The Electronic Frontier Foundation (EFF) is calling out top messaging apps on their poor security habits. The organization recently released its Secure Messaging Scorecard, where it evaluated dozens of messaging technologies on their security practices.
“The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren’t protected by encryption,” said Peter Eckersley, technology projects director at the EFF. “Many new tools claim to protect you, but don’t include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message.”
According to the Secure Messaging Scorecard, top messaging apps such as Google Hangouts, Facebook chat, Secret, Skype, Snapchat and Yahoo Messenger failed its best practices security test.
The EFF examined the applications based on seven criteria:
• Is the communication encrypted in transit?
• Is the communication encrypted with a key the provider doesn’t have access to?
• Can the correspondent’s identity be independently identified?
• Are past communications secure if their keys are stolen?
• Is the code open to independent review?
• Is security design properly documented?
• Has there been an independent security audit?
The apps ranged from chat clients, text messaging apps and e-mail applications, to voice and video calls. The apps that received perfect grades included ChatSecure, Cryptocat, Signal/RedPhone, Silent Phone, and TextSecure.
“We’re focused on improving the tools that everyday users need to communicate with friends, family members and colleagues,” said Nate Cardozo, staff attorney at the EFF. “We hope the Secure Messaging Scorecard will start a race to the top, spurring innovation in stronger and more usable cryptography.”
The Secure Messaging Scorecard can be found here.