End-to-end encryption will be more important than ever for journalists according to messaging app founder, writes Mia Alcordo.

Beware TikTok, warns digital security expert

Communicating with end-to-end encryption is now essential for journalists and privacy concerns around popular apps such as TikTok cannot be taken for granted, a digital security expert has warned.

Simon Harman, the co-founder and CEO of the Loki Project, said personal identity was increasingly under threat.

“Every connection you make through every service you use on any device you have is most often linked to your personal identity as well,” he told the audience at the 2020 Launceston Freelance Festival

He warned social media platform TikTok could remotely download, install and execute any software it wanted from anywhere on the internet and run it on your phone without your permission.

“This is a very dangerous application that you should not have on your phone,” he said. “You should not encourage people to use it.

“I would strongly recommend that if you have it, you get rid of it. I would even go as far as to say wipe your entire phone if you have it.

“It’s a seriously dangerous application. None of the permissions it requests at this extreme level can be justified. It just doesn’t make any sense.”

Simon told festival delegates TikTok’s popularity and success was amplified because of mass advertising.

“They didn’t really have to advertise Instagram or Snapchat or any of these others, they kind of just organically appeared but I get bombarded with advertisements for TikTok,” he added. 

Simon, who created an anti-encryption application to compete with the leading standard Signal, is taking it several steps further by removing the self-identifier factor.

“Signal requires you to register with a phone number which is obviously quite problematic for a number of reasons,” he said.  

“You have a source, they’re worried about being personally identified. They don’t want to use their personal phone number to have a conversation with you and that’s obviously not ideal. 

“So, if we can get rid of the phone numbers, that may not be so much for concern and they can have some protection with pseudo anonymity.” 

Session is a private messenger which aims to eliminate the collection of metadata by routing all messages through an onion routing network. 

“Onion routing is another application of asymmetric encryption. It’s a method of passing a packet of information around the internet using wrappers of encryption,” he said. 

The Loki Service Node Network is unique to Simon’s company. It stores, retreats and routes messages internationally using their Loki blockchain system which has been in development for two years and live for 18 months. 

“It can figure out all of the messages that are being sent between people. It’s all now distributed and broken up so that there’s no continuous chain of messages that can be linked together, which is a really interesting property,” he said.