A sinister world of criminals is trying to steal your valuable information, so it helps to have a few cloak-and-dagger tools of your own to fight back. We tested five products that are claimed to let you surf anonymously, encrypt your chats and e-mails, and come up with ironclad passwords.
The claim: ChatSecure’s maker says the app will keep your mobile communications private by scrambling them on your device once you hit send, then putting them back together on the other end so that your pals can read them. You can attach photos to messages, take pictures within the app, and chat with groups. ChatSecure Voice is a voice version that lets you record an audio message.
Did it work? Yes, but it’s more complicated than we think it should be. No plain-text info was transmitted when we sent messages with ChatSecure. But it was somewhat finicky and contained a lot of geeky settings that won’t be of interest to most users. Voice messages were intelligible but not high quality.
Price: Free; Hotspot Shield Elite, $30 annually
The claim: Hotspot Shield is a virtual private network that logs your PC or mobile device in to a remote server and lets you surf the Web from there without being eavesdropped on or tracked. It also hides your Internet Protocol address to protect you from hackers and encrypts your passwords and other data.
Does it work? Yes, but it’s annoying. Installation on a PC was long, but once you’re finished you can easily turn it on or off. Before installing it, make sure you’re OK with providing access to all of the permissions it seeks. We were met with a long list—including the ability to read your contacts—when we installed the Android version. If you choose the free version, you’ll have to deal with frequent pop-up ads. (The pay version eliminates the ads.)
The number of ads on the free version prompted user complaints on the app’s download page, as did a limitation on the length of streaming video. We found that Internet speeds using the free PC version dropped by about 40 percent when downloading and 20 percent when uploading while the VPN was active. When we captured data being transferred over the network while Hotspot Shield was on, we saw no vulnerable plain-text info transmitted.
Price: Online version, free; mobile, $12 per year
The claim: The company says this is “the last password you have to remember.” You get started by downloading a version of LastPass that’s compatible with your browser, then you must come up with a master password. Browse the sites and services you use, and let LastPass create secure passwords as you go. LastPass can also fill in forms and use other types of authentication, such as fingerprint readers.
Does it work? Yes. LastPass was easy to use and set up. It keeps an encrypted copy of your password vault on a secure server and backs it up on your device. We searched the local copy for any plain-text strings that matched our stored passwords and found nothing, confirming that the stored passwords are encrypted. We also verified that it didn’t transmit our user name or password in plain text when it logged us in to a website protected with our password.
The claim: Every time you go online, you’re sharing your Internet address with data brokers, corporations, and others. You’re also exposed to hackers and cybercriminals. Safeplug is a piece of home-network hardware that keeps your Internet traffic anonymous by bouncing your communications among a series of random servers around the world—using a clandestine network called Tor. When you’re using Tor, no one is supposed to see where on the Internet you are. It also encrypts your data along the way.
Does it work? Kind of. Setup was not as easy as it should have been. Safeplug did indeed send and receive encrypted text via Tor servers, but it’s up to you to make sure you are browsing in protected, or proxy, mode. It requires several clicks to activate and deactivate proxy mode. Also, because of Safeplug’s circuitous routing of your Internet traffic, Web pages take several seconds longer to load when it is activated
The claim: Web-based e-mail services such as Gmail and AOL use a remote server as a go-between for you and your contacts. So everything you send and receive is stored on your e-mail provider’s computers. ShazzleMail, which requires you to use a special e-mail address and special software, skips the server, routing mail directly to the recipient. You can send e-mail to someone not signed up with ShazzleMail. They receive a link that opens a secure Web page and retrieves the e-mail directly from your device. You can send and receive from any computer or mobile device, but you need either an iOS or Android device to use ShazzleMail.
Does it work? Yes. We played National Security Agency and spied on our own test messages by capturing the e-mails between the tablet and laptop we were using. None of the traffic between the devices had any readable plain text, and most messages arrived at their destinations in 1 to 3 minutes.
But you’ll need to be careful about keeping ShazzleMail actively running on your device. It caused heavy battery drain because the process keeps the Wi-Fi connection live in the background. The product was in beta testing when we tried it out, and we don’t recommend unfinished products. But if ShazzleMail doesn’t change much before final release, it could be a good choice for protecting your e-mail communications.
This article also appeared in the July 2014 issue of Consumer Reports magazine.