Security Risks for Commonly Used Platforms

Download an extended version of this document

We all want to keep our students and their families safe as they return home, but sometimes we unknowingly endanger them through our use of messaging apps or social media. Look through this list to see what the security risks are for the applications and platforms you use, and see our recommended options for each list.

Email

  • Gmail
    • messages are encrypted when stored in each server...
    • but messages are not encrypted in transit, so Google can access content
  • Mailchimp
    • though easy to use, it creates an automatic backup and web version of each letter
    • never use it to communicate about someone from an at-risk country

Recommended:

  • InterVarsity.org address - they're free and secure (plus you get storage space), simply ask IT Services to set one up.
  • Gmail - while not quite as good, Gmail still has relatively secure capabilities.

Storage

  • Dropbox
    • it offers two-step verification and paid upgrades with even more protection
    • if your account gets compromised, Dropbox can unlink your data from your devices...
    • but if you choose to enable client-side encryption (extra security on your end) the trade off is that Dropbox can't access your files to unlink or restore them
  • Google Drive
    • everything within the Google system is secure...
    • but syncing to a computer or mobile gives vulnerable access points
    • it's only as secure as your gmail password
    • it offers client-side encryption...
    • but if you use it, the trade off is that Google can't access your files to unlink or restore them

Recommended:

Both are acceptable, but Dropbox is more secure

Messaging

  • iMessage
    • great encryption
    • old messages are around, but secure
    • but only part of Apple products
  • Viber
    • has two-step verification and high encryption
    • if it's linked to your computer it's only as secure as your computer password
  • Threema
    • high encryption and deletes messages after sending them
    • you can get an anonymous ID and don't need a phone number or email to sign up
  • WhatsApp
    • good encryption
  • WeChat
    • in late 2015 Apple classified it as malware, and there hasn't been a confirmed fix of its problems
    • we do NOT recommend using WeChat for secure conversations
  • Facebook
    • if you have email notifications enabled, Facebook will send the message to your email...so its only as secure as your email
  • Safeslinger
    • messages delete automatically after 24 hours
    • it has two-step verification and you choose what it accesses
  • Cyberdust
    • deletes messages after sending them

Recommended:

  • Threema - for all users
  • iMessage - for Apple users

Video Chat

  • Vsee
    • it's HIPAA compliant: very high encryption and few points of vulnerability
  • Zoom
    • you can require passwords for meetings and an in-network system...
    • but if you record your meetings the recording is stored in Zoom's cloud and the download is not encrypted
  • Skype
    • it has some back doors the government can access, makes it easy to find users' locations, and calls involving land lines or mobile phones are not secure

Recommended:

  • Vsee

Social Networking

  • Twitter
    • do not use Twitter to share about at-risk students
  • Facebook
    • secret groups have tight security...
    • but other groups or posts on walls have limited security
    • most of Facebook's security and privacy require you to opt-in to more security and opt-out of oversharing