[messaging] EFF Secure Messaging Scorecard

Tao Effect contact at taoeffect.com
Wed Nov 5 20:45:09 PST 2014


I echo nikos questions, especially question #2:

> 2. How is Skype communications "encrypted so the provider can't read"
> verified? (or even more important how is this compatible with Prism? ;))

Sorry if I missed it, but I searched and don't believe he received an answer.

It seems to me this question also applies to Apple's iMessages, which can be read by the provider:

https://twitter.com/taoeffect/status/529841963378671618

Also, I don't believe Apple deserves the checkbox for "Are past comms secure if keys are stolen", since that does not appear to be the case:

https://twitter.com/taoeffect/status/529852246125981696

In summary, could someone please either provide an explanation for why Apple received these two checkbox, or could the EFF please update their table so that that Apple's iMessages is truthfully represented in the table?

Thank you,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Nov 4, 2014, at 10:02 AM, Nikos Roussos <comzeradd at fsfe.org> wrote:

> On 11/04/2014 06:43 PM, Joseph Bonneau wrote:
>> First version launched today: https://www.eff.org/secure-messaging-scorecard
>> 
>> This was a collaboration between tech advisers (primarily Peter
>> Eckersley and myself) and a good team of people with experience in
>> journalism and activism.
> 
> This is indeed a great tool. Kudos for work. Some comments:
> 
> 1. How is that iMessage, Facebook Chat or Hangouts are *independently*
> audited if there is no code available?
> 
> 2. How is Skype communications "encrypted so the provider can't read"
> verified? (or even more important how is this compatible with Prism? ;))
> 
> 3. There should be a column "Does is it require to provide your phone
> number?", which should be considered a security drawback (especially for
> journalists or their sources).
> 
> 4. Probably a column for extra points if an app can easily route traffic
> through Tor (like ChatSecure).
> 
> 5. Not 100% sure, but I think that pidgin/libpurple have been audited in
> the past.
> 
> 
> ~nikos
> 
> 
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141105/7420241c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141105/7420241c/attachment.sig>


More information about the Messaging mailing list