Report: The Safest Places to Have a Conversation Online
According to new research by the Electronic Frontier Foundation, most mainstream chat apps fail to live up to a high security standard—with Apple's iMessage and FaceTime proving to be key exceptions.
If security for your online conversations is important, you may want to skip the usual suspects.
According to the Electronic Frontier Foundation (EFF), many of the conversation platforms we use daily—Google Hangouts, Facebook, Yahoo Messenger, even BlackBerry Messenger—fail to meet a number of key security standards for ensuring that a conversation can’t be tracked by prying eyes.
According to EFF’s Secure Messaging Scorecard, all of the apps lacked a number of key features that more secure chat apps have. These include the ability to encrypt data so providers can’t read what was written, verify contact identities, conduct independent code reviews and audits, and secure past communications if your personal info is stolen.
The goal of the campaign? EFF wants to encourage messaging platforms to boost their security—while keeping usability in mind.
“We’re focused on improving the tools that everyday users need to communicate with friends, family members, and colleagues,” EFF Staff Attorney Nate Cardozo said in a news release. “We hope the Secure Messaging Scorecard will start a race-to-the-top, spurring innovation in stronger and more usable cryptography.”
The foundation is working on its research with a number of other advocacy-minded groups, including ProPublica and the Princeton Center for Information Technology Policy. The groups plan to take a deeper look at the messaging platforms as part of EFF’s Campaign for Secure and Usable Cryptography. Other highlights from the research:
The most secure: A handful of platforms can say they meet EFF’s security requirements, though none are as mainstream as WhatsApp or Google Hangouts. The most secure apps are ChatSecure, Cryptocat, Signal, RedPhone, Silent Circle’s Phone and Text apps, and TextSecure.
Good, but mainstream: The two mainstream messaging platforms that did the best among those researched were Apple’s iMessage and FaceTime, which both received green checkmarks on five of the seven categories, though EFF warns that “neither currently provides complete protection against sophisticated, targeted forms of surveillance.” Also worth looking at are chat clients that offer Off-the-Record Messaging, such as Adium for the Mac and Pidgin for Windows.
No encryption at all: Most platforms can say that they encrypt their messages, but if you chat via Mxit or Tencent’s QQ, don’t expect any such protection: According to EFF, these two apps have no security whatsoever.
Google Hangouts, Facebook, and WhatsApp get low marks in a new EFF study. (iStock Editorial/Thinkstock)