The Electronic Frontier Foundation (EFF), created a scorecard to measure the actual security of thirty-nine different “secure messaging” tools and apps, such as FaceTime, Skype and Google Hangouts. These were judged using criteria the EFF defined. The results may be very surprising to some who thought their messages were very secure. Of the more popular apps, Apple's messaging products had some of the highest scores although none had a perfect EFF score.
Many users are using messaging tools that are not every secure. The reason, the EFF post explains:
It boils down to two things: security and usability. Most of the tools that are easy for the general public to use don’t rely on security best practices--including end-to-end encryption and open source code. Messaging tools that are really secure often aren’t easy to use; everyday users may have trouble installing the technology, verifying its authenticity, setting up an account, or may accidentally use it in ways that expose their communications.
The EFF used seven different criteria in rating 39 messaging apps and tools. These 7 criteria were:
- Is your communication encrypted in transit?
- Is your communication encrypted with a key the provider doesn't have access to?
- Can you independently verify your correspondent's identity?
- Are past communications secure if your keys are stolen?
- Is the code open to independent review?
- Is the crypto design well-documented?
- Has there been an independent security audit?
Using the 7 criteria, either a green checkmark or a red "no" symbol was placed on the Scorecard.
Only six apps received all green checkmarks: ChatSecure; CryptoCat; Signal/Redphone; Silent Phone; Silent Text; and TextSecure.
The EFF Scorecard results for some of the more popular messaging apps and tools:
- Apple FaceTime: 5 green checkmarks
- Apple iMessage: 5 green checkmarks
- Facebook chat: 2 green checkmarks
- Google Hangouts: 2 green checkmarks
- Skype: 2 green checkmarks
- SnapChat: 2 green checkmarks
- WhatsApp: 2 green checkmarks
- AIM: 1 green checkmark
- Kik Messenger: 1 green checkmark
- Yahoo! Messenger: 1 green checkmark
These scores may be surprising to some who thought their messages were more secure.
The EFF is quick to point out that the scorecard results “should not be read as endorsements of individual tools or guarantees of their security” and that closer examinations of many of the apps and tools will be conducted later.
Read the full EFF post and see the Scorecard: SECURE MESSAGING SCORECARD: Which apps and tools actually keep your messages safe?
|EFF Secure Messaging Scorecard - Screenshot|