{"id":5060,"date":"2014-11-14T10:00:06","date_gmt":"2014-11-14T15:00:06","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5060"},"modified":"2020-02-26T15:10:37","modified_gmt":"2020-02-26T15:10:37","slug":"nine-secure-messengers","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/nine-secure-messengers\/5060\/","title":{"rendered":"The Nine Most Secure and Private Internet and Mobile Messaging Services"},"content":{"rendered":"<p>In the age of Internet surveillance, private and secure messaging is a necessity. The Electronic Frontier Foundation recently published a thorough analysis measuring the security and privacy of a long list of mobile and Internet messaging services.<\/p>\n<p>Some providers passed with flying colors, others struggled to make the grade and a number just plain failed. Today, we\u2019ll run through the good. Next week, we\u2019ll take a look at the bad.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Nine mobile and Internet messaging services offering strong #security and #privacy controls<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fd1ao&amp;text=Nine+mobile+and+Internet+messaging+services+offering+strong+%23security+and+%23privacy+controls\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>The EFF issued up or down grades to each service for seven categories. For Kaspersky Daily, service providers needed to answer in the affirmative to at least six or more of the following questions to make our list (though we\u2019ll grant honorable mention to any service with four or more checks):<\/p>\n<p>1. Is data encrypted in transit?<\/p>\n<p>2. Is data encrypted so that even the service provider can\u2019t read it?<\/p>\n<p>3. Can you identify the true identity of contacts?<\/p>\n<p>4. Does the provider practice what is known as perfect forward secrecy, meaning crypto-keys are ephemeral so a stolen key won\u2019t decrypt existing communications?<\/p>\n<p>5. Is the service\u2019s code open-source and available for public review?<\/p>\n<p>6. Are cryptographic implementation procedures and processes documented?<\/p>\n<p>7. Has there been an independent security audit in the last 12 months?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Which messaging technologies are truly safe &amp; secure? See EFF\u2019s<br>'Secure Messaging Scorecard' <a href=\"https:\/\/t.co\/eBVIY9xgGB\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/eBVIY9xgGB<\/a> <a href=\"http:\/\/t.co\/sBeF0QquAx\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/sBeF0QquAx<\/a><\/p>\n<p>\u2014 EFF (@EFF) <a href=\"https:\/\/twitter.com\/EFF\/status\/529744638882885632?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 4, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Altogether, the seven points are designed to measure which services offer the best protection against government surveillance, <a href=\"https:\/\/www.kaspersky.com\/blog\/darkhotel-apt\/\" target=\"_blank\" rel=\"noopener nofollow\">criminal snooping<\/a> and corporate data collection. That said, neither the EFF nor Kaspersky Daily are officially endorsing any of the following programs. The list merely indicates which applications are consistently following best practices.<\/p>\n<p><strong>The Golden Standard: Seven Checkmarks<\/strong><\/p>\n<p>The EFF reported that six applications managed to meet all seven criteria points.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192522\/chatsecure-300x146.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6706 size-medium\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192522\/chatsecure-300x146.png\" alt=\"chatsecure\" width=\"300\" height=\"146\"><\/a><\/p>\n<p><a href=\"https:\/\/chatsecure.org\/about\/\" target=\"_blank\" rel=\"noopener nofollow\">Chatsecure<\/a> is a free and open source encrypted chat application for iPhone and Android. It is developed by the Guardian Project and meets each of the EFF\u2019s qualifications, but only when used in conjuncture with the <a href=\"https:\/\/guardianproject.info\/apps\/chatsecure\/\" target=\"_blank\" rel=\"noopener nofollow\">Tor-powered Orbot privacy plugin<\/a>.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192521\/CryptoCat-150x150.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6698 size-thumbnail\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192521\/CryptoCat-150x150.png\" alt=\"CryptoCat\" width=\"150\" height=\"150\"><\/a><\/p>\n<p><a href=\"https:\/\/crypto.cat\/\" target=\"_blank\" rel=\"noopener nofollow\">CryptoCat<\/a> is an open source encrypted messaging service available on the Chrome, Firefox, Safari and Opera browsers, as well as <a href=\"https:\/\/www.kaspersky.com\/blog\/security-features-in-apple-os-x-yosemite\/\" target=\"_blank\" rel=\"noopener nofollow\">the Mac OS X operating system<\/a> and the iPhone. CryptoCat\u2019s developers were seeking funds over the summer to build an Android version and to enable encrypted video chat as well.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192521\/Signal-and-Redphone-300x138.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6694 size-medium\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192521\/Signal-and-Redphone-300x138.png\" alt=\"Signal and Redphone\" width=\"300\" height=\"138\"><\/a><\/p>\n<p>Signal, RedPhone and Textsecure are <a href=\"https:\/\/whispersystems.org\/\" target=\"_blank\" rel=\"noopener nofollow\">Whisper Systems<\/a>\u2018 respective secure messaging platform for iOS, and secure calling and texting platform for Android. Each is free and open-source and provides end-to-end encryption and secure storage.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192521\/Silent-Circle-300x199.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6693\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192521\/Silent-Circle-300x199.png\" alt=\"Silent Circle\" width=\"275\" height=\"183\"><\/a><\/p>\n<p>Silent Phone and Silent Text are <a href=\"https:\/\/silentcircle.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Silent Circle<\/a>\u2018s secure calling and messaging services. You have to pay for these services, but they\u2019re compatible with iOS and Android and work on the traditional desktop too. Silent Circle has also built its own secure smartphone with a modified Android operating system called <a href=\"https:\/\/www.kaspersky.com\/blog\/blackphone-review\/\" target=\"_blank\" rel=\"noopener nofollow\">Blackphone<\/a> and the company provides enterprise support for corporate clients.<\/p>\n<p><strong>Nearly Perfect: Six Checkmarks<\/strong><\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192520\/jitsi-150x150.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6707 size-thumbnail\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192520\/jitsi-150x150.jpg\" alt=\"jitsi\" width=\"150\" height=\"150\"><\/a><\/p>\n<p><a href=\"https:\/\/jitsi.org\/\" target=\"_blank\" rel=\"noopener nofollow\">Jitsi<\/a> is an open-source, encrypted audio and video Internet phone and instant messenger, and desktop sharing service. It supports a number of more popular messaging services, but when paired with the crypto-phone calling service, <a href=\"https:\/\/ostel.co\/\" target=\"_blank\" rel=\"noopener nofollow\">Ostel<\/a>, it missed only one of the EFF\u2019s marks: it hasn\u2019t been independently audited in the last year.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192520\/Mailvelope-300x225.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6695\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192520\/Mailvelope-300x225.png\" alt=\"Mailvelope\" width=\"200\" height=\"150\"><\/a><\/p>\n<p><a href=\"https:\/\/www.mailvelope.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Mailvelope<\/a> is a browser extension for sending encrypted emails under the OpenPGP encryption standard. The service is preconfigured for compatibility with Yahoo, Gmail, Outlook and GMX. It would have been with the golden standard group, if only it deployed perfect forward secrecy.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192520\/pidgin-adium-150x150.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6690 size-thumbnail\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192520\/pidgin-adium-150x150.jpg\" alt=\"pidgin-adium\" width=\"150\" height=\"150\"><\/a><\/p>\n<p><a href=\"https:\/\/adium.im\/\" target=\"_blank\" rel=\"noopener nofollow\">Adium\u2019s<\/a> off the record (OTR) messaging for Mac and <a href=\"https:\/\/pidgin.im\/\" target=\"_blank\" rel=\"noopener nofollow\">Pidgin\u2019s<\/a> version for Windows, are essentially plugins that deploy the OTR messaging into existing chat apps. OTR is a cryptographic protocol for messaging services. The two services are highly rated by the EFF, but neither has been audited independently in the last year.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192519\/Retroshare-300x211.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6689\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192519\/Retroshare-300x211.jpg\" alt=\"Retroshare\" width=\"200\" height=\"141\"><\/a><\/p>\n<p><a href=\"http:\/\/retroshare.cc\/index.html\" target=\"_blank\" rel=\"noopener nofollow\">RetroShare<\/a> touts itself as an open source, cross-platform, decentralized communication service. Users can securely chat and share files and authenticate one another\u2019s real identities. However, like a number of others falling into the nearly perfect category, Retroshare has not been the subject of an external audit.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192518\/subrosa-300x176.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6692\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/11\/05192518\/subrosa-300x176.png\" alt=\"subrosa\" width=\"250\" height=\"147\"><\/a><\/p>\n<p><a href=\"https:\/\/subrosa.io\/\" target=\"_blank\" rel=\"noopener nofollow\">Subrosa<\/a> is another end-to-end encrypted communications platform. It too would have received top-marks if only it were to deploy perfect forward secrecy so that past communications would remain secure if their cryptographic key became public.<\/p>\n<p><strong>Honorable Mention<\/strong><\/p>\n<p>Finally we also wanted to give partial credit to any of the services that passed on more than half of the EFF\u2019s questions. Apple\u2019s FaceTime and iMessage do pretty well on security best practices; iPGMail, PGP for Mac (GPGTools) and PGP for Windows (Gpg4win) are solid as well; the SureSpot encrypted messenger for iOS and <a href=\"https:\/\/www.kaspersky.com\/blog\/android-maximum-security-tips\/\" target=\"_blank\" rel=\"noopener nofollow\">Android<\/a> passed with five checks; as did the Telegram\u2019s cloud-based private messaging service; and end-to-end encrypted Threema messaging app.<\/p>\n<p>Check in with us next week for a list of the poorly secured messaging services. You can read <a href=\"https:\/\/www.eff.org\/secure-messaging-scorecard\" target=\"_blank\" rel=\"noopener nofollow\">the EFF\u2019s full report<\/a> and see how your favorite chat service stacks up.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Electronic Frontier Foundation recently graded a slew of mobile and Internet messaging services based on security and privacy. Here we detail the top scorers. <\/p>\n","protected":false},"author":42,"featured_media":5059,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[2412,218,43,835,97,690,744,131],"class_list":{"0":"post-5060","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-advice","9":"tag-mobile-security","10":"tag-privacy","11":"tag-secure-messaging","12":"tag-security-2","13":"tag-spying","14":"tag-surveillance","15":"tag-tips"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/nine-secure-messengers\/5060\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/nine-secure-messengers\/4365\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/nine-secure-messengers\/4294\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/nine-secure-messengers\/4824\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/nine-secure-messengers\/6089\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/nine-secure-messengers\/6684\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/nine-secure-messengers\/5482\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/nine-secure-messengers\/6089\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/nine-secure-messengers\/6684\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/nine-secure-messengers\/6684\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/advice-2\/","name":"advice"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5060"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5060\/revisions"}],"predecessor-version":[{"id":19157,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5060\/revisions\/19157"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5059"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}