The best secure messaging apps that protect you from surveillance

If you use Skype, SnapChat, Facebook chat, WhatsApp, or Google off-the-record chat, then it’s time for you to rethink your digital communications strategy and switch to other more secure messaging programs that better protect your privacy. The EFF evaluated 39 messaging products and provided a Secure Messaging Scorecard to show which ones are easy to use yet secure enough to keep the government from snooping on your messages.

Secure
Credit: iStockphoto

If you use Skype, SnapChat, Facebook chat, WhatsApp, or Google off-the-record chat, then it’s time for you to rethink your digital communications strategy and switch to other more secure messaging programs. As part of a campaign to find "secure and usable crypto," the EFF evaluated 39 messaging products ranging from chat clients, text messaging apps, email applications, and voice and video call tools to let us know “which messaging technologies are truly safe and secure.”

The “best” programs for digital communications, according to the EFF’s Secure Messaging Scorecard, are:

Messenger products rated by EFF as secure EFF

The “freebie” options to protect your privacy while maintaining security include CryptoCat, which is a free chat program that works in popular web browsers and on iPhones; ChatSecure for secure chats over iPhone or Android – Android can be combined with Orbot, a free proxy app that uses Tor; smartphone calls can be secure by using Signal for iPhone or by using the RedPhone app for Android; and TextSecure for sending secure texts on Android.

The pay for privacy and security app options with perfect scores included Silent Text for iOS and for Android and Silent Phone for iOS and for Android. The apps are free, but using them means paying a $9.95 monthly subscription.

It’s important to note that the EFF conducted neither vulnerability assessments nor in-depth technical analyses on the encryption applications. The communication products reviewed have a “large user base,” are easy to use and are “strongly secure.” Each messaging tool was rated “on a range of security best practices.” The end game is to identify programs that can protect people’s communications from government surveillance.

As Joseph Bonneau from Princeton University pointed out, “It’s important to realize we’re mostly grading for effort here and not execution. We’re still a long way from being able to state with confidence how much security apps are actually delivering.”

Hopefully that clears up any confusion for those of you who read “How Secure is TextSecure” (pdf). After German security researchers audited TextSecure, they presented “an Unknown Key-Share Attack on the protocol” as well as mitigation strategy that could be applied so that TextSecure’s “push messaging can indeed achieve the goals of authenticity and confidentiality.”

The reason for the thumbs up approval is that the above secure messaging products met all of the following seven criteria: Your communications are protected from snooping eyes because they are encrypted in-transit and encrypted with a key that a provider can’t access; past communications are secure even if the keys are stolen; you can independently verify your correspondent's identity; the code is open to independent review and has undergone an independent security audit; and the crypto design has been well-documented.

Next-best secure communication tools

Six communication tools missed achieving a gold star across the board by one criteria.

The two communication programs deemed insecure if your keys are stolen are Mailvelope and Subrosa.

  • Mailvelope provides OpenPGP encryption for webmail and comes preconfigured for Gmail, Yahoo Mail, Outlook.com and GMX. It is available as a Firefox add-on or as a Chrome extension.
  • Subrosa is an encrypted communication platform for chatting, voice calls or video chats.

Four messaging programs missed a perfect score because the code has not been audited. Those are:

Popular but not very secure chat programs

Other messaging apps fell somewhere in the middle, but here are some that people I know insist upon using. FYI: Just because a chat program is popular doesn’t mean you should be using it. SnapChat, WhatsApp, Facebook chat and Google off-the-record chat scored poorly, only doing well in the two the areas of encrypting messages in-transit and the code has been audited. The only two Skype managed to pass were encryption in-transit and encrypted so the provider can’t read the messages.

Popular but not secure chat messengers EFF

"The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren't protected by encryption," said EFF Technology Projects Director Peter Eckersley. "Many new tools claim to protect you, but don't include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message."

Insecure messaging products

Insecure messaging products EFF

No one is suggesting you start sending messages in a bottle, but AIM, BlackBerry Messenger, Hushmail, Secret, Viber and Yahoo Messenger are a few that only passed one, encryption in-transit, meaning if you use these for messaging then it’s time to kick them to the curb. Mxit and QQ failed across the board.

Message in a bottle Susanne Nilsson

I highly encourage you to review the entire Secure Messaging Scorecard and then take action by using the secure ones that can best protect your privacy from widespread Internet surveillance.

The brave new world of Windows 10 license activation
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies