Pinterest Stumbleupon Whatsapp
Ads by Google

The Electronic Frontier Foundation (EFF) is a lobby group dedicated to “defending civil liberties in the digital world”. At MakeUseOf we love what they do. I’ve featured their work before in my explanation of warrant canaries The Privacy Mine: National Security Letters and Warrant Canaries Explained The Privacy Mine: National Security Letters and Warrant Canaries Explained Read More and many other authors have also written articles that cite them.

As well as actively campaigning around issues like Net Neutrality What Is Net Neutrality & Why Should I Care? What Is Net Neutrality & Why Should I Care? A significant number see Net Neutrality as essential to the survival of the Internet. In this article, we're going to look at why Net Neutrality matters, and why we should fight to protect it. Read More and the Stop Online Piracy Act (SOPA) SOPA And PIPA Abandoned After Day Of Internet Activism [News] SOPA And PIPA Abandoned After Day Of Internet Activism [News] As the day of online activism opposing SOPA and PIPA continued, supporters quickly began to have second thoughts. Now, the final blows have been struck. Senator Harry Reid has decided to put the Protect IP... Read More , the EFF also publishes information about what companies support your civil liberties online Who Is Fighting On Your Behalf Against The NSA And For Privacy? Who Is Fighting On Your Behalf Against The NSA And For Privacy? There are several Internet activism groups who are fighting on your behalf for privacy. They are doing their best to educate netizens as well. Here are just a few of them that are incredibly active. Read More .

One of the many things they maintain is the Secure Messaging Scorecard. From the EFF:

The Secure Messaging Scorecard examines dozens of messaging technologies and rates each of them on a range of security best practices. Our campaign is focused on communication technologies — including chat clients, text messaging apps, email applications, and video calling technologies. These are the tools everyday users need to communicate with friends, family members, and colleagues, and we need secure solutions for them.

What Makes A Secure Messaging App

The Secure Messaging Scorecard scores the different communication apps on seven dimensions:

  • Are your messages encrypted at all stages of the communication?
  • Is the encryption end-to-end so the messaging company can’t access your communications?
  • Can you verify who you are messaging?
  • If your encryption keys are stolen, are you your previous communications safe?
  • Can the app’s code be independently reviewed?
  • Is the design and implementation of the cryptography documented and available for review?
  • Has the code and implementation been independently audited in the last year?

While on their own these dimensions don’t guarantee that a messaging app is secure, they highlight the apps that are more likely to be so. Even more importantly, if an app fails any of the first four criteria it can be considered unsecure to some degree.

Ads by Google

Popular? It’s Probably Insecure

The results of the scorecard are quite disturbing. Of the most popular communication apps — BlackBerry Messenger, Facebook Chat, iMessage, Skype, Snapchat, Viber and WhatsApp — only iMessage passed more than two of the tests.

muo_insecure

Most worryingly, all the parent companies, except for Apple, can decrypt and read your messages. Through programs like PRISM What Is PRISM? Everything You Need to Know What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More , government agencies can potentially access every message you’ve ever sent or received.

The Secure Communication Apps You’ve Probably Never Heard Of

There are, however, some apps that are genuinely secure. ChatSecure, Silent Phone and Silent Text from Silent Circle, and Signal, RedPhone and TextSecure from WhisperSystems all scored full marks in the EFF’s scorecard.
muo_secure

ChatSecure

chatsecure
ChatSecure is a free iOS and Android app that “uses well-known open source cryptographic libraries” such as XMPP, OTR, and Tor to ensure your messages remain private. With ChatSecure you can communicate with other app users and also anyone who uses an app that supports the same protocols.

You can download the app from iTunes or the Google Play Store.

Silent Circle

silentcircle
Silent Circle offers a subscription plan that covers two of the apps that got full marks in the EFF’s scorecard: Silent Phone and Silent Text. The apps are available for both iOS and Android. Silent Phone is for making encrypted voice, video and conference calls — think of it as a secure Skype.

You can even use Silent Phone to call non-users and the call will be encrypted. Silent Text is a secure alternative to most messaging apps. It’s feature set is pretty similar to WhatsApp or Facebook Chat.

Silent Circle is aimed at travelling business people who need security on the road. The plans start from $12.99 a month and include unlimited communications between Silent Circle members through Silent Phone and Silent Text. The difference between the plans is the number of monthly minutes you have for securely calling non-members with Silent Phone.

You can sign up for a plan on the Silent Circle website.

WhisperSystems

whispersystems
Like Silent Circle, WhisperSystems produces a couple of different secure apps. For Android, they have Red Phone and TextSecure, and for iOS they have Signal.

RedPhone integrates with your phone’s default dialler. If you call a friend who also has RedPhone installed, you’ll get the option to make an encrypted call rather than a regular cell call. TextSecure, similarly, integrates fully with your Android phone. It replaces the default text messaging app. If you send a message to another TextSecure user the data is automatically encrypted.

Signal — the iOS app — doesn’t integrate as fully with the operating system. It works just like RedPhone but is a standalone app. You can even call RedPhone users from it. Support for TextSecure style messaging is in development.

You can download RedPhone and TextSecure from the Google Play Store. Signal is available in the iOS App Store.

Personal Privacy Policy

There are countless threats to your privacy online. From hackers to the government. Even googling things related to online privacy can get you on a NSA watch list Your Interest in Privacy Will Ensure You're Targeted By The NSA Your Interest in Privacy Will Ensure You're Targeted By The NSA Read More .

All the apps featured in this article make it as hard as possible for people to intercept your communications. You don’t need to be a drug dealer to want your messages to be tough to intercept and read.

Are you aware of any more secure apps, or surprised by the results from the Secure Messaging Scorecard? Share your thoughts by leaving a comment.

  1. Aaqil Mahmood
    August 20, 2016 at 4:55 pm

    I would support Signal Messenger of Whispersystems

  2. Maxwell Smart
    July 19, 2016 at 11:56 pm

    i'm sorry but none of these are secure, any agency can see what is displayed on your screen with ease.

  3. HenryAdams
    November 12, 2015 at 10:09 pm

    I have been using wickr for a quiet while, as a companion to threema. Can only speak from usability point of view. Maybe it is going through growing pains. Have had issues with receiving messages, often much delayed. And occasionally, I had to manually clear things out after a major update. Learned to do this after I had contacted wickr. They have been very responsive though.

    I love the self-destruction feature. But, now others apps can do that securely too. I may give Telegram a try. Have heard good things about it.

  4. Ivan Aaw
    November 5, 2015 at 8:42 am

    How about wickr ? any people has try or use is ? write a review please..

  5. Random
    May 13, 2015 at 8:38 pm

    Telegram is the most secure messaging app currently available in my own humble opinion. It combines the reliability of whatsapp with top notch security. Try comparing it to Threema, textsecure and Wickr. Both Threema and textsecure do not delete messages from both ends and Wick doesn't let you choose when to destroy your messages

  6. Anonymous
    May 9, 2015 at 4:48 am

    Is snap chat and kick bad

  7. Abstraxt
    May 1, 2015 at 3:55 pm

    Harry, you might want to update your article. As of February 2015, Telegram was audited (both regular and secret), and Telegram secret chat is now a 7/7 (as much as I hate admitting it xD)

  8. aaronblck
    March 31, 2015 at 5:30 pm

    so what's ideal to use if your hoping to use your jabber

  9. javier
    March 21, 2015 at 6:49 pm

    @SAM.N , matrix uses webrtc, which do not provide real strong encryption, it uses srtp which i could intercept and decode EASILY. Send me your email so i send you how to intercept it. @Dann Albright RElated to silent circle, it is funny but THEY themself put on the website that they could intercept the call if a warrant is sent to them, so if it is real end to end which is NOT possible to intercept, they offer the law interception means NO security at all. View this my friend: http://postimg.org/image/eln4xf35d/

    • pat
      March 21, 2015 at 5:10 pm

      temperman thanks,,i think people find this hard to believe that whatsapp is secure now

  10. Mike Davis
    February 25, 2015 at 9:13 pm

    So what about Whatapp does the scorecard change since they added end to end encryption via textsecure protocol.

  11. Sam N.
    February 2, 2015 at 10:35 pm

    I would definately reccommend Matrix.org as a secure messaging service and ecosystem. And what's unique about them it as it basically allows to create and host your own real-time communication infrastructure with end to end encryption using WebRTC singalling. Other messaging services such as the ones listed above can easily integrate with Matrix as it is open and interoperable too. They're pretty much an improved version of Xmpp.

  12. desertrat
    January 26, 2015 at 8:49 pm

    The biggest two security issues aren't discussed here.

    First, if you're [currently] within 100 miles the U.S. border, you're in a Port of Entry Zone, and subject to having it seized, having to give up passwords etc to LEO or Agency types.

    Second, if your device is seized as part of an arrest by LEO, you are again compelled by law to give up passwords etc. as part of the process.

    Failure to comply in case 1 or 2 will result in additional criminal charges being added, the destruction of you devices during a 'forensic investigation' without compensation other than [rarely] homeowner's/renter's insurance. Also take a look at recent SCOTUS 4th & 5th Amendment Rulings.

    A vicious circle, but just sayin'.

  13. desertrat
    January 26, 2015 at 8:47 pm

    The biggest two security issues aren't discussed here.

    First, if you're [currently] within 100 miles the U.S. border, you're in a Port of Entry Zone, and subject to having it seized, having to give up passwords etc to LEO or Agency types.

    Second, if your device is seized as part of an arrest by LEO, you are again compelled by law to give up passwords etc. as part of the process.

    Failure to comply in case 1 or 2 will result in additional criminal charges being added, the destruction of you devices during a 'forensic investigation' without compensation other than [rarely] homeowner's/renter's insurance. Also take a look at recent SCOTUS 4th & 5th Amendment Rulings.

    A vicious circle, but just sayin'.

  14. W. A.
    January 24, 2015 at 4:43 am

    What about texting/calling app called Wiper?

  15. javier
    January 22, 2015 at 4:39 pm

    I TOTTALY disagree with the list, and also i have email EFF.org about this.
    Silent Circle products are ALL backdoor by US government (confirmed information) same as blackphone. Also, i request them to audit the code and they refuse. Whisper signal and redphone same. Server code is not shared for real audit (i am a government coder). Moreover, i have plenty of bugs of redphone that i could intercept any call. Some other bugs are public. So stay AWAY. Telegram SAME, the server code is NOT opensource, and i ask for it, and nobody share it. So, if you want a real secure call contact me and i provide you both FREE and opensource softphone and server.

    • Dann Albright
      January 22, 2015 at 6:03 pm

      Could you point us to some evidence that Silent Circle is accessible to the government? That's a claim I've never heard before. Also, Telegram, if I remember correctly, is partially open source, and they plan on releasing more of the code in the future.

      Also, "if you want a real secure call contact me and i provide you both FREE and opensource softphone and server"? Really? Get serious, man.

    • pat
      March 21, 2015 at 5:08 pm

      not a way here to contact you, what's the name of the app that you recommend javier?

  16. Jay
    January 22, 2015 at 1:36 pm

    "That's some bad hat, Harry."
    Sorry, I couldn't help myself.

    • Harry
      January 23, 2015 at 9:23 am

      Don't bring the hat into this. If I don't wear it, how else will commenters know I'm a filthy liberal! :P

  17. TheQ47
    January 22, 2015 at 9:58 am

    Harry gives the link in the article to see how other chat clients score.

    Telegram is listed as follows:
    Encrypted in transit? Y
    Encrypted so the provider can't read it? N
    Can you verify contacts' identities? N
    Are past comms secure if your keys are stolen? N
    Is the code open to independent review? Y
    Is security design properly documented? Y
    Has there been any recent code audit? N

    There is also a separate line for "Telegram (secret chats)" which has Yes answers all the way except for the final question "Has there been any recent code audit?"

    • Harry
      January 23, 2015 at 9:22 am

      The voice of sanity! Imagine, following the link to the full scorecard!? ;)

  18. Javier Madrid
    January 22, 2015 at 4:04 am

    We're still waiting for your answer about Telegram. Harry.

    • Harry
      January 23, 2015 at 9:21 am

      As you see in the source link to the EFF's messaging scorecard... it only gets 6/7.

  19. Michael
    January 22, 2015 at 2:18 am

    How dos telegram fair among these?

    • Harry
      January 23, 2015 at 9:20 am

      It got 6/7. Not enough to be included in the list.

  20. S N H
    January 22, 2015 at 12:08 am

    I would like to see telegram in this list... It's very secure..

    • Harry
      January 23, 2015 at 9:20 am

      It only scored 6/7. I only included apps that scored 7/7.

  21. Damian
    January 21, 2015 at 9:24 pm

    Why no Google Hangouts or Telegram mentioned they seem more popular no?

    • Harry
      January 23, 2015 at 9:20 am

      Google Hangouts because I picked out a random selection of common messaging apps. Telegram because it didn't score 7/7, and obviously, everyone's heard of it.

    • pat
      March 21, 2015 at 4:56 pm

      i just heard of telegram for first time today. Anybody any thots on Chadder? That's brutal that wickr code isn't available for review

  22. Dr. Weird
    January 21, 2015 at 6:43 pm

    The problem with all of these is that everyone you communicate with has to have the same app in order for it to be encrypted. Good luck with that.

    • Harry
      January 23, 2015 at 9:13 am

      Yep. That's the biggest issue with any sort of encrypted communication. But if you've something secret to talk about with someone, that's how you've gotta do it!

  23. sanny
    January 21, 2015 at 6:34 pm

    Yes, why no mention on telegram?.... Really curious... They say to be super sicure...

    • Harry
      January 23, 2015 at 9:12 am

      It didn't get a perfect score so I didn't feature it. It got 6/7 for secret chats. It's probably secure but it's not been audited recently.

  24. Siddhant
    January 21, 2015 at 2:52 pm

    Why no mention of telegram? I would really like to see how secure it is.

    • Harry
      January 23, 2015 at 9:11 am

      Then follow the source link! It scored 6/7 for secret chats. For regular it's not secure. I only featured perfect scores.

  25. Mel
    January 21, 2015 at 1:16 am

    What about an app called Wickr?

    • Dann Albright
      January 22, 2015 at 6:07 pm

      Last time I looked at Wickr, you could change the self-destruct timer from less than a minute to up to five days or so, but I don't remember there being any option for messages that are permanent. I could be wrong, but if that's still the case, that makes it a little less versatile than most other apps. I used it for a while, and it was a good app, but I like the idea of only destroying messages when you want to.

    • Harry
      January 23, 2015 at 9:09 am

      Wickr's code isn't available for review and it hasn't been independently audited so it only gets 5/7.

  26. Gerald C.
    January 21, 2015 at 12:53 am

    Why wasn't Telegram included in this list?

    • Harry
      January 23, 2015 at 9:08 am

      Because Telegram didn't score 7/7. And everyone seems to have heard of it.

    • Tricky
      May 22, 2015 at 11:19 pm

      Telegram can be found in this larger table.

      https://www.eff.org/secure-messaging-scorecard

  27. Richard
    January 20, 2015 at 6:19 pm

    Nothing said about "telegram". Would like to know it security status with respect to your chart

    • Saiful Zaree
      January 22, 2015 at 7:07 am

      I seconded this motion

    • Harry
      January 23, 2015 at 9:08 am

      Telegram is insecure. Telegram secret chats is secure but hasn't had its code recently audited. Also you seem to have heard of it.

  28. Rick
    January 20, 2015 at 5:44 pm

    I'd like to see Google Hangouts added to the main chart - just out of curiosity.

    • Harry
      January 23, 2015 at 9:07 am

      Hey Rick, Hangouts in encrypted in transit and has had a recent code audit but that's it. Not exactly secure!

Leave a Reply

Your email address will not be published. Required fields are marked *