A mere six of 39 leading messaging applications include the security features necessary to fully protect users’ communications online, according to a new analysis from the Electronic Frontier Foundation. Popular messaging apps like Facebook Chat, Apple’s iMessage, Skype and others failed the test meant to assess levels of user privacy.
The digital rights organization conducted the analysis to help companies that are working to develop higher levels of cryptography, amid the recent U.S. National Security Agency spying disclosures and growing communication insecurity. The EFF looked for seven factors in each of the 39 clients, finding that only ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text and TextSecure passed the test.
The seven factors include:
1. Is the message encrypted in transit?
2. Is it encrypted so the provider can’t read it?
3. Are users able to verify contacts’ identities?
4. If the security key is stolen, are past communications secure?
5. Is the source code open to independent review?
6. Is security design properly documented?
7. Has the code been audited?
“The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren’t protected by encryption,” EFF Technology Projects Director Peter Eckersley explained as part of the announcement. “Many news tools claim to protect you but don’t include critical features like end-to-end encryption or secure deletion.”
Apple led mass-market providers (iMessage passed five of the seven requirements), though a number of major messaging platforms like the desktop version of Yahoo Messenger, for example, provide no encryption at all.