Wickr, a cellphone encryption app that was recently profiled on CNBC, lost points for not disclosing its underlying code or its underlying cryptographic protocols, and for not having a way for users to verify each others' identity. Similarly, Apple's iMessage and FaceTime encrypted texting and video calling programs lost points because its software code is not open for public review.Īlso, some tools that are popular in the press didn't fare well. Gnu Privacy Guard, an often used email encryption program, fell short of the top score because it has not been audited and past communications can be compromised if the user's secret key is stolen (by theft of a laptop, for instance). Surprisingly, some popular encryption programs didn't fare well in the rankings. "You pay us for a service and a product with money, not with your data or through ad dollars." "Our architecture, network and technology is built to not have any user data," he says. "Most free apps don't or cannot support this," without selling ads or user data. "It takes a lot of money to have a robust, always-on and high-quality service," he said. Mike Janke, CEO of Silent Circle, says that the only way to offer real privacy is to charge users. The apps are free to install but users must sign up for a $9.95 monthly subscription service. "The contacts from your device are never transmitted anywhere," says Open Whisper Systems security expert Moxie Marlinspike.Ī pricier option is available from a pair of highly ranked encryption apps for Android and iPhone, Silent Text and Silent Phone. The company's Signal app also tries to give users' some anonymity by using a sophisticated system called a " bloom filter," that allows users to find each other without sharing their address books. All the apps are free and relatively simple to use. Being recognized as a secure tool, "is a huge deal."Ī lineup of three cellphone apps from San Francisco-based Open Whisper Systems also received perfect scores: Signal, for making secure phone calls on iPhone RedPhone for secure phone calls on Android and TextSecure, for sending secure texts on Android. He funds his Web hosting bills through donations, and he pays himself by working as a software consultant and selling Cryptocat stickers and t-shirts. Since then, he has raised about $150,000 in grants to help pay developers to work on improvements to the software. "It wasn't anything serious," Kobeissi told me.īut his tool won attention after it won a prize in a New York hackathon in 2012. Nadim Kobeissi created Cryptocat in 2010 as an experiment when he was a 21-year-old student at Concordia University in Montreal. One program that scored well was Cryptocat, a free chat program that can be installed in any Web browser and was famously used by journalist Glenn Greenwald while he was in Hong Kong meeting with Snowden. "We're still a long way from being able to state which confidence how much security apps are actually delivering." "It's important to realize we're mostly grading for effort here and not execution," said Bonneau. Still, some tools scored highly enough that users can feel confident that they take encryption seriously. And many of the tools are run by rag-tag teams of volunteers, which could mean that they won't last. And few tools provide much anonymity – so even if your messages are unreadable by anyone but you, your contact list could still be exposed. All the tools require both people communicating to install software. Keep in mind, even an unbreakable encryption tool can be circumvented by hackers or spies that secretly install software on a computer or phone that hijacks communications before it is encrypted.Īnd even the best encryption tools still don't do enough. The criteria aim to assess whether the tool is designed to combat threats such as backdoors secretly built into the software, Internet eavesdroppers, or tricksters who steal the secret "keys" that users must safeguard to keep their communications secure. Working together, we chose seven technical criteria on which to rank encryption tools. So I turned to two experts - Joseph Bonneau at Princeton and Peter Eckersley at the Electronic Frontier Foundation - for advice about what to look for in encryption tools. Source: Electronic Frontier Foundation, ProPublica, Joseph Bonneauīut it's not easy to sort out which secret messaging tools offer true security and which ones might be snake oil. But even messages that are securely encrypted often do not obscure the identities of the sender and recipient. This is a ranking of encrypted messaging programs based on criteria aimed to assess whether they are well designed to make the content of the messages unreadable to anybody other than the sender and recipient.
0 Comments
Leave a Reply. |