The best and worst examples of instant messaging and communication tools have been evaluated in a new scorecard.
The Electronic Frontier Foundation (EFF) released its Secure Messaging Scorecard
today, evaluating dozens of messaging technologies on a range of security best practices.
Evaluating more than 30 tools, including chat clients, text messaging apps, email applications and technologies for voice and video calls, the EFF examined them on seven factors including whether the message is encrypted both in-transit and at the provider level, and if the code is audited and open to independent review.
Six of these tools scored all seven stars, including: ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text and TextSecure. Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance.
The tools were rated on whether the data is encrypted in transit, encrypted so the provider cannot read it, as to whether the contacts identities can be verified, if past communications are secure if keys are stolen, if the code is open to independent review, if the security design is properly documented and if the code has been audited.
It said that many options, including Google, Facebook, and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Some major messaging platforms, like QQ, Mxit, and the desktop version of Yahoo Messenger, have no encryption at all.
“We’re focused on improving the tools that everyday users need to communicate with friends, family members, and colleagues,” said EFF staff attorney Nate Cardozo. “We hope the Secure Messaging Scorecard will start a race-to-the-top, spurring innovation in stronger and more usable cryptography.”
EFF technology projects director Peter Eckersley, said: “Many new tools claim to protect you, but don’t include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message.”
