It’s likely that every single day, you use a messaging app to communicate with friends and family. It’s also likely that the messaging app you’re using is unequipped to protect your privacy.
The Electronic Frontier Foundation (EFF) has just released a scorecard featuring 39 messaging apps ranging in popularity from the relatively small Silent Phone and CryptoCat to the ubiquitous iMessage and Facebook Messenger. The scorecard measures the security of each app using seven different criteria.
That includes the questions … Is your communication encrypted in transit? Is your communication encrypted with a key the provider doesn’t have access to? Can you independently verify your correspondent’s identity? Are past communications secure if your keys are stolen? Is the code open to independent review? Is the crypto design well-documented? and Has there been an independent security audit?
Spoiler alert – it’s not good. The messaging landscape is woefully insecure.
In fact, only six applications garnered a perfect score: ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure.
Every other app failed in at least one of the aforementioned areas.
“The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren’t protected by encryption,” said EFF Technology Projects Director Peter Eckersley. “Many new tools claim to protect you, but don’t include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message.”
Out of the most popular apps to be rated, Apple’s iMessage and FaceTime had the best security score (five out of seven).
Services like AIM, Blackberry Messenger, Secret, and Yahoo Messenger were only able to garner one check mark – for messages being encrypted in transit.
Popular apps like WhatsApp, Snapchat, Skype, and Facebook Messenger only grabbed two checks.
“We’re focused on improving the tools that everyday users need to communicate with friends, family members, and colleagues,” said EFF Staff Attorney Nate Cardozo. “We hope the Secure Messaging Scorecard will start a race-to-the-top, spurring innovation in stronger and more usable cryptography.”
Eckersley told Ars Technica that even a perfect score on the EFF’s security scorecard did mean the apps are 100 percent recommended.
“Getting a perfect score here is more the first step than final victory. We still need usability studies, metadata protection, independently commissioned audits, and other measures of security before we try to get the whole network to switch to one of these options,” he said.
He went on to say that “good cryptographic design should not cause significant inconvenience.”
Check out the full report here.
Image via EFF, Secure Messaging Scorecard