Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Confide

Confide, an ephemeral messaging app, has become popular among government operatives, as Axios reported last week. But now the app's encryption—how it ensures messages can't be intercepted by outsiders—is under question.

While the company claims that its app offers "military-grade encryption," some experts aren't so sure that it's as secure as it sounds.

What Confide says: According to co-founder Jon Brod, "Confide's message encryption is based on the PGP standard" and uses "recommended best practices to ensure the security of network connections, such as using TLS 1.2 with certificate pinning to prevent against [man-in-the-middle] attacks."

For each platform on which it's available, the company has selected various encryption tools—the latest version of OpenSSL for iOS and Spongy Castle for Android. Brod added that the company plans to upgrade to the newest version of OpenSSL in its app's next update. OpenSSL, in particular, raised concerns among security experts as it's been found to have a number of security vulnerabilities over the years, including the Heartbleed bug, which wreaked havoc on the Internet in 2014. Brod says that Confide's Android app uses OpenSSL for one single function but it's not one impacted by Heartbleed or any other published vulnerability.

Questions remain: With that said, it's still difficult to be fully certain of Confide's security as the company's software is proprietary and hasn't been reviewed by a third-party.

"This one's a tough call. The application doesn't smell fully kosher, but at least it uses some standard encryption routines, which many other applications fail to do," computer forensics expert Jonathan Zdziarski wrote in a blog post after taking a look at the app. "Ultimately, the application warrants a cryptographic review before I could endorse its use in the White House," he wrote, adding that since OpenSSL isn't FIPS 140-2 compliant (a government encryption standard), it shouldn't be used by government workers.

And as one security expert told Axios, it all depends on how well all of Confide's precautions have been implemented—a sloppy or faulty job could mean the app is far from secure.

What to watch: With reports of staffers using encrypted chat apps, some Congresspeople are already asking for investigations into whether their use violates federal record-keeping laws. On Tuesday, House Republicans Darin LaHood and Lamar Smith sent a letter to the EPA's independent watchdog following news that some employees have been using another app, Signal.

Go deeper

Dan Primack, author of Pro Rata
8 mins ago - Economy & Business

Trump blocks banks from limiting loans to gun and oil companies

Illustration: Sarah Grillo/Axios

Big banks are no longer allowed to reject business loan applicants because of the industry in which they operate, according to a new rule finalized on Thursday by the Trump administration.

Why it matters: Wall Street has curtailed its exposure to industries like guns, oil and private prisons, driven by both public and shareholder pressures. This new rule could reverse that trend.

Former FDA commissioner: "Reliable drug supply is absolutely critical"

Axios' Caitlin Owens and former FDA commissioner Mark McClellan. Photo courtesy of Axios Events

Having a reliable supply of pharmaceutical drugs throughout America will be "absolutely critical" to boosting affordability in health care during the Biden administration, former Food and Drug Administration (FDA) commissioner Mark McClellan said at a virtual Axios Event on Friday.

The big picture: McClellan, who served under President George W. Bush, says drugs having limited supply and limited competition leads to elevated pricing. He considers drug supply to be a national security and public health issue.

Felix Salmon, author of Capital
3 hours ago - Economy & Business

Americans are still spending money

Source: Census Bureau; Chart: Axios Visuals

Americans spent more money at stores and restaurants in 2020 than they did in 2019 — even in the face of a devastating global pandemic that shut down broad sectors of the economy.

Why it matters: The monthly retail sales report this morning came in well below expectations, and showed consumer spending falling on a seasonally-adjusted basis. Total expenditures were still higher in December 2020 than they were a year previously, however.