Security of Messengers

Overview of the
security of Messengers

7. Mai 2020, Kire

(translated by Panos)

Digitale Gesellschaft
Digital Society

A non-profit organisation that provides information and advice on consumer and legal issues in the digital space, assesses technology impacts with regard to possible effects on basic and human rights and offers services, software projects and workshops on "digital self-defense".

Digitale Gesellschaft fights for our rights of freedom in a networked world.

Where is the danger?
Evaluation criteria
Letter post, Fax und Telephone
E-Mail and Messenger
Videoconference
Conclusion & Summary

Where is the danger?

Access to communication's content

Discussion, Fax, Mail
Deep interference with fundamental rights
Although complex to analyse

Where is the danger?

Access to Metadata

Who, when, where, with whom, how long
Network of relationships, movement profile
Simple to analyse by machines

Where is the danger?

Access by law enforcement authorities
Analysis by secret services
Data usage by service providers
Data is stolen

Where is the danger?

When the law and the constitution can no longer guarantee our rights to privacy, protection of sources, and professional secrets, encryption helps

Product comparison

Evaluated at the end of 2016
Detailed comparison

Evaluation criteria I

No storage of metadata
Transport encryption
End-to-End encryption
Security/Code audits
Optional Identification
No address book upload/access

Evaluation criteria II

Open Standards
Open Source Software
Decentralized Architecture
User friendly

Post, Fax and Telephone

	No Metadata storage	Transport encryption	End-to-End encryption	Security/ Code Audits
Post	☆☆	☆☆☆	☆☆	☆
Fax	☆	☆☆	☆	☆
Fix telephone	☆	☆☆	☆	☆
Mobile telephone	☆	☆☆	☆	☆
SMS	☆	☆☆	☆	☆

E-Mail

	No Metadata storage	Transport encryption	End-to-End encryption	Security/ Code Audits
Email with GnuPG	☆☆	☆☆	☆☆☆	☆☆
Email with S/MIME	☆☆	☆☆	☆☆☆	☆☆
Email	☆☆	☆☆	☆	☆☆
ProtonMail	☆☆	☆☆☆	☆☆	☆☆

Messenger

	No Metadata storage	Transport encryption	End-to-End encryption	Security/ Code Audits
Jabber/XMPP with OTR or OMEMO	☆☆☆	☆☆	☆☆☆	☆☆☆
Signal	☆☆☆	☆☆☆	☆☆☆	☆☆☆
Threema	☆☆	☆☆☆	☆☆☆	☆☆☆
Matrix	☆☆☆	☆☆☆	☆☆	☆☆
Wire	☆☆	☆☆☆	☆☆☆	☆☆
Telegram	☆☆☆	☆☆☆	☆☆	☆☆
Snapchat	☆	☆☆☆	☆	☆
WhatsApp	☆	☆☆☆	☆☆☆	☆☆
Facebook Messenger	☆	☆☆☆	☆☆	☆
iMessage	☆	☆☆☆	☆☆	☆

Videoconference

	No Metadata storage	Transport encryption	End-to-End encryption	Security/ Code Audits
BigBlueButton	☆☆☆	☆☆☆	☆	☆☆
Jitsi Meet	☆☆☆	☆☆☆	☆	☆☆
Mumble	☆☆☆	☆☆☆	☆	☆☆
Zoom	☆☆	☆☆☆	☆	☆
Skype	☆	☆☆☆	☆	☆
Hangouts	☆☆	☆☆☆	☆	☆

Conclusion - recommended

E-Mail with GnuPG or S/MIME

Careful selection of mail provider is important

Data retention
Transport encryption
Example: posteo.de or mailbox.org

Conclusion - recommended

Signal and Threema
Jabber/XMPP with OTR or OMEMO
Promising: Riot/Matrix
Video-conferences: BigBlueButton

Conclusion - not recommended

Mobile telephone and SMS
WhatsApp
iMessage
Skype
all others under test

Conclusion

Security and sustainability often conflict with usability
The weighting should be adapted to your own preferences and the specific application

Summary

Use letter post but not telephone/fax/SMS
Careful selection of the e-mail provider and encryption are important
Instead of WhatsApp use the "alternative" Signal or Threema

Thanks for your interest

Slides: digiges.ch/slides/en/messenger.html

Website: www.digitale-gesellschaft.ch

Facebook: DigitaleGesellschaftSchweiz

Twitter: @digiges_ch

Digitale Gesellschaft
4000 Basel
Switzerland

IBAN CH15 0900 0000 6117 7451 1

Overview of the security of Messengers

Digitale Gesellschaft Digital Society

Contents

Where is the danger?

Where is the danger?

Where is the danger?

Where is the danger?

Product comparison

Evaluation criteria I

Evaluation criteria II

Post, Fax and Telephone

E-Mail

Messenger

Videoconference

Conclusion - recommended

Conclusion - recommended

Conclusion - not recommended

Conclusion

Summary

Thanks for your interest

Overview of the
security of Messengers

Digitale Gesellschaft
Digital Society