Electronic Frontier Foundation (EFF), an online privacy watchdog group, this week published its Secure Messaging Scorecard. The scorecard analyzes the level of security of 29 different chat programs, finding that most of the most popular apps fall short when it comes to protecting the privacy of your communications.
“The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren’t protected by encryption,” said EFF Technology Projects Director Peter Eckersley. “Many new tools claim to protect you, but don’t include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message.”
What makes a messaging app secure? To best protect your privacy and security, messages should be encrypted in transit in a way such that the app provider cannot read it. You should be able to verify contacts’ identities, and your communications should remain secure even if the encryption key is stolen. The code of the app should be open for independent review and audited, and its security design needs to be properly documented.
The most popular messaging apps fail on most of these counts. AIM, BlackBerry Messenger, Kik Messenger, and Yahoo! Messenger all score a lowly 1 out of 7, earning points only for encrypting messages in transit. Facebook Chat, Snapchat and WhatsApp score just 2 out of 7, with each earning an extra point for code audits. Apple’s iMessage and FaceTime, meanwhile, stand out with a decent 5 out of 7 score for offering end-to-end encryption and forward secrecy.
Six apps earned perfect scores in the EFF analysis. ChatSecure + Orbot, CryptoCat, Silent Phone, Silent Text and Text Secure are all truly secure options for communicating. Also earning a perfect score was the Signal iOS app (RedPhone on Android), which Techlicious covered earlier this year.