[messaging] EFF Secure Messaging Scorecard

Nikos Roussos comzeradd at fsfe.org
Tue Nov 4 10:02:08 PST 2014


On 11/04/2014 06:43 PM, Joseph Bonneau wrote:
> First version launched today: https://www.eff.org/secure-messaging-scorecard
> 
> This was a collaboration between tech advisers (primarily Peter
> Eckersley and myself) and a good team of people with experience in
> journalism and activism.

This is indeed a great tool. Kudos for work. Some comments:

1. How is that iMessage, Facebook Chat or Hangouts are *independently*
audited if there is no code available?

2. How is Skype communications "encrypted so the provider can't read"
verified? (or even more important how is this compatible with Prism? ;))

3. There should be a column "Does is it require to provide your phone
number?", which should be considered a security drawback (especially for
journalists or their sources).

4. Probably a column for extra points if an app can easily route traffic
through Tor (like ChatSecure).

5. Not 100% sure, but I think that pidgin/libpurple have been audited in
the past.


~nikos


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141104/efd697d9/attachment.sig>


More information about the Messaging mailing list