The most popular messaging apps have hundreds of millions of users, but how secure are they really? The Electronic Frontier Foundation has been finding out, producing a “secure messaging scorecard” to rate them on a range of criteria.
Are messages encrypted in transit, and encrypted so the provider can’t read them? Can you verify contacts’ identities? Are past communications secure if your keys are stolen? Is the code open to independent review, is the security design properly documented, and has the code been audited?
“Many companies offer ‘secure messaging’ products – but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto,” explains the EFF.
“This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability and security of the tools that score the highest here.”
What’s interesting is that the apps that score seven green ticks are the likes of ChatSecure, CryptoCat, Signal, SilentPhone, Silent Text and TextSecure. Yet for most mainstream users, what defines their choice of messaging app is not “how secure is it?” but rather “which one are my friends using?”
BBM, Facebook chat, Google Hangouts, Kik Messenger, Skype, Snapchat, WhatsApp and Viber don’t score well on the EFF’s criteria, for example. Apple’s iMessage actually does pretty well, with five out of seven ticks.
Even so, will the EFF’s new research encourage those mainstream messaging apps to beef up their security? Or are we going to continue seeing a divide: security-conscious people messaging other security-conscious people on the niche apps, while everyone else continues using the popular apps?
The comments section is open for your thoughts: I’d be interested to hear how important security is in your choice of messaging app, and whether you’ve tried to persuade friends to switch from one to another on those grounds. If so, did they?
Also on the radar today:WireLurker is a new malware family that targets Macs and iOS devices, infecting the former in order to reach the latter – including non-jailbroken devices. “It is the first known malware that can infect installed iOS applications similar to a traditional virus,” claims Palo Alto Networks. Musician Aloe Blacc has published an opinion piece on Wired strongly criticising US streaming music service Pandora after he earned less than $4,000 for his co-writing share of a song streamed more than 168 million times. “If songwriters cannot afford to make music, who will?” The Verge has tested an early production model of Will.i.am’s Puls smartwatch, and isn’t impressed. To say the least. “It’s objectively the worst product I’ve touched all year... The Puls feels like a Kickstarter concept product that never should have made it to production.” Ouch. Snapchat is getting into music, video and news. Or at least preparing to. Digiday claims the messaging app is in talks with Comedy Central, Spotify, Vice, BuzzFeed, CNN, the Daily Mail, ESPN, Cosmopolitan magazine, National Geographic, People magazine and Vevo. A crowdfunding campaign on Indiegogo by Code.org aiming to provide “an hour of code for every student” is already up to $2.8m of pledges, with Mark Zuckerberg already having chipped in. “Our schools teach kids how to dissect a frog and how weather works. Today, it’s equally fundamental to learn to ‘dissect an app’, or how the Internet works...” I actually don’t mind Russell Brand, but the “Parklife” meme – essentially someone realised that his more verbose sentences perfectly suit someone shouting “PARKLIFE” at the end, as if he was delivering Phil Daniels’ lines in the Blur song – has been making me smile a lot this past day.
What stories have piqued your interest, and what do you think of the pieces linked to above? The comments section is open for your views.