Secure Messaging? More Like A Secure Mess says EFF who explains why they archived their original Secure Messaging Scorecard
"So we have decided to take a step back and share what we have learned from this process: in sum, that secure messaging is hard to get right—and it’s even harder to tell if someone else has gotten it right."
So How Does End-to-End Encryption Work? When two people want to communicate securely (for example, Akiko and Boris) they must each generate crypto keys. Before Akiko sends a message to Boris she encrypts it to Boris's key so that only Boris can decrypt it. Then she sends the already-encrypted message across the Internet. If anyone is eavesdropping on Akiko and Boris—even if they have access to the service that Akiko is using to send this message (such as her email account)—they will only see the encrypted data and will be unable read the message. When Boris receives it, he must use his key to decrypt it into a readable message.
End-to-end encryption involves some effort, but it's the only way that users can verify the security of their communications without having to trust the platform that they're both using. Some services, such as Skype, have claimed to offer end-to-end encryption when it appears that they actually don't. For end-to-end encryption to be secure, users must be able to verify that the crypto key they're encrypting messages to belongs to the people they believe they do. If communications software doesn't have this ability built-in, then any encryption that it might be using can be intercepted by the service provider itself, for instance, if a government compels it to.
So the bottom line is that users can't just take a service provider's word that the messaging service they have provided is true end-to-end encryption. End-to-end encryption has become a marketing buzzword with many.
|Secure Messaging? More Like A Secure Mess.
There is no such thing as a perfect or one-size-fits-all messaging app. For users, a messenger that is reasonable for one person could be dangerous for another. And for developers, there is no single correct way to balance security features, usability, and the countless other variables that go into...