It’s not true to say that everyone has become more wary of their communications data since we heard the news of the capabilities of the spy agencies. However many more are concerned. For those that are the EFF have released a score card outlining the most secure messaging services. On top in the chart are relative newcomers to the encryption market, Silent Phone and Silent Text. Also on top is RedPhone and Text Secure aka Signal on iOS devices. Also scoring perfect points was CryptoCat and ChatSecure + Orbot (both of them running together.)
Each program has been tested against a list of requirements and for each it passed it got a green tick otherwise they’re given a red strike through. The different requirements were:
-Encrypted in transit?
-Encrypted so the provider can’t read it?
-Can you verify contacts’ identities?
-Are past comms secure if your keys are stolen?
-Is the code open to independent review?
-Is the security design properly documented?
-Has there been any recent code audit?
That’s a pretty stringent set of requirements to meet however I can see some potential caveats, one is that TextSecure currently requires Google Play services to run correctly, if you have this installed you are sending data to Google so although your communications through TextSecure will be perfectly safe you may be sending more data to Google where as if you were running a custom ROM without the Google additions with ChatSecure + Orbot you may be more secure if you take the entirety of the data that leaves your device into account. This ‘caveat’ however is mostly hypothetical however and may only pander to the someone slightly more cautious about Google.
Speaking of Google, their Hangouts protocol does very poorly in this test, the only items it passes on are: Encrypted in transit? Has there been a recent code audit? Even Apple’s iMessage beats it, only failing to get a pass mark on: Can you verify contacts’ identities? and Is the code open to independent review?
Worryingly the most popular services used did extremely poorly, although not unexpected by a long shot. These services include WhatsApp, Viber, Yahoo! Messenger, SnapChat, Skype, QQ, Kik, Facebook chat, BBM and AIM. If you use any of these services and want to see where they fall down then check the scorecard for more details. Most however do fall on: Encrypted so the provider can’t read it? There is a simple solution to this if you can rope your mates in to do the same as you. Use Pidgin or Adium and install the OTR plugin, then sign in to your accounts, they both support a ton of protocols and then you can send encrypted messages, but the recipient must be also running Pidgin or Adium with the OTR plugin.