Who’s reading your texts? Well according to the EFF, in their recently released security scorecard, could be a lot of people if you’re using any of the major messaging platforms (Skype, Google Hangouts, FaceBook, WhatsApp, etc.). There are certainly messaging solutions that are pretty safe but they are far from mainstream. The EFF graded a host of services in seven categories and only handful passed all the checks. The EFF also stressed that a passing grade on these checks was only a first step towards security, not an indication that a service was completely safe.
What Got Tested?
The security checks covered a variety of criteria including whether or not data was encrypted end to end or just in transit, if past communications were safe if your security keys are stolen, and criteria less important to the average user like if the design was properly documented or if the code was audited by a third party recently.
Who Made the Grade?
There were 6 services that passed all 7 checks. I was only (barely) vaguely familiar with most of those and needless to say, most people aren’t using them unless security is really important to them. Notably, only Apple’s FaceTime and iMessage scored particularly well out of the mainstream solutions (passing 5 out of 7) – most importantly, Apple’s offerings passed the end-to-end encryption checks.
Who’s Repeating 1st Grade?
Unfortunately, Facebook, Google Hangout, WhatsApp and even BlackBerry Messenger scored pretty low, only offering transport encryption. QQ (one of, if not the biggest messenger clients in China) apparently doesn’t offer encryption at all…shocking in China, I know.
OK, OK, Don’t Freak Out
Particularly in this post-Snowden era, companies are being scrutinized for their data security procedures, especially as it pertains to government oversight. The EFF’s scorecard is particularly geared toward whether or not your communications are secure from government snooping.
Even without end-to-end encryption, your Facebook messages to your buddy are probably not going to be accessible to the guy sitting across from you at the coffee shop. I mean unless he’s some kind of elite hacker (I almost wrote that in l33t but thought I’d spare you…damn, I just did it…oh well). And anyways, if you have really private eyes-only stuff you are communicating and you’re using Facebook Chat, well, you’re an idiot.
If you have a legitimate need for enhanced communications security, check out one of the services that have passed the EFF’s first set of checks. Their scorecard can be found here along with more detailed descriptions.Follow bernardfok