Difference between revisions of "GNU/consensus/Secure Messaging Scoreboard"

Revision as of 01:24, 13 November 2014

Motivation

The Electronic Frontier Foundation published a Secure Messaging Scoreboard as the first phase of a promising campaign about Secure and Usable Cryptography. That is a good first step, but in the wrong direction: it fails to take into account NSA blanket surveillance programs such as PRISM, as if the plethora of new spying information could cover the scandal of NSA corporate partners. Moreover, it provides a fake sense of legitimacy to proprietary software that is audited independently by, wait for it: "an internal security team", while unticking most of the free software for not having received any formal security audit (that should be an incentive for people to sponsor one for their favorite software). When confronted with this, the EFF tries to minimize the situation--they have their reasons, explained at What Makes a Good Security Audit, and yes counting on extraordinaire individuals to do the right thing should be enough (unless they move on, etc.).

But the most important critique, that requires an alternate scoreboard, is that it does not build on the existing community work, and puts everyone and everything in the same bag, flattening the landscape of messaging solutions. Such flattening can be seen as whitewashing, and give false impressions. Our approach will therefore focus on building upon existing community work, and focusing on threat models and core features to discriminate among messaging solutions. We understand the objective of the EFF's Secure Messaging Scoreboard, and respect their choice of starting from where the users are. But we disagree on how to present such solutions. Hopefully our work will prove useful to the EFF at some point.

We'll be using two main sources for our scoreboard:

the in-depth analysis of Secushare Capability Comparison.
the rich and community-maintained catalogue of alternative solutions at PRISM ⚡ Break.

Which apps and tools actually keep your messages safe?

Quoting from EFF's scoreboard: In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? No, they are not.

In order to keep things simple, we consider two categories: #Compromised and #Broken (#OK is an extra one to show upcoming or geeky alternatives):

COMPROMISED messaging systems are proprietary and "open" solutions without oversight on the software code, the system's operation, or presenting fatal flaws in their architecture. This category is a simple list of solutions that should be avoided because they won't deliver what they promise. If we have time and interest, we can describe why it is so more precisely, although most of them are documented elsewhere.
BROKEN messaging systems are (mostly) free software solutions that can be fixed to provide an acceptable level of privacy, and those are compared for the kind of threats they can thwart, and the ones they cannot. This can be useful for users who want to defend against specific types of threats, and for developers to choose what direction to take depending on the objectives set forth among their communities.
OK messaging systems are free software solutions that are designed with privacy in mind, but also with thwarting global surveillance as a primary objective. That means any two interlocutors using these systems could not be matched by an all-seeing-eye watching both sides of the communication, and doing black magic counting packets and monitoring flows.

Criteria

One important thing you need to remember at all times: this is not a Chinese restaurant order, where you pick numbers and receive food. Those criteria are there to help you discriminate tools according to your needs, but your wants will get the last supper if you let them. Choose convenience or the cake with the cherry on top at your own risk. In any case, remember that NSA-style threat is very difficult to defend against, and in most cases impossible, unless you have elite hacker skills, lots of patience, infinite discretion, you have no shadow, do not take planes, do not use banks and credit cards, do not use phones, and your image does not reflect in mirrors. In other terms: be realist when considering what you're using and for which purpose, and be wary of anything that promises bullet-proof security: you are not bullet-proof when they fail.

Risk: What are you exposing yourself to. Hiding from your spouse is probably different from surviving for the next 24 hours, unless your spouse is seriously abusive--many are around the world.
Goodwill: Not all people or entities are made equal. Some amend, most don't. And then, you have Google, a whole complex octopus by itself, providing both good and evil (don't).
Technology: Various technologies trigger different risks. Some may cause inconvenience, other may be unavailable at your site, yet others could send you to your grave.

Risks range from "Ssssh, it's a surprise" up to "Incoming drone!", and obviously, nothing will help you if you're trying to be the next Chelsea Manning and you're leaking NSA documents over What's App. Technology can't cure stupidity.

Goodwill can be summarized as "The Good, the Bad, and the Ugly." The Good is making efforts to protect you--among them, some are even ensuring they cannot be neither Bad or Ugly, technically. The Bad is making efforts to keep you as a customer--including spying on you or selling your data if that allows them to provide "a better service". The Ugly is ratting at any opportunity--they're the enemy, just keep them away from your loved ones.

Technology is a great debate. There's obviously broken tech, there's somewhat naïve tech that wants to be strong, and then, there's great tech. The latter often comes with a terrible bug: it does only a number of things very well, and probably not much else. That's because to make great technology, a lot of work is required. It's not just putting a nice button here, and a responsive design there. There are shitloads of complex issues that may be solved, and some that won't. As for security, technology is mostly a matter of trade-offs.

Legend

Each Line has the following columns:

Legend of table 2
Acronym		Description	Correspondence with EFF's SM Scoreboard
SN	System Name	The name of the software, application, or service considered.	NA
ST	System Type	Whether it's a proprietary or free software, a phone application, a web service, or else.	NA (Is the code open to independent review?)
UX	Whether it's easy to use or requires skillz (easy, medium, hard)
CV	Contact Verification	Whether you can verify the identity of your interlocutor, and ensure you are indeed talking to the right person.	Can you verify contact's identity
FS	Forward Secrecy	Whether past communications are protected if the encryption key is compromised	Are past comms secure if your keys are stolen?
DD	Documented Design	Whether the security design is properly documented and available.	Is security design properly documented?
SA	Security Audit	Whether the code has been audited for security issues recently (linked to the report if it's public)	Has there been any recent code audit?

We left apart EFF's "Encrypt in transit?" column, because any application that does not use any encryption at all is compromised, and not part of the table. We left apart EFF's "Encrypted so the provider can't read it?" column as well, because any application that does not use end-to-end encryption is a serious threat, and considered #Compromised.

Here we go...

Compromised

There is one simple criterion for considering a compromised messaging system: it's made by a company that it depends on, and you don't know how it works. Security by obscurity is as good as you can't find the switch. Then, you're caught naked in the bright light.

Apple Facetime: malware company and PRISM target
Apple iMessage: malware company and PRISM target
AOL AIM: Legacy proprietary software from AOL, a PRISM target
BlackBerry Messenger: Proprietary software and hardware from Research in Motion
Ebuddy XMS: Adware: does not use end-to-end encryption
Facebook Chat: Spyware company and PRISM target. Does not use end-to-end encryption
Google Hangout "off the record": Spyware company and PRISM target. Does not use end-to-end encryption, not to be confused with OTR
Hushmail: Good reputation. So what? Nixon had a good reputation too.
iPGMail: Proprietary PGP app for iOS. Great idea, that's better than nothing at all. Keep in mind that by putting your GPG key on your iThing, you're compromising it.
Kik: Adware: does not use end-to-end encryption. 150 million products love Kik.
Mxit: From the EFF's SMS: does not use any encryption in transit
QQ: From the EFF's SMS: does not use any encryption in transit

Broken

Broken Messaging Systems
SN	ST	UX	CV	FS	DD	SA
BlackBerry Protected	Proprietary platform (SW and HW)	easy	Yes	No	No	Yes	No
ChatSecure+Orbot	GPLv3+ XMPP+OTR for Android	easy	Yes	Yes	Yes	Yes	Yes
Cryptocat	AGPLv3+ Web browser extension	easy	Yes	Yes	Yes	Yes	Yes
Jitsi + OStel	LGPL application	medium	Yes	Yes	No	Yes	No
Mailvelope	GPLv3+ Web browser extension	easy	Yes	Yes	No	Yes	Yes
Off The Record (OTR)	E2EE

OK

Woohoo! All is not bleak on Planet Earth! They are some people interested in addressing our electronic communications issues. Some of them actually think straight, long term, and are willing to find solutions that will last and actually improve our human condition beyond sharing cat pictures. No, there's nothing there yet. When we have a widely deployed 1.0, let's do that.

All OK messaging systems share the following features^[1]:

OK Messaging Systems Features
Feature	Class	Description
Free Software	Required	A free license ensures the code is accessible for use, review, sharing, and modification.
End-to-End Encryption	Required	No one else than you and your correspondent can read your conversation.
Authentication	Required	You are assured your correspondent is always the same person.
Forward Secrecy	Required	If you lose control of your private keys, no previous conversation is compromised.
Deniability	Optional	Messages are guaranteed to be authentic during the conversation, but can be forged afterwards.

Working Messaging Systems
System Name	Type	Primary Use	Availability
System Name	Type	Primary Use	Desktop	Mobile
Freenet	Anonymity Network	File sharing, Conversation	GNU systems	No
GNUnet	Peer-to-Peer framework	File sharing, Conversation	GNU systems	No
I2P	Anonymity Network	Access to .i2p space	Desktop	Android
RetroShare	Anonymity Network	Access to RS space	Desktop	No
Tor	Anonymity Network	Proxy to access the Web or .onion space	Desktop	Android

↑ Some descriptions are taken from OTR

[1] Some descriptions are taken from OTR

[1]

Navigation menu