[messaging] EFF Secure Messaging Scorecard

Tom Ritter tom at ritter.vg
Tue Nov 4 09:26:43 PST 2014

On 4 November 2014 10:43, Joseph Bonneau <jbonneau at gmail.com> wrote:
> Hopefully we will be launching a more detailed version next year with many
> more evaluation criteria but would be curious to hear feedback on this
> version from other folks working in this space.

Icons of the tools, please.

I have a lot of minutia feedback otherwise:

Why was ChatSecure + Orbot not featured?  For that matter, why require
Orbot at all?

A general problem of explaining what you mean by things.  FaceTime +
"Can you verify contacts identities" is particularly confusing.  "I
can see them right there on video!"

Some footnotes explaining things would be helpful.  I'm not aware of a
third party firm saying they've auditing SilentCircle, so presumably
you count it as being audited 'in-house' (like Facebook).  But why
does SilentCircle get a check for that, but not Skype or Snapchat (who
presumably did the same thing.) That part seems pretty subjective :)

Subrosa was audited?  I looked at it for (literally) 5 minutes and
came away thinking "There is a bunch of weird stuff happening here".

Conversely, Telegram _has_ been audited (kind of) and paid out
$100,000 to someone for finding a flaw.

Accordingly to a public statement by iSEC Partners, Wickr includes a
way to verify identities.  We've previously discussed this, but if
this feature is not actually in the app that can be downloaded via the
App/Play store.... I'd love someone to email me about it.


More information about the Messaging mailing list