The Washington PostDemocracy Dies in Darkness

Ask Help Desk: Your private messenger may not be so secure after all

People are reconsidering their privacy tools after use of the Tor browser spiked in Russia

(iStock/Washington Post illustration)

As Russian tanks rolled into neighboring Ukraine late last month and the Russian government blocked its citizens from Facebook, use of the Tor network — which lets people use the Internet without revealing their identities or locations — shot up in the country.

Tor, short for “the onion router,” encrypts Internet traffic using a fancy mathematical formula. (Imagine sticking some Web traffic data into one end of a math machine, and it coming out the other end garbled, at least to anyone without access to the math.) Next, it sends that traffic on a wild ride, bouncing it among volunteer computers around the world so traffic isn’t easily traced back to you.

Tor is one of a few ways people can hide their online activities from governments, companies and even family members. Some people use Tor because they’re activists concerned for their safety, Tor Project fundraising director Al Smith said. Others are trying to hide Christmas presents from their spouses.

Russia widens social media crackdown by blocking Instagram

Russian censorship of how the war is playing out in Ukraine might be getting people to think about their own privacy and how they could communicate with friends and family safely during a conflict. The United States hasn’t blocked access to major social media sites as Russia and China have, but Americans still have plenty of reasons to hold their data close to the vest. Many communicate with family in countries with Web surveillance, such as China, while others just want to hide from constant targeted advertising.

Yet finding reliable private messengers and browsers is easier said than done. When some companies say their products are “private,” they mean your data isn’t visible to other users. Others hide your data even from themselves. “Every entity and company might mean something slightly different by private,” Smith said. “You almost have to be an expert to understand which tools to use.”

This is what to look for when you evaluate the privacy of browsers or messengers. If you have more questions about online privacy and avoiding surveillance, you can send them our way at yourhelpdesk@washpost.com.

Is the messenger end-to-end encrypted?

Usually, the privacy settings you see in your favorite apps are actually visibility settings. What can other users learn about you from looking at your profile and activity? But “privacy” involves broader questions. Companies can hide your data from onlookers, for instance, while retaining access to it themselves. That opens a host of privacy concerns, Smith said. What if the company sells or shares that data? What if the government demands access?

Some privacy products use encryption to hide data from third parties, from themselves or both. When data is cloaked during transit and viewable only to the sender and receiver, that is considered “end-to-end encrypted.” While your data security depends partly on encryption protocol, or the math apps use to scramble the data, end-to-end encrypted services are more private because the company itself has no access to your information.

How to block companies from tracking what is in your emails

Facebook Messenger and Telegram allow you to create one-off encrypted chats, but these messengers are not end-to-end encrypted by default. That means copies of your data could be stored on company servers. Apple’s iMessage and Facebook’s WhatsApp are end-to-end encrypted by default. But if your iMessages are syncing to iCloud, Apple has the encryption key and could turn them over to law enforcement.

As for WhatsApp, some users don’t like that its privacy policy leaves room for data sharing with its parent company Meta, which has been in the spotlight for its data practices. WhatsApp didn’t immediately respond to a request for comment.

Signal is end-to-end encrypted by default, doesn’t have the key to decrypt your messages and isn’t owned by an advertising giant. For more tips on keeping your messages out of the wrong hands, check out our guide to private texting.

Does the browser hide traffic or forget it?

If you open an incognito window on Google’s Chrome browser, it forgets everything you did after you close the window. But it doesn’t hide that you did it. That means Google, your Internet service provider and anyone they shared the data with could see which sites you visited.

Standard browsers don’t cloak your Web traffic and activity, so if you’re worried about state censorship or surveillance, that’s not a great setup. Opt for the Tor browser or Brave’s Tor windows, which the company says come with relatively fewer privacy protections. There’s also the Onion Browser, which runs on Apple’s iOS for mobile devices. (The Tor Project makes a Tor browser version for Android.)

Similarly, virtual private networks hide your Internet activity from snoops, but they also can log it. That means state actors could ask for records of the sites you visit. Here, the Tor browser is a safer option. If corporate surveillance and targeted advertising are your main concerns, a browser or extension that blocks trackers may do the trick. Firefox, Brave, Safari and DuckDuckGo all come with technology that blocks trackers.

Help Desk: Making tech work for you

Help Desk is a destination built for readers looking to better understand and take control of the technology used in everyday life.

Go deeper: Tech in Your Life | Tech at Work | Your Data and Privacy | Internet Access | What’s New | Ethical Issues

Data and Privacy: A guide to every privacy setting you should change now. We have gone through the settings for the most popular (and problematic) services to give you recommendations. Google | Amazon | Facebook | Venmo | Apple | Android

Ask a question: Send the Help Desk your personal technology questions.

Loading...