Collaboration tools aren’t for everybody. Maybe you don’t know anybody. Maybe you’re completely analog. Or maybe you don’t do much online and feel like your texts and email are doing just fine. But let’s be honest with each other; phone calls and emails aren’t secure, only 1/10 of 1% of the population is completely analog, and you do know and interact with people. My point is not to berate everyone for not living in paranoia mode all the time, but I think we can all do more to make our interactions more secure.
Without further ado, I give you 3 reasons you should be using Semaphor.
Reason #1 – Email is not secure
Just saying that email is insecure doesn’t really do the situation justice. For some nitty-gritty details please see this Digital Trends article.
Email is an open book. You have to assume that everything you send in an email (unless it’s an encrypted email) is going to be read by someone other than the intended recipient. Here’s a short list of reasons that email can’t be considered private or secure:
- Email lacks sender verification. How do you know it really was you boss who sent you that email? From the email itself there’s really no way to know.
- Email can be viewed or tampered with in transit. By default email is plain text data as it zips around the internet.
- Email can be viewed or tampered with on the server. After your email arrives and before you retrieve it it’s also plain text. Same issue as above.
There are some things that can be done to combat this, like end-to-end encryption through GPG, but they are complicated to set up and hard to get others to use.
Semaphor verifies the identities of everyone you communicate with. Each message is encrypted before it leaves your computer, while in transit to the recipient, and only able to be decrypted by the recipient’s Semaphor app. The best part? It’s dead easy to use and you don’t need to mess with setting up private and public keys or verifying signatures. The security is baked in.
Reason #2 – Text messages are not secure
You can find a great write-up about this at the Nuro Secure Messaging blog.
SMS messages are slightly better than email as they are encrypted by your telecom provider, but there are still plenty of holes in the system. Your text goes from your phone to your telecom’s server, is then handed off to the recipient’s telecom provider, and is then sent to the recipient’s phone. Each of those handoff points is a vulnerability. An even greater concern is the government surveillance built into this system. The Apple Messages app is a more secure alternative, but you have to trust Apple with the key exchange. (And everyone involved in the message has to have an iPhone.)
Semaphor runs on iOS and Android mobile devices and can largely replace text messages. Any pictures, emoji, or videos that can be sent by text can also be sent through Semphor. (Semaphor doesn’t have support for stickers yet though. It’ll come eventually I’m sure.)
Reason #3 – Facebook Messenger, Whatsapp, Google Hangouts, and others want your data
Other very popular apps and services have an advantage in that your friends may already use them. It’s important to remember, however, that all of these services come with a price: your data. Facebook and Google base their entire business around finding out about you and then marketing to you in a very specific way. An additional danger is malware that can come through the ads these services serve to you. (Spotify is dealing with this right now.)
Semaphor is not ad-supported. Even more importantly, SpiderOak has no access to your data in the Semaphor app, whatsoever. SpiderOak calls this ‘[Zero Knowledge(https://spideroak.com/features/zero-knowledge)’, and it’s the cornerstone of their business. As an employee of SpiderOak, I can tell you that this is true. Since I’m in customer support, I can also tell you it’s inconvenient at times; Zero Knowledge means we can’t reset passwords for users or help recover data. What it means for you is that your data is safe because it’s simply not accessible to anyone at SpiderOak, or anyone who may try to intercept it. The encryption ensures your privacy.