Secure messaging is a hard thing to achieve. Some services promise security, but are woefully bad at delivering it. Other services don’t necessarily promise security, but they still do a poor job of protecting user data. In order to help consumers when choosing messaging services, the Electronic Frontier Foundation created a scorecard that shows consumers which messaging apps have which weaknesses.
The questions asked to judge the apps and services include:
- Is the data encrypted in transit?
- Encrypted so the provider can’t read it?
- Is security design properly documented?
- Is the code open to independent review?
Each service received either a negative or a positive response, which makes up the simple rankings. Top services included Chatsecure, a messaging app that works across all platforms and bills itself as having unbeatable privacy, and CryptoCat, a plugin service that provides end-to-end encryption for chat messages.
Popular services like Snapchat, Skype, Kik messenger and Secret scored incredibly poorly, mostly because they have displayed high levels of data insecurity. Despite the reality that many services promise privacy and don’t deliver, consumers choose insecure messaging platforms anyway, because security tools are either misunderstood, or true solutions are difficult to use.
“Messaging tools that are really secure often aren’t easy to use; everyday users may have trouble installing the technology, verifying its authenticity, setting up an account, or may accidentally use it in ways that expose their communications,” reads a statement on the scorecard.
When security seems to get in the way of productivity or usability, users will often choose the more insecure option. Online security is kind of the domain of nerds, so convincing the general public to use more secure tools can be difficult. Hopefully something as simple as the scorecard will give consumers a quick-reference guide for how much they’re putting their data at risk, even if the scorecard isn’t perfect.