Confide

Confide, an ephemeral messaging app, has become popular among government operatives, as Axios reported last week. But now the app's encryption—how it ensures messages can't be intercepted by outsiders—is under question.

While the company claims that its app offers "military-grade encryption," some experts aren't so sure that it's as secure as it sounds.

What Confide says: According to co-founder Jon Brod, "Confide's message encryption is based on the PGP standard" and uses "recommended best practices to ensure the security of network connections, such as using TLS 1.2 with certificate pinning to prevent against [man-in-the-middle] attacks."

For each platform on which it's available, the company has selected various encryption tools—the latest version of OpenSSL for iOS and Spongy Castle for Android. Brod added that the company plans to upgrade to the newest version of OpenSSL in its app's next update. OpenSSL, in particular, raised concerns among security experts as it's been found to have a number of security vulnerabilities over the years, including the Heartbleed bug, which wreaked havoc on the Internet in 2014. Brod says that Confide's Android app uses OpenSSL for one single function but it's not one impacted by Heartbleed or any other published vulnerability.

Questions remain: With that said, it's still difficult to be fully certain of Confide's security as the company's software is proprietary and hasn't been reviewed by a third-party.

"This one's a tough call. The application doesn't smell fully kosher, but at least it uses some standard encryption routines, which many other applications fail to do," computer forensics expert Jonathan Zdziarski wrote in a blog post after taking a look at the app. "Ultimately, the application warrants a cryptographic review before I could endorse its use in the White House," he wrote, adding that since OpenSSL isn't FIPS 140-2 compliant (a government encryption standard), it shouldn't be used by government workers.

And as one security expert told Axios, it all depends on how well all of Confide's precautions have been implemented—a sloppy or faulty job could mean the app is far from secure.

What to watch: With reports of staffers using encrypted chat apps, some Congresspeople are already asking for investigations into whether their use violates federal record-keeping laws. On Tuesday, House Republicans Darin LaHood and Lamar Smith sent a letter to the EPA's independent watchdog following news that some employees have been using another app, Signal.

Go deeper

Updated 3 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 4:15 p.m. ET: 33,477,825 — Total deaths: 1,003,922 — Total recoveries: 23,209,109Map.
  2. U.S.: Total confirmed cases as of 4:15 p.m. ET: 7,176,111 — Total deaths: 205,676 — Total recoveries: 2,794,608 — Total tests: 102,342,416Map.
  3. Health: Americans won't take Trump's word on the vaccine, Axios-Ipsos poll finds.
  4. States: NYC's coronavirus positivity rate spikes to highest since June.
  5. Sports: Tennessee Titans close facility amid NFL's first coronavirus outbreak.
  6. World: U.K. beats previous record for new coronavirus cases.

Mueller defends Russia investigation in rare public statement

Photo: David Hume Kennerly/GettyImages

Former special counsel Robert Mueller in a statement on Tuesday defended his team's handling of the Russia investigation after Andrew Weissmann, a former prosecutor in his office, wrote in a new book that investigators should have done more to hold President Trump accountable.

Driving the news: In the tell-all book, “Where Law Ends,” released on Tuesday, Weissman addresses what he calls the special prosecutor office's failures in its investigation.

Biden releases 2019 tax returns ahead of debate

Photo: Alex Wong/Getty Images

Joe Biden's campaign released his 2019 tax returns on Tuesday, showing that he and his wife, Jill, paid nearly $300,000 in federal taxes last year.

Why it matters: The release, timed just hours before the first presidential debate, comes days after a bombshell New York Times report said that President Trump paid only $750 in federal taxes in 2016 and 2017. Biden's team is hoping to make the tax contrast a sticking point during their showdown tonight.