messages_exchange

Looking for a secure messaging tool? The Electronic Frontier Foundation just released a new scorecard comparing a wide variety of apps and services from email providers to video chat apps and graded them on their security habits. In a development that shocked precisely zero people, the only apps to get top marks were those specifically designed for secure communications like CryptoCat.

After that, Apple’s iMessage and FaceTime were rated the best services targeted at a mass-market audience. Skype was only checked off for two categories – encrypting data in transit and doing so in a way that prevents Microsoft from accessing it. Google and Facebook’s chat systems only encrypt data in transit, but they have had external reviews of their security, while Skype has not gone through an external audit.

skypeoutlook12One of the key areas where most of the providers fell down had to do with using a system that would secure past communications even if an attacker managed to get a hold of the key encrypting transmissions. It’s called Perfect Forward Security, and Apple’s services are the only mass-market chat and video messaging services to use it.

Like some of the EFF’s other scorecards, this one is clearly designed as a tool to push companies towards better security practices. Nate Cardozo, a Staff Attorney at the EFF, said in a press release that the group hoped it would start a “race-to-the-top” among communications providers that would lead to better practices.

The security-conscious apps that earned perfect (or near perfect) scores are good options for people who are seeking tip top security, but bringing those capabilities to the masses would help ordinary folks who don’t want to spend time thinking about security better protect their communications.

Still, it’s not clear if any of the major tech companies will ever get full marks on one of these scorecards, since doing so requires opening up source code of the applications in question for outside review. Microsoft allowed certain third parties to examine its Windows code following Edward Snowden’s disclosures about the NSA’s snooping habits, but that was only under very specific – and incredibly controlled – circumstances. I’m pretty sure that Apple’s response to being asked for its source code would be something close to a loud cackle.

Still, even if these companies don’t get perfect results, a rising security tide will lift all boats, and help people keep their conversations secure.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.