"Strong, non-NSA backed crypto primitives. I’m a big fan of NaCl because it’s fast, constant-time, secure crypto that doesn’t rely on anything backed by the NSA. To make it easier to use, it’s made portable (and extended) in libsodium. I won’t promote anti-NIST FUD, but some things should be questioned, such as the NIST ECC curves.
- Minimal metadata. The amount of information that can be extracted from messages should be at a minimum. Anything that’s exposed (username, user ID, public keys, etc.) can be used when collected en mass to begin mapping relationships and undoing the veil of anonymity.
- Encrypt everything in transit. As with metadata, anything in the clear going over the network can be captured, stored, analyzed - and in targeted cases, altered in various ways. Using TLS is a great start to this, as it removes the option for simple passive monitoring, though it shouldn’t be assumed to be enough. Active attackers can man-in-the-middle the server, passing a forged/stolen certificate. Certificate pinning, and additional layers of encryption help protect against these attacks.
- Server knows as little as possible. The more the server knows, the more the provider(s) can divulge - either by court order, or by more clandestine means. Even the simplest HTTP server logs can provide valuable information to such an attacker, especially when combined with other data sources.
- Encrypt everything in storage. When at rest, everything should be encrypted - if a device is compromised, it should reveal as little as possible. By encrypting everything based on the user’s password, only the user is able to access the data (though may be by force).
- Hide everything. The CIA at least once used a weather application to hide a communication system; it was only available when looking up weather for a certain city. Such techniques make it harder to spot the use of secure communication tools. This may seem a bit extreme, but there are good reasons to do it.