11 January 2021 Security Tips Vlad

Secure messaging solutions (or not)

Sometimes it is necessary to do a risk assessment of the use of messaging applications, either to make a choice, to propose risk reduction measures, or just to understand the risks.

Rather than doing the analysis for you, which will depend on the contexts, here are some time-saving elements:

Quarkslab's famous charts that show the origins of applications, encryption, and the risks associated with the use of ads, third-party libraries, or dynamic code loading:

https://twitter.com/quarkslab/status/1126859484062736384

You also have this site which presents a little more in details the functioning of each application as well as some information concerning the companies: https://www.securemessagingapps.com/

The EFF has also published a guide (old and archived) presenting some other criteria like documentation, audit proofs...: https://www.eff.org/node/82654

The document is considered deprecated, but I haven't found an equivalent that is as readable on the other EFF site: https://ssd.eff.org/

Finally, for Telegram fans, here is the presentation at CCC 2018 detailing the tug of war between Russia and Telegram

Good study or analysis 😁