipient and anyone in between that routes the messages. Phone providers don’t have a good reputation for protecting our data and neither do SMS routing companies. In reality, it is only a matter of time before any messages we have sent over SMS become public.

What about the reliability of SMS messages?

There are no guarantees by our providers that messages sent over SMS will be delivered. (Go and read the Service agreement of your provider, it says that in there.) If there is a problem anywhere along the delivery route, you are not notified of it.

What can I do about it?

If you are looking for a way to send messages more privately and reliably, you’ll need to switch to a messaging app that has those built in. See my list of recommended apps. Pretty much all messaging apps are better than SMS in this respect and they also have other nice features that you’ll discover as you use them.

Alternatives to SMS that respect your privacy

Here is my current list of app recommendations for messaging. This list will change over time. It wouldn’t surprise me if Session moves up in the list sometime in the next 1-3 years.

  1. Signal - Intuitive to use, linked to your phone number, centralized service.
    Signal
  2. Element/Matrix - Requires account creation, centralized (but federated) service.
    Element/Matrix
  3. Session - Fully private and anonymous, decentralized service.
    Session

There will be those of you that argue that Signal is not private and shouldn’t be at the top of this list. In my opinion, Session is actually the most private option in that list, but it isn’t currently very user-friendly to setup. Signal is easy to setup and connect with others. It is private enough for most people and is a gigantic step up from SMS.

As I’m always testing things out, you can reach me on all three of these platforms. I’ve tested out many apps and continue to test them. If you have one you want me to consider for this list, please let me know.

Additional information

What to look for in a messaging app

There are a few basic requirements that I have come up with for a messaging app to be acceptable for use. These include:

  • Privacy - Only you and the people you send messages to can view those messages. This is usually accomplished with end-to-end encryption.
  • Reliability - I expect messages I send to be delivered or for the app to let me know when and why a message wasn’t delivered.
  • Group messaging - Groups should be consistent for everyone in the group. If a new person is added to a group by someone, everyone should see the updated group.
  • Cross platform - The app should be able to run on various types of mobile devices(Android/iOS) as well as common computer operating systems (Windows/Mac/Linux)
  • Voice/Video Calls(optional) - It’s nice to be able to do voice & video calls, and a plus if you can do group calls.

What is end-to-end encryption?

End-to-end encryption protects your message data as it travels to your specified recipient(s). Only the designated recipient(s) are able to decrypt and view these messages. The apps I recommend here all do this without any additional effort on your part. This is an important feature to protect messages from snooping or modification as they travel through potentially untrusted systems and networks to get to their destination.

What is MMS?

MMS stands for Multimedia Messaging Service. It is a way to send multimedia messages and can be considered an add-on feature to SMS. When group messaging became needed, it was shoehorned into working over MMS.

Group messaging

Group messaging uses MMS, a close relative to SMS, and also has its own problems. There are the same reliability problems that SMS faces. Have you ever had someone in a message group not receive some messages sent to the group?
Group management is difficult and cluttered. Have you tried to add or remove someone from a message group? Everyone ends up with multiple message groups which may include or exclude people unintentionally. This should work better than it does.

But I don’t have anything to hide…

This isn’t about hiding, it’s about privacy. I’m not trying to hide what I do when I use the bathroom, but I do close the door for privacy.
Along that same line of thought, the messages I send out to others are nobody else’s business. Also, if/when messages snippets are exposed, they will most likely be taken out of context to make news headlines more dramatic.
Here’s another argument I’ve heard against this mode of thinking…

“Over the last 16 months, as I’ve debated this issue around the world, every single time somebody has said to me, ‘I don’t really worry about invasions of privacy because I don’t have anything to hide,’ I always say the same thing to them.
I get out a pen. I write down my email address. I say, ‘Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide.’
Not a single person has taken me up on that offer. I check that email account religiously all the time. It’s a very desolate place.”

Other apps I’ve tested

Don’t get me wrong, any of these is an improvement over SMS but they didn’t make my top 3 list.

  • Briar - not cross platform, missing some expected messaging functionality
  • Telegram - encryption is off by default
  • Wire - more focused toward enterprise (paying) users
  • IMessage/Apple Messenger - not cross platform, Apple has access to messages through iCloud backup
  • Facebook Messenger - Facebook has access to all data
  • WhatsApp - Facebook has access to all data

Here are some news articles that might help put things in perspective