Overview of the
security of Messengers

7. Mai 2020, Kire

(translated by Panos)

digiges.ch/slides/en/messenger.html

Digitale Gesellschaft
Digital Society

A non-profit organisation that provides information and advice on consumer and legal issues in the digital space, assesses technology impacts with regard to possible effects on basic and human rights and offers services, software projects and workshops on "digital self-defense".

Digitale Gesellschaft fights for our rights of freedom in a networked world.

Contents

  • Where is the danger?
  • Evaluation criteria
  • Letter post, Fax und Telephone
  • E-Mail and Messenger
  • Videoconference
  • Conclusion & Summary

Where is the danger?

  • Access to communication's content
    • Discussion, Fax, Mail
    • Deep interference with fundamental rights
    • Although complex to analyse

Where is the danger?

  • Access to Metadata
    • Who, when, where, with whom, how long
    • Network of relationships, movement profile
    • Simple to analyse by machines

Where is the danger?

  • Access by law enforcement authorities
  • Analysis by secret services
  • Data usage by service providers
  • Data is stolen

Where is the danger?

When the law and the constitution can no longer guarantee our rights to privacy, protection of sources, and professional secrets, encryption helps

Product comparison

Evaluation criteria I

  • No storage of metadata
  • Transport encryption
  • End-to-End encryption
  • Security/Code audits
  • Optional Identification
  • No address book upload/access

Evaluation criteria II

  • Open Standards
  • Open Source Software
  • Decentralized Architecture
  • User friendly

Post, Fax and Telephone

No Metadata
storage
Transport
encryption
End-to-End
encryption
Security/
Code Audits
Post ☆☆ ☆☆☆ ☆☆
Fax ☆☆
Fix telephone ☆☆
Mobile telephone ☆☆
SMS ☆☆

E-Mail

No Metadata
storage
Transport
encryption
End-to-End
encryption
Security/
Code Audits
Email with GnuPG ☆☆ ☆☆ ☆☆☆ ☆☆
Email with S/MIME ☆☆ ☆☆ ☆☆☆ ☆☆
Email ☆☆ ☆☆ ☆☆
ProtonMail ☆☆ ☆☆☆ ☆☆ ☆☆

Messenger

No Metadata
storage
Transport
encryption
End-to-End
encryption
Security/
Code Audits
Jabber/XMPP with
OTR or OMEMO
☆☆☆ ☆☆ ☆☆☆ ☆☆☆
Signal ☆☆☆ ☆☆☆ ☆☆☆ ☆☆☆
Threema ☆☆ ☆☆☆ ☆☆☆ ☆☆☆
Matrix ☆☆☆ ☆☆☆ ☆☆ ☆☆
Wire ☆☆ ☆☆☆ ☆☆☆ ☆☆
Telegram ☆☆☆ ☆☆☆ ☆☆ ☆☆
Snapchat ☆☆☆
WhatsApp ☆☆☆ ☆☆☆ ☆☆
Facebook Messenger ☆☆☆ ☆☆
iMessage ☆☆☆ ☆☆

Videoconference

No Metadata
storage
Transport
encryption
End-to-End
encryption
Security/
Code Audits
BigBlueButton ☆☆☆ ☆☆☆ ☆☆
Jitsi Meet ☆☆☆ ☆☆☆ ☆☆
Mumble ☆☆☆ ☆☆☆ ☆☆
Zoom ☆☆ ☆☆☆
Skype ☆☆☆
Hangouts ☆☆ ☆☆☆

Conclusion - recommended

Conclusion - recommended

Conclusion - not recommended

Conclusion

  • Security and sustainability often conflict with usability
  • The weighting should be adapted to your own preferences and the specific application

Summary

  • Use letter post but not telephone/fax/SMS
  • Careful selection of the e-mail provider and encryption are important
  • Instead of WhatsApp use the "alternative" Signal or Threema

Thanks for your interest

Slides: digiges.ch/slides/en/messenger.html

Website: www.digitale-gesellschaft.ch

Facebook: DigitaleGesellschaftSchweiz

Twitter: @digiges_ch

Digitale Gesellschaft
4000 Basel
Switzerland


IBAN CH15 0900 0000 6117 7451 1

CC by SA 4.0