GNU/consensus/Secure Messaging Scoreboard

From LibrePlanet
< GNU‎ | consensus
Revision as of 15:02, 12 November 2014 by Hellekin (talk | contribs) (Secure Messaging Scoreboard for immature adults who like things done properly.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Motivation

The Electronic Frontier Foundation published a Secure Messaging Scoreboard as the first phase of a promising campaign about secure and usable cryptography. That is a good first step, but in the wrong direction: it fails to take into account NSA blanket surveillance programs such as PRISM, as if the plethora of new spying information could cover the scandal of NSA corporate partners. Moreover, it provides a fake sense of legitimacy to proprietary software that is audited independently by, wait for it: "an internal security team", while unticking most of the free software for not having received any formal security audit (that should be an incentive for people to sponsor one for their favorite software). When confronted with this, the EFF tries to minimize the situation. But the more important critique, that requires an alternate scoreboard, is that it does not build on the existing community work, and puts everyone and everything in the same bag, flattening the landscape of messaging solutions. Hopefully our work will prove useful to the EFF at some point.

We'll be using two sources for our scoreboard:

  1. the in-depth analysis of Secushare Capability Comparison.
  2. the rich and community-maintained catalogue of alternative solutions at PRISM ⚡ Break.

In order to keep things simple, we consider two categories: #Compromised and #Broken:

  • COMPROMISED messaging systems are proprietary and "open" solutions without oversight on the software code, the system's operation, or presenting fatal flaws in their architecture. This category is a simple list of solutions that should be avoided because they won't deliver what they promise. If we have time and interest, we can describe why it is so more precisely, although most of them are documented elsewhere.
  • BROKEN messaging systems are free software solutions that can be fixed to provide an acceptable level of privacy, and those are compared for the kind of threats they can thwart, and the ones they cannot. This can be useful for users who want to defend against specific types of threats, and for developers to choose what direction to take depending on the objectives set forth among their communities.

In any case, remember that NSA-style threat is very difficult to defend against, and in most cases impossible, unless you have elite hacker skills, lots of patience, infinite discretion, you have no shadow, do not take planes, do not use banks and credit cards, do not use phones, and your image does not appear on any camera. In other terms: be realist when considering what you're using and for which purpose, and be wary of anything that promises bullet-proof security: you are not bullet-proof when they fail.

Which apps and tools actually keep your messages safe?

In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? No, they are not.

Compromised

There is one simple criterion for considering a compromised messaging system: it's made by a company that it depends on, and you don't know how it works. Security by obscurity is as good as you can't find the switch. Then, you're caught naked in the bright light.

TODO Put a list

Broken

TODO Put a table: name(link), version, criteria...

Working

Woohoo! All is not bleak on Planet Earth! They are some people interested in addressing our electronic communications issues. Some of them actually think straight, long term, and are willing to find solutions that will last and actually improve our human condition beyond sharing cat pictures. No, there's nothing there yet. When we have a widely deployed 1.0, let's do that.