The Electronic Frontier Foundation (EFF) today released a report examining three dozen messaging services and ranking them based on what it deemed are seven “security best practices.” While Apple scored the best among what the EFF called “mass-market options”, it didn’t do as well when compared to all 36 messaging services included in the report. Specifically, EFF noted Apple’s iMessage and FaceTime services failed to offer “complete protection against sophisticated, targeted forms of surveillance.”
Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance. Many options—including Google, Facebook, and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp—lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Several major messaging platforms, like QQ, Mxit, and the desktop version of Yahoo Messenger, have no encryption at all.
EFF used the following criteria in ranking the messaging services:
-Are messages encrypted in transit?
-Are communications encrypted so the provider can’t read it?
-Can you verify contacts’ identities?
-Are past communications secure if your keys are stolen?
-Is the code open to independent review?
-Is security design properly documented?
-Has the code been audited?
As highlighted in the graphic above, Apple’s iMessage and FaceTime services didn’t meet the criteria for making it possible to “verify a contacts’ identity,” as well as for not allowing independent reviews of its code. The top spots actually go to several services that met all of the criteria including ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure, which were able to meet all of the EFF’s criteria for security practices.
You can check out the EFF’s full Secure Messaging Scoreboard report here.
FTC: We use income earning auto affiliate links. More.
Bogus.
Based on…? It looks like a fair assessment.
For a large portion of the people who post comments on this site it’s either A or B
A) They are saying an Apple something is not 100% secure so it must be false (Apple fanboy point of view).
B) They are saying an Apple something is more secure than others so it must be false (Apple hater point of view).
Nether is able to fathom the idea that people might read this and find it useful or interesting.
I know, but sometimes if you provoke an answer an interesting discussion nay result.
@mpias,
You mean like trolling?
No, sometimes a person will elaborate in an intelligent manner and a discussion ensues.
Rock on ;)
“Apple’s iMessage and FaceTime services didn’t meet the criteria for making it possible to “verify a contacts’ identity,” as well as for not allowing independent reviews of its code.” … SO WHAT? Really… this proves what exactly? Why the heck Apple should release their own source code to anyone for reviewing? To get its secrets stolen and sold to competitors?
They couldn’t demonstrate that iMessage was not secure…their own table shows that it’s the most secure actually…
dude you need to check your sugar intake for today or something..
Wow you are my model for the response I gave to mpias3785.
A) You didn’t read the source link, hence you don’t know that iMessage and Facetime didn’t get green across the board like some others (even if you exclude open source code review as I did).
B) automatically assume this is somehow attacking Apple.
C) “They are saying an Apple something is not 100% secure so it must be false”.
You seriously need to take a step back and look at this data for what it is worth, not just automatically assume it’s an attack and jump off the handle or check your sugar intake as Martin suggested.
It’s O.K to be sceptical
if you want to comment on “their own table” you should probably first look at it … and not only look at the screenshot on top of the article. turns out there are services that meet all of their requirements.
i think its strange to say that you cant verify the contacts identity in facetime … you are either talking to them or see a video of them … i guess that should be enough to verify ;-)
This report was released yesterday… Just saying.
https://www.indiegogo.com/projects/buzz-your-talk-private
The only alternative….