The Fight Over the EFF's Secure Messaging Scoreboard

← Back to Stories (view on slashdot.org)

The Fight Over the EFF's Secure Messaging Scoreboard

Posted by samzenpus on Wednesday November 5, 2014 @01:00PM from the making-the-grade dept.

blottsie writes The Electronic Frontier Foundation (EFF)'s new Secure Messaging Scorecard is designed to answer one important question: Which apps and tools actually keep your messages secure and safe from prying eyes? The results have been mixed. In the midst of many positive reactions from technology companies and users, the scorecard stoked a wave of criticism from several prominent figures in the security industry, who deemed the effort inaccurate, misleading, and vague."

15 of 63 comments (clear)

Min score:

Reason:

Sort:

Don't buy American. by Anonymous Coward · 2014-11-05 13:02 · Score: 2, Insightful

The simple answer: If it's from the USA, it can't be trusted.
1. Re:Don't buy American. by ArcadeMan · 2014-11-05 13:11 · Score: 2
  
  That means we can't trust any versions of Windows, OS X, iOS, Android. We also can't trust Firefox, Chrome, Safari, Internet Explorer.
  So what's left? No smartphone and Linux with Opera on your computer?
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
2. Re:Don't buy American. by Anonymous Coward · 2014-11-05 13:34 · Score: 3, Funny
  
  Linux is American - it is owned by Red Hat.
3. Re:Don't buy American. by AHuxley · 2014-11-05 13:42 · Score: 2
  
  A cpu thats been tested and an open OS on top.
  "How I do my computing"
  https://stallman.org/stallman-... has some ideas on that.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:Don't buy American. by disambiguated · 2014-11-05 17:07 · Score: 3, Insightful
  
  How are you going to test a CPU? Unless you analyze the circuits physically, how are you going to do that it doesn't allow privileged instructions in unprivledged code e.g. when r14=6368696e65736520, r15=6261636b646f6f72?
5. Re:Don't buy American. by disambiguated · 2014-11-05 18:19 · Score: 2
  
  You're right. They usually aren't, but unintentional vulnerabilities can be subtle. Intentional vulnerabilities can be subtle to the point of genius. If you're just casually reviewing code that isn't specifically known to be vulnerable, and especially if the vulnerability is intentional, it may never be discovered.
  
  This is why security sensitive functions need to be system code, not application code. System code, and hopefully coders, tend to get more scrutiny, have higher standards of quality, and have a more conservative approach in general. Repeating security functions in each application is insane.
Actual link to the EFF 'scorecard' by Wootery · 2014-11-05 13:10 · Score: 5, Informative

The actual 'scorecard' can be found here. No need to go to extremes and RTFA.
[Snarky comment about sloppy /. submissions.]
Criticism seems valid by Anonymous Coward · 2014-11-05 13:17 · Score: 2, Interesting

From the article:
"The EFF scorecard gives Skype two check marks for being encrypted in transit and encrypted so the provider can’t read it."
and then:
“There are always going to be difficult cases when you’re evaluating complex software,” EFF’s Eckersley said. “There are clear indications that the NSA intercepted Skype conversations. However, we don’t know if that was a break in the cryptography itself that would allow anyone to intercept, or if it was a compelled man-in-the-middle attack where Skype was made by authorities to give out fake keys to targets.”
This is indeed strange. It seems bazaar to give a product a check mark if the EFF don't actually know. Surely benefit of the doubt shouldn't apply in such cases. In any case why not have a question mark indicator for such cases. This might also encourage companies to provide better disclosure.
1. Re:Criticism seems valid by HiThere · 2014-11-05 13:36 · Score: 2
  
  Well, since everything is marked either checked or don't use, that's not unreasonable. Granted a more accurate marking would be to just not mark it those two times. Also, with the rating given nobody who is serious about security would use skype, so it's not like they're actually misleading anyone.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
2. Re:Criticism seems valid by wonkey_monkey · 2014-11-05 20:55 · Score: 2
  
  It seems bazaar
  Market up to a lack of common sense.
  
  --
  systemd is Roko's Basilisk.
3. Re:Criticism seems valid by Anonymous Coward · 2014-11-05 21:48 · Score: 2, Funny
  
  >It seems bazaar
  Reminds me of an Eric Raymond aticle: "The Cathedral and the Bizzare"
OpenPGP by DERoss · 2014-11-05 15:28 · Score: 2, Interesting

The scorecard gives negative marks for both PGP for Mac and PGP for Windows, for both "Are past comms secure if your keys are stolen?" and "Has the code been audited?" Both negative marks are quite wrong!!
Using the OpenPGP definition, decryption requires both a private key and a passphrase. If the private key is compromised but the passphrase remains safe, a file or message encrypted via OpenPGP cannot be decrypted. This depends, of course, on a lengthy passphrase that exists only in the user's head. My passphrase is over 20 characters long and contains upper-case and lower-case letters, spaces, and punctuation.
Older versions of PGP (a commercial implementation of OpenPGP) have indeed been audited. The source codes were made public. They were thoroughly examined by outsiders. And they were compiled and compared with the distributed binary code. I do not know if this is true of the latest versions, but the older versions contained no security vulnerabilities and still work quite well.
1. Re:OpenPGP by Carnildo · 2014-11-05 15:45 · Score: 2
  
  The scorecard gives negative marks for both PGP for Mac and PGP for Windows, for both "Are past comms secure if your keys are stolen?" and "Has the code been audited?" Both negative marks are quite wrong!!
  I don't know about the auditing, but the negative mark for "Are past comms secure if your keys are stolen?" is quite right. They're talking about forward secrecy, and PGP doesn't implement it. The basic idea of forward secrecy is that even if all the long-term secrets (passwords, keys, etc.) involved in a conversation are stolen, the person who stole them cannot go back and decrypt the encrypted messages.
  
  --
  "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
2. Re:OpenPGP by disambiguated · 2014-11-05 21:53 · Score: 4, Informative
  
  Found a nice simple explanation of how this works here. There is a secret somewhere that isn't compromised, but it is ephemeral and isn't ever stored anywhere or transmitted. So that's what you meant by "long term". It's very clever. Makes perfect sense now, but it's counterintuitive, at least to me.
  
  Anyway, thanks. I learned something new, which is why I still come to /.
But are the listings TRUE by SeaFox · 2014-11-05 15:50 · Score: 5, Interesting

Is the code is not open to independent review (as few of them are), is there any reason to trust the other listings? After all, we're trusting that when the maker says the software does not send messages in a way were they can intercept them, it's true, but we don't really know that to be the case.