How secure is your favourite messaging app? Today’s Open Thread

The most popular messaging apps have hundreds of millions of users, but how secure are they really? The Electronic Frontier Foundation has been finding out, producing a “secure messaging scorecard” to rate them on a range of criteria.
Are messages encrypted in transit, and encrypted so the provider can’t read them? Can you verify contacts’ identities? Are past communications secure if your keys are stolen? Is the code open to independent review, is the security design properly documented, and has the code been audited?
“Many companies offer ‘secure messaging’ products – but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto,” explains the EFF.
“This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability and security of the tools that score the highest here.”
What’s interesting is that the apps that score seven green ticks are the likes of ChatSecure, CryptoCat, Signal, SilentPhone, Silent Text and TextSecure. Yet for most mainstream users, what defines their choice of messaging app is not “how secure is it?” but rather “which one are my friends using?”
BBM, Facebook chat, Google Hangouts, Kik Messenger, Skype, Snapchat, WhatsApp and Viber don’t score well on the EFF’s criteria, for example. Apple’s iMessage actually does pretty well, with five out of seven ticks.
Even so, will the EFF’s new research encourage those mainstream messaging apps to beef up their security? Or are we going to continue seeing a divide: security-conscious people messaging other security-conscious people on the niche apps, while everyone else continues using the popular apps?
The comments section is open for your thoughts: I’d be interested to hear how important security is in your choice of messaging app, and whether you’ve tried to persuade friends to switch from one to another on those grounds. If so, did they?


Leave a reply

Your email address will not be published. Required fields are marked *