The Electronic Frontier Foundation has released a secure messaging scorecard grading most of the world’s instant messaging apps. Its intention is to draw attention to privacy concerns surrounding government snooping. The scorecard is only the first step in a multi-phase plan to assess the security practices of online messaging.
Each service is graded on seven points that examine its encryption level and whether the code has been properly audited. This leaves many popular services languishing with very low scores, mostly due to the fact that they do not properly document security practices or provide adequate protection for users.
BlackBerry Messenger, Viber, and Yahoo Messenger only managed a single point each. Coming in very low because all three only encrypt data on the user end, and not while it is stored on servers. The three also fail to provide protect past communications in the case the device is stolen, the ability to verify contact identities, or open the code to review. However, not many other instant messaging services scored on these three points either.
WhatsApp, Facebook Messenger, and Google Hangouts barely did any better by scoring two points each; all for allowing their security code to be audited. The most secure instant messenging app were naturally those that are constructed with privacy in mind; this includes RedPhone and Silent Phone.
The EFF admits that security and user accessibility are often mutually exclusive goals, as making a secure service also tends to make it difficult for anyone to easily use. Users who are not familiar with security practices could also end up using the service in ways that expose their information, leaving the point of having a secure messaging service moot.
In case anyone wonders what is the lowest scoring service is, that dishonour goes to the China’s QQ. This should come as no surprise as it is an open secret that the Chinese government spies on its citizens through the IM service.