Chances are your favorite messaging apps are vulnerable to surveillance, eavesdropping and worse. Chances also are that most users don’t care enough to switch to a more secure solution, mostly because better security typically comes at the cost of usability. That’s why the Electronic Frontier Foundation (EFF) is partnering with ProPublica and the Princeton Center for Information Technology Policy to make a push for secure and user-friendly cryptography to protect communications.
As part of this endeavor, the EFF recently unveiled its Secure Messaging Scorecard, which rates 39 messaging apps and utilities based on seven metrics:
- Is your communication encrypted in transit?
- Is your communication encrypted with a key the provider doesn’t have access to?
- Can you independently verify your correspondent’s identity?
- Are past communications secure if your keys are stolen?
- Is the code open to independent review?
- Is the crypto design well-documented?
- Has there been an independent security audit?
The scorecard gives each messaging tool a green or red mark in each of the seven criteria. ChatSecure + Orbot, Cryptocat, Signal/RedPhone, Silent Phone, Silent Text and TextSecure are the only apps that have perfect scores. On the other side of things, Mxit and QQ fail to get green checkmarks in any column. Recognizable messaging tools such as AIM, BlackBerry Messenger, Kik Messenger, Secret, Snapchat, Viber and Yahoo Messenger each have only one green checkmark.
“Most of the tools that are easy for the general public to use don’t rely on security best practices – including end-to-end encryption and open source code,” according to the EFF’s page dedicated to the scorecard. “Messaging tools that are really secure often aren’t easy to use; everyday users may have trouble installing the technology, verifying its authenticity, setting up an account, or may accidentally use it in ways that expose their communications.”
Check the Secure Messaging Scorecard to see how secure your favorite messaging apps are.