Why We Shouldn’t Trust the Top Messaging Apps with Our Data
Most tech-savvy consumers are aware that they pay for the apps and services they use everyday with their data, but few keep tabs on the extent to which the platforms they use everyday may be exposing their data — and all of the conversations that they would like to keep private.
A tech company that has raised privacy concerns for years is Facebook. Facebook is the tech company most feared by adults in America, according to a recent poll conducted by CNBC. Forty-five percent of respondents said that Facebook most concerns them with regards to the collection of private data — followed by Google at 21% and Apple at 6.6%. But another 13% answered — with what could have only been an impressive degree of optimism, resignation, or naïveté — that privacy isn’t a concern for them.
As CNBC notes, Facebook has struggled to address consumers’ privacy concerns for years, but the issue became all the more visible when the social network removed the messaging feature from its primary app. Instead of chatting with their friends through the main app, consumers instead need to download the separate Facebook Messenger app, which has met wide criticism on the amount of personal data that it gathers.
But Facebook isn’t the only communication platform that should have its users worried. Messaging apps and services like Facebook Messenger are designed to enable users to easily communicate with each other from their phones or their computers, but the protection of users’ data and personal communications takes a back seat.
The Electronic Frontier Foundation’s “Secure Messaging Scorecard” showed that a majority of the top messaging apps and services fail to meet even basic standards for security. For example, many of the most popular messaging tools — Facebook’s chat, Google Hangouts, Snapchat, Viber, WhatsApp, and Yahoo Messenger — lack the end-to-end encryption that would protect users’ communications so that the messaging service provider can’t read them. What’s even worse is that several services with sizable user bases, like Mxit and QQ, have failed to implement any kind of encryption at all, essentially leaving all of the messages that users send unprotected.
EFF notes that messaging tools need to balance security and usability, but few do a good job of hitting the right balance between the two. “Most of the tools that are easy for the general public to use don’t rely on security best practices–including end-to-end encryption and open source code. Messaging tools that are really secure often aren’t easy to use; everyday users may have trouble installing the technology, verifying its authenticity, setting up an account, or may accidentally use it in ways that expose their communications.”
The Secure Messaging Scorecard represents the beginning of a collaborative campaign for “secure and usable crypto” on the part of EFF, Julia Angwin at ProPublica, and Joseph Bonneau at the Princeton Center for Information Technology Policy. Compiling the scorecard involved examining “dozens” of messaging services, from chat clients to text messaging apps, email applications to video calling technologies, and evaluating the security measures that each had implemented. As the scorecard notes, “These are the tools everyday users need to communicate with friends, family members, and colleagues, and we need secure solutions for them.”
To determine the security of each of the tools it analyzed, EFF looked at a variety of criteria, and the scorecard provides an easy visual guide to where each app or service succeeds and where it fails. EFF investigated whether apps enable user communications to be encrypted in transit, or encrypted with a key that the messaging service provider can’t access, which would mean that it needs to be generated and stored by users, not by the company’s servers. EFF also evaluated whether users can verify the identity of the people whom they’re speaking with over the platform, or if the communications that they’ve sent in the past remain secure if their keys are stolen.
EFF also investigated whether messaging services’ source code — or the portions of the code that relate to communication and encryption — is open to independent review for the detection of bugs, back doors, and structural problems, even if the code isn’t released under any specific free or open-source license. It also looked for each app or service’s cryptography design to be well-documented.
That would involve clear and detailed explanations — preferably delivered via “a white-paper written for review by an audience of professional cryptographers” — of the algorithms and parameters in use at each step of the encryption and authentication process, how keys are generated and stored, the life cycle of keys and the process for users to change or revoke their keys, what properties and protections the software provides, and in which scenarios the protocol isn’t secure.
Finally, EFF also investigated whether an independent security audit had been performed in the 12 months prior to an app’s evaluation for the scorecard. An adequate review would need to cover both the design and implementation of the app, and would also have to be performed by a “a named auditing party” that’s independent of the app or service’s main development team. A review by an independent security team within a large organization, for instance, is sufficient to satisfy the requirement.
As TechCrunch’s Sarah Perez points out, even if the details of the scorecard and EFF’s methodology are a little too technical for the general consumer, the conclusion drawn from them should be clear: the messaging services and apps that we trust with our private communications aren’t nearly as secure as they should be to adequately protect our data.
The scorecard illustrates that in the tug of war between usability and security, messaging providers err on the side of usability, forgoing the best cryptology to make tools that will be easy for large numbers of consumers to understand and use. Many providers are less focused on implementing the best security and more focused on augmenting their feature sets, and the problem is that the household names in messaging services and apps aren’t the ones who are interested in making their platforms more secure or in educating their users as to how their data is protected.
Some of the most secure services on the scorecard are much less ubiquitous than the household names in messaging apps, and many are built specifically to focus on privacy and security. A handful of services met all of the scorecard’s criteria for a secure messaging platform, including ChatSecure, Cryptocat, Signal/RedPhone, Silent Phone, Pidgin, Silent Text, and TextSecure.
A few more met all of the criteria but one, including Jitsi, Mailvelope, Adium, RetroShare, and Subrosa. Even iMessage and Facetime scored reasonably well, falling short on only two counts by failing to let users verify their contacts’ identities and to make the apps’ source code open to independent security review.
While none of the most secure services are the most popular, some of the most popular, conversely, number among the least secure. Facebook met only one of EFF’s security criteria, and was joined in that unfortunate distinction by AIM, BlackBerry Messenger, Skype, Kik, Secret, and Yahoo Messenger — an alarming list of services that have become household names over the years. A further set of popular services fared only a little bit better, and among those that met just two of the criteria were more messaging standbys like Google Hangouts, Snapchat, Viber, and WhatsApp.
The data just goes to show that while consumers’ instincts to distrust Facebook’s use of their information is on the right track, it’s not just Facebook that should cause us to think twice. While the truly secure messaging platforms are less ubiqutious, less feature-focused, and in some cases less fun or less visually polished than their less-secure but more popular counterparts, we’d all do well to consider how much or how little we care to prioritize the privacy of the conversations we carry on over messaging platforms.
Facebook may be one of the least-secure platforms for conversations intended for the participants only, but resigning ourselves to fear of its power and data collection prowess would be to forget that there are alternatives. EFF hopes that there will soon be more, writing that its scorecard and campaign are intended to inspire “a race-to-the-top, spurring innovation around strong crypto for digital communications.”