What is the security meter and why does it increase as more people participate?
As mentioned in "What encryption do you use?" below, Black SMS users can either share pre-established passwords, or they can share public keys. Sharing the public keys is done by sending messages that contain those public keys. This means that the more people participate in the conversations, the more trusted public keys you have. Once you've identified the correct public key for all the participants in the conversation, your communication becomes truly end-to-end encrypted for text. Contact us for more details.
What is Black SMS for iMessage?
Black SMS is compatible with iOS 10 Messages, where you can now password-protect your messages without ever having to leave the iMessage app. Encryption is just one tap away. If you send the message to someone who doesn't have iOS 10, they'll still be able to read it through a URL that links to a self-destructing message, however security is at 100% when the recipients are on iOS 10.
What encryption do you use?
BlackSMS protects privacy with AES-256, a military grade cryptography algorithm.
Users share a pre-established mutual password which the app converts into keys
under the PBKDF2 standard — rehashing the password repeatedly using SHA-256
and a 256-bit salt. The cipher data is sent encoded inside of nonsecret data by use of
steganographic algorithms—appending the data onto a link using Base64, manipulating
pixel bits to hide it, or even encoding it onto "fake replacement texts."
Alternatively to sharing a pre-established password, users can share public keys with each other and use RSA protocol to exchange randomly generated 256-bit symmetric keys.
Finally, we also encrypt every message with an additional layer using a randomly generated key that can be thrown away to "self-destruct" the message.
Does Black SMS have any access to my data?
No, the point of encryption is that it makes your communication secure over any channel (even a public one!). Unfortunately, many services that call themselves "end-to-end encrypted" are actually taking care of the key distribution using the very same channel of communication. When the channel of communication is involved in distributing the keys, then the communication is prone to man-in-the-middle-attacks.
Black SMS is more of your traditional "encryption tool." The app will generate your keys locally, offline, and then use them in communication over Apple's iMessage server — which in the first place has its own layers of security.
Your messages remain confidential only to you and the inteded recipient.
I heard that Black SMS didn't used to have any servers at all, but now it does. What are they used for?
When you're sending messages all day, every day, especially over somebody else's channel, you risk the fact that they are permanent. You have to throw away your encryption keys somehow, if you want to destroy the information. It is therefore not a good idea to concentrate all the needed cryptodata in one device (your phone!). Our servers are responsible for an *additional* layer of symmetric encryption that we regularly purge so that your messages self-destruct.
You can learn more by contacting us — or by sniffing your own network packets :)