The Electronic Frontier Foundation (EFF) today released a report looking at three dozen messaging services, ranking them on seven “Security best practices.” The group found Apple’s iMessage and FaceTime products as the best among “mass-market options,” although it failed to offer “complete protection against sophisticated, targeted forms of surveillance.”
Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance. Many options—including Google, Facebook, and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp—lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Several major messaging platforms, like QQ, Mxit, and the desktop version of Yahoo Messenger, have no encryption at all.
EFF used the following criteria in ranking the messaging services:
- Are messages encrypted in transit?
- Are communications encrypted so the provider can’t read it?
- Can you verify contacts’ identities?
- Are past communications secure if your keys are stolen?
- Is the code open to independent review?
- Is security design properly documented?
- Has the code been audited?
As seen above, iMessage and FaceTime services received bad marks as they didn’t make it possible to “verify a contacts’ identity,” and also for not allowing independent reviews of its code.
Several services did meet all of the criteria, they included: ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure.
The EFF’s full Secure Messaging Scoreboard report is available here.