[messaging] EFF Secure Messaging Scorecard
Tom Ritter
tom at ritter.vg
Tue Nov 4 09:26:43 PST 2014
On 4 November 2014 10:43, Joseph Bonneau <jbonneau at gmail.com> wrote:
> Hopefully we will be launching a more detailed version next year with many
> more evaluation criteria but would be curious to hear feedback on this
> version from other folks working in this space.
Icons of the tools, please.
I have a lot of minutia feedback otherwise:
Why was ChatSecure + Orbot not featured? For that matter, why require
Orbot at all?
A general problem of explaining what you mean by things. FaceTime +
"Can you verify contacts identities" is particularly confusing. "I
can see them right there on video!"
Some footnotes explaining things would be helpful. I'm not aware of a
third party firm saying they've auditing SilentCircle, so presumably
you count it as being audited 'in-house' (like Facebook). But why
does SilentCircle get a check for that, but not Skype or Snapchat (who
presumably did the same thing.) That part seems pretty subjective :)
Subrosa was audited? I looked at it for (literally) 5 minutes and
came away thinking "There is a bunch of weird stuff happening here".
Conversely, Telegram _has_ been audited (kind of) and paid out
$100,000 to someone for finding a flaw.
Accordingly to a public statement by iSEC Partners, Wickr includes a
way to verify identities. We've previously discussed this, but if
this feature is not actually in the app that can be downloaded via the
App/Play store.... I'd love someone to email me about it.
-tom
More information about the Messaging
mailing list