spot_img
27.3 C
Philippines
Sunday, November 24, 2024

Are your messages secure?

WITH more than 573 million users worldwideóat least 8 million of them in the PhilippinesóViber is one of the most popular messaging platforms today. Unfortunately, it is also one of the least secure from prying eyes, along with Skype and Yahoo Messenger, according to the Electronic Frontier Foundation (EFF).

The non-profit foundation, which defends civil rights in the digital world, maintains a Secure Messaging Scorecard (https://www.eff.org/secure-messaging-scorecard) that keeps tabs on 38 messaging applications and measures how secure they are from snooping using seven criteria.

- Advertisement -

These criteria ask the following questions:

1) Is the message encrypted in transit? This criterion requires that all user communications are encrypted along all the links in the communication path. 

2) Is it encrypted so the provider can’t read it? This criterion requires that all user communications are end-to-end encrypted, which means keys needed to decrypt messages must be generated and stored at the endpoints, by users, not by servers.

3) Can you independently verify the identity of your contacts?

4) Are past communications secure if your keys are stolen?

5) Is the code open to independent review? This criterion requires that sufficient source-code has been published that a compatible implementation can be independently compiled.

6) Is security design properly documented? This criterion requires clear and detailed explanations of the cryptography used by the application.

7) Has there been any recent code audit? This criterion requires an independent security review has been performed within the 12 months prior to evaluation. This review must cover both the design and the implementation of the app and must be performed by a named auditing party that is independent of the tool’s main development team.

The scorecard, begun in 2014, was last updated in November 2015.

By far the least secure among all the messaging apps was Mxit, which passed none of the seven criteria.

Some of the most popular apps such as Skype, Viber and Yahoo Messenger met only one (Encrypted in transit) of the seven criteria. Others in this group were AIM, BlackBerry Messenger, Ebuddy XMS, Hushmail, and Kik Messenger. 

Slightly better were FaceBook chat, Google Hangouts, QQ, SnapChat, and WhatsApp, which met only two of the seven criteria.

On the other side of the scoreboard, the most secure messaging apps were Pidgin with Off-the-Record for Windows, Signal / RedPhone, Silent Phone, Silent Text, Telegram (using secret chats), and TextSecure, all of which met all seven criteria. 

Clearly, if you value communicating securely, any of these six are good bets. The problem is, most of your friends and colleagues are probably not using any of these apps and are on the more popular but less secure platforms instead.

On my Android phone, I use both Viber and Telegram, which are quite similar. I prefer Telegram, but most of the people I know are on Viber. It’s the old trade-off between convenience and security. 

ìMost of the tools that are easy for the general public to use donít rely on security best practices–including end-to-end encryption and open source code,î the EFF says. ìMessaging tools that are really secure often arenít easy to use…î

The scorecard, the EFF notes, is only the first phase of its campaign. In later phases, it says, the foundation plans to offer a closer examination of the usability and security of the tools that score highest on its scorecard.

The EFF says we shouldn’t read the results as an endorsement of particular messaging tools, but they do give us a better idea which projects are on the right track in terms of security. Chin Wong

Column archives and blog at: http://www.chinwong.com

LATEST NEWS

Popular Articles