EFF: Apple’s iMessage most secure “mass-market” messaging, lacks complete protection from targeted surveillance

The Electronic Frontier Foundation (EFF) today released a report examining three dozen messaging services and ranking them based on what it deemed are seven “security best practices.” While Apple scored the best among what the EFF called “mass-market options”, it didn’t do as well when compared to all 36 messaging services included in the report. Specifically, EFF noted Apple’s iMessage and FaceTime services failed to offer “complete protection against sophisticated, targeted forms of surveillance.”

Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance. Many options—including Google, , and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp—lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Several major messaging platforms, like QQ, Mxit, and the desktop version of Yahoo Messenger, have no encryption at all.

EFF used the following criteria in ranking the messaging services:

-Are messages encrypted in transit?
-Are communications encrypted so the provider can’t read it?
-Can you verify contacts’ identities?
-Are past communications secure if your keys are stolen?
-Is the code open to independent review?
-Is security design properly documented?
-Has the code been audited?

As highlighted in the graphic above, Apple’s iMessage and FaceTime services didn’t meet the criteria for making it possible to “verify a contacts’ identity,” as well as for not allowing independent reviews of its code. The top spots actually go to several services that met all of the criteria including ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure, which were able to meet all of the EFF’s criteria for security practices.

You can check out the EFF’s full Secure Messaging Scoreboard report here.

Like this:Like Loading…

Share This

BlackBerry goes on the offensive, claims five ways BBM trumps Apple’s iMessage

Apple details how it handles customer data, discloses government information request stats

Leave a Reply Cancel reply

Enter your comment here…

Please log in using one of these methods to post your comment:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your account. ( Log Out / Change )

You are commenting using your account. ( Log Out / Change )

You are commenting using your account. ( Log Out / Change )

Cancel

Connecting to %s

Notify me of new comments via email.

Notify me of new posts via email.

13 Responses to “EFF: Apple’s iMessage most secure “mass-market” messaging, lacks complete protection from targeted surveillance”

  • alanol says:

    November 5, 2014 at 12:53 pm

    Bogus.

    LikeLike

    Reply

    • mpias3785 says:

      November 5, 2014 at 1:05 pm

      Based on…? It looks like a fair assessment.

      LikeLiked by 1 person

      Reply

      • Just Need It For Dev (@jamesjones_det) says:

        November 5, 2014 at 1:16 pm

        For a large portion of the people who post comments on this site it’s either A or B

        A) They are saying an Apple something is not 100% secure so it must be false (Apple fanboy point of view).

        B) They are saying an Apple something is more secure than others so it must be false (Apple hater point of view).

        Nether is able to fathom the idea that people might read this and find it useful or interesting.

        LikeLiked by 1 person

      • mpias3785 says:

        November 5, 2014 at 6:12 pm

        I know, but sometimes if you provoke an answer an interesting discussion nay result.

        LikeLike

      • André Hedegaard Petersen says:

        November 6, 2014 at 12:18 am

        @mpias,
        You mean like trolling?

        LikeLike

      • mpias3785 says:

        November 6, 2014 at 7:21 am

        No, sometimes a person will elaborate in an intelligent manner and a discussion ensues.

        LikeLike

  • Edison Wrzosek says:

    November 5, 2014 at 1:09 pm

    Rock on  😉

    LikeLike

    Reply

  • Jim Phong says:

    November 5, 2014 at 1:38 pm

    “Apple’s iMessage and FaceTime services didn’t meet the criteria for making it possible to “verify a contacts’ identity,” as well as for not allowing independent reviews of its code.” … SO WHAT? Really… this proves what exactly? Why the heck Apple should release their own source code to anyone for reviewing? To get its secrets stolen and sold to competitors?
    They couldn’t demonstrate that iMessage was not secure…their own table shows that it’s the most secure actually…

    LikeLiked by 2 people

    Reply

    • Martin Robertson (@mrobertson21) says:

      November 5, 2014 at 1:48 pm

      dude you need to check your sugar intake for today or something..

      LikeLike

      Reply

    • Just Need It For Dev (@jamesjones_det) says:

      November 5, 2014 at 4:00 pm

      Wow you are my model for the response I gave to mpias3785.

      A) You didn’t read the source link, hence you don’t know that iMessage and Facetime didn’t get green across the board like some others (even if you exclude open source code review as I did).

      B) automatically assume this is somehow attacking Apple.

      C) “They are saying an Apple something is not 100% secure so it must be false”.

      You seriously need to take a step back and look at this data for what it is worth, not just automatically assume it’s an attack and jump off the handle or check your sugar intake as Martin suggested.

      LikeLike

      Reply

    • Mosha says:

      November 5, 2014 at 7:05 pm

      It’s O.K to be sceptical

      LikeLike

      Reply

    • Christoph Lindemann says:

      November 6, 2014 at 1:12 am

      if you want to comment on “their own table” you should probably first look at it … and not only look at the screenshot on top of the article. turns out there are services that meet all of their requirements.

      i think its strange to say that you cant verify the contacts identity in facetime … you are either talking to them or see a video of them … i guess that should be enough to verify 😉

      LikeLike

      Reply

  • jacosta45 says:

    November 5, 2014 at 2:23 pm

    This report was released yesterday… Just saying.

    LikeLike

    Reply

  • EFF: Apple’s iMessage most secure “mass-market” messaging, lacks complete protection from targeted surveillance