ChatMail Pulls the Curtain Back on Encryption: Why Won’t Other Companies?

ChatMail   |   April 01, 2021

ChatMail Pulls the Curtain Back on Encryption: Why Won’t Other Companies?

Everybody knows that data privacy is fundamental to business security and preventing things like identity theft. That’s why popular platforms all promise “end-to-end encryption” to safeguard calls and messages.

However, there isn’t one single thing called “encryption” that offers the same level of security. Encryption is a highly complex subject, and non-specialists need to understand that encryption can be weak or strong.

Everyone says they’re secure, but how do you know? Have they done anything to demonstrate the strength of their encryption?

ChatMail has been in the security industry for ten years, and in that time, we’ve noticed that hardly anybody proves the strength of their encryption.

Plain Text Versus Encryption

There’s a crucial distinction between offering encryption and ensuring that communications are always encrypted. The list of high-profile companies that left user information in plain text despite claiming to provide encryption is long: Facebook, Instagram, Robinhood, Google, Twitter, Zoom, even Github.

Security that isn’t always secure is not security at all!

Communication and information security was the main selling point of Crypto AG decades ago, yet it turns out the Central Intelligence Agency (CIA) and its German counterpart (BND) were part owners of the platform, and for years made a lot of money by selling products with weaknesses built into the encryption allowing them to eavesdrop on enemies and allies alike.

When Anwar Sadat and Menachem Begin met US President Jimmy Carter to negotiate an Egyptian-Israeli peace accord, the US monitored Sadat’s communications with Cairo. More recently, platforms like Telegram, Wickr, and WhatsApp have seen security holes that undermine their encryption.

If Egypt and other countries around the world can be fooled by weak encryption, how can an ordinary person today feel confident that their mobile security is strong enough?

Demonstrating Security

ChatMail has found a way to prove our encryption is unbreakable without disclosing any proprietary information. Bug bounty programs were one potential method, except they require the provision of all the code, and in our view, this undermines the security goals.

Going open-source would demonstrate the strength of our security, but it could also introduce weaknesses. In one famous case, right9ctrl used a piece of open-source code used by bitcoin firms and rewrote it to steal their cryptocurrency.

We decided the best way to showcase the quality of our data privacy and encryption, without opening any potential weaknesses, was simply to open up our database and show how the messages are encrypted in real-time. At no point are they ever stored in plain text.

ChatMail is happy to sit down, perhaps through a Zoom meeting, and show you what would happen if the system was somehow compromised and all three layers of encryption were penetrated. Anyone seeing this demonstration will see how our platform goes beyond “end-to-end encryption” because, as the communication is sent and received, it is encrypted before getting stored in the database on the Android device.

Decrypting Messages isn’t Always Necessary on Weak Platforms

Data thieves and corporate saboteurs are trying to obtain your communication. The goal isn’t necessarily to decrypt your communication; it’s simply to know your secrets and sensitive information.

They can accomplish this goal by lifting messages stored in plain text. That’s why it’s essential to understand that having the strongest encryption in the world doesn’t matter if there’s a side door to these same communications.

To liken it to physical theft, imagine a bank robber planning to steal a fortune while it is being transported between vaults. The thief’s goal is to get the money, not necessarily to crack the safe.

ChatMail’s proprietary design ensures that your communications are always in the vault and that the vault can’t be cracked. We are the only company that will sit down and show you how encrypted cell phone communication will never be stored in plain text. Unlike other platforms, ChatMail has no side door.

No Server Storage

ChatMail’s proprietary design has removed server storage from the equation. Your contacts, notes, messages, and encrypted messages will be continually secure and protected.

We protect more than your messages or emails. Identity thieves could piece together information if they learn things like who you have been speaking to, the duration of the calls, what time they were made, and more.

Our redesigned PGP email system means they’ll never be stored on a server.

More Essential Security Features

To round out the security, our devices have a suite of other secondary features to protect your communications even if the device gets stolen or misplaced. If you become separated from the device, you can wipe the data on it remotely.

The optional Secondary PIN prevents anyone from getting unauthorized access. You can also set up a duress password, so the phone will instantly destroy sensitive information on it if someone tries to enter the wrong password.

ChatMail devices also have scheduled burn functionality so that you can control the lifetime of sensitive material. You can set a text, photo, or voice message to get destroyed automatically after a set amount of time. The content will be eliminated on both devices, even if there’s no data connection. Anything set to self-destruct can’t be forwarded, favorited, or saved on either device.

Features like these are in addition to the extra encryption measures, such as individually encrypted messages (for voice and pictures, too), an encrypted notebook with encrypted integrated picture storage, and a custom camera for encrypted photos.

Unlike others in the information security industry, we are happy to show you how these secondary features and ChatMail device encryption makes a difference large enough to make a breach impossible. We feel it’s essential to demonstrate what separates us from other companies, and we’ve found a safe way to do it. Contact us if you’d like a demonstration so you can see it for yourself.