Since the Snowden revelations people have been increasingly concerned about their privacy and sometimes very rightfully so. This focus on security and privacy has attracted a number of snake oil salesmen as well as legitimate and novel approaches to messaging security, and has prompted a fairly thorough consideration of the underlying security behind how we communicate.
In an effort to wade through the sea of messaging apps, the Electronic Frontier Foundation, in collaboration with ProPublica and the Princeton Center for Information Technology Policy, have introduced a project called "Secure Messaging Scorecard" which quite literally scores dozens of the most popular messaging apps. Included in the list is everything from AIM and Skype through to CryptoCat and WhatsApp.
The apps are scored based on 7 categories:
- Are the messages encrypted in transit?
- Are the messages encrypted so that the provider can't read it?
- Can the user verify contacts' identities?
- Are past communications secure if a user's keys are stolen?
- Is the code open to independent review?
- Is security design properly documented?
- Has the code been audited?
Above is an image showing how the different apps are scored.
The EFF mention on the page that 'level of security' and 'ease of use' often clash which is what stops the general public from using more secure communications methods. Looking at the list provided, the claim is very easily justified. All of the familiar apps-- such as Google Hangouts, Viber, Facebook Chat, Skype etc-- seem to be largely insecure. EFF hopes that their scorecard will "will serve as a race-to-the-top, spurring innovation around strong crypto for digital communications."
You can access the EFF's "Secure Messaging Scorecard" project here.