{"id":5165,"date":"2015-11-20T05:53:29","date_gmt":"2015-11-20T10:53:29","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5165"},"modified":"2020-02-26T18:59:56","modified_gmt":"2020-02-26T14:59:56","slug":"private-data-messengers","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/private-data-messengers\/5165\/","title":{"rendered":"Are your secrets safe on your messenger apps?"},"content":{"rendered":"<p>What is the best channel to exchange private information on? Or even better, what channels should you avoid using for this type of sharing?<\/p>\n<p>It goes without saying that it\u2019s a bad idea to use insecure means of communication. However, this happens every day by many of us without a second thought or consideration of consequence.<\/p>\n<p>Recent\u00a0<a href=\"https:\/\/press.kaspersky.com\/files\/2015\/08\/Kaspersky_Lab_Consumer_Security_Risks_Survey_2015_ENG.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">research<\/a>, commissioned by Kaspersky Lab and conducted by B2B International, showed that 62% of respondents don\u2019t think online messengers are secure, 61% don\u2019t trust VoIP services and 60% don\u2019t feel protected when conversing in a video chat. At the same time, 37% of participants prefer online messengers, 25% are into social network messengers and 15% frequently use VoIP.<\/p>\n<p>Besides, 17% of users employ electronic means of communication to exchange private and critical data. It would be useful to find out how many of them actually saw their data exposed online, yet the stats did not cover this information.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/IFA15?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#IFA15<\/a>: 77% of all users wish to have protection from tracking their privacy Information. <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/kaspersky?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#kaspersky<\/a> <a href=\"http:\/\/t.co\/jXiOE13h18\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/jXiOE13h18<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/639390302650920960?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 3, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The skeptical treatment messengers receive from so many users is totally justified.\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/11_unsecure_messengers\/6806\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Research<\/a>\u00a0by Electronic Frontier Foundation (EFF) showed that the majority of popular messengers do not boast high security levels.<\/p>\n<p>The highest score a secure messenger could get was seven points. Unfortunately, Skype, AIM and Blackberry Messenger attained merely one point, whereas Viber, Google Hangouts, Facebook Messenger and Snapchat scored as high as just two points.<\/p>\n<p>The ubiquitous WhatsApp was also awarded only two points, but there is a possibility that this messenger will finally do its homework and soon get a higher scope for the reliability of encryption \u2013 after a protocol by Open Whisper Systems becomes fully supported by WhatsApp.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">11 Unsecure Mobile and Internet Messaging Apps <a href=\"https:\/\/t.co\/ijXhbsZEp3\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/ijXhbsZEp3<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"http:\/\/t.co\/0BEAH3cFAV\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/0BEAH3cFAV<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/535772296154476544?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 21, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>All of the above messengers do encrypt communication, yet none of them changes encryption keys or verifies the interlocutor\u2019s identity. Moreover, developers in the companies are, in fact, able to read your private correspondence. Also, due to the proprietary nature of the code, the vulnerabilities can be discovered and patched only by the company\u2019s staff \u2013 all of these factors were considered during the assessment by EFF.<\/p>\n<p>Of all relevantly popular messengers, only two were found to be acceptably secure: Apple iMessage, which scored four points and Telegram with the result of five points. As for Telegram developers, they seem to have started to read users\u2019 correspondence and block undesirable channels (those alleged to have ties to\u00a0<a href=\"http:\/\/www.wired.co.uk\/news\/archive\/2015-11\/19\/telegram-isis-islamic-state-block-propaganda-messages\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">terrorist organizations<\/a>).<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Is Microsoft reading your Skype instant messages? <a href=\"http:\/\/t.co\/7wd7wks1qn\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/7wd7wks1qn<\/a><\/p>\n<p>\u2014 ZDNET (@ZDNET) <a href=\"https:\/\/twitter.com\/ZDNET\/status\/334458867406737410?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 15, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There is only one popular and at the same time relevantly secure videochatting app \u2013 Apple Facetime, which scored four points.<\/p>\n<p>So does that mean there is simply no such thing as a truly secure messenger? Well, there are a handful of them, but they are not heavily used. Have you heard of Chatsecure, CryptoCat, Signal or SilentText? Probably not, but they were the champions of EFF\u2019s rating. Some other messengers, which are equally \u2018popular,\u201d like OTR messages by Adium and Pidgin, as well as Retroshare and Subrosa, scored six points.<\/p>\n<p>Secure VoIP services are also real: they are RedPhone and Silent Phone, which scored the maximum, and Jitsi, which scored six.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">9 mobile and Internet messaging services offering strong <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> controls <a href=\"https:\/\/t.co\/30xBpa0kSb\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/30xBpa0kSb<\/a> <a href=\"http:\/\/t.co\/GWm1XtGFs3\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/GWm1XtGFs3<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/533667115019296771?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 15, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A truly secure messenger does not resort to encryption alone. Such programs are using dynamic encryption keys, so an adversary is not able to compromise correspondence with intercepted keys. Also, it\u2019s an advantage if the messenger relies on the open-source code, essentially allowing the user community to identify bugs and vulnerabilities and fix those issues. Besides, this way the service developers are not able to access the private messages, what in fact makes the correspondence \u2018private\u2019 by design.<\/p>\n<p>So, if you decided to share something very secret over an online messenger, we suggest you urge your interlocutor to use those, which are less popular yet more secure.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Are #messengers able to keep secrets? #Internet #security #privacy<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FH37Z&amp;text=Are+%23messengers+able+to+keep+secrets%3F+%23Internet+%23security+%23privacy\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>In general, the use of messengers proves that people are very lax about their own privacy. The absolute majority of people prefer to stick to a more familiar and convenient option regardless of the level of security and privacy it guarantees. It\u2019s just the same with people who cross the road wherever they feel convenient, not bothering to use a designated pedestrian crossing.<\/p>\n<p>If you want to know whether your actions online expose you to threats or, vice versa, serve to protect your online life, take the\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/cyber-savvy-quiz\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">quiz<\/a>\u00a0to find out how cybersavvy you are. You might be very surprised with the results!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is the best channel to exchange private information on? Or even better, what channels should you avoid using for this type of sharing? It goes without saying that it\u2019s<\/p>\n","protected":false},"author":675,"featured_media":5166,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1012,923,43,97],"class_list":{"0":"post-5165","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-internet","9":"tag-messenger","10":"tag-privacy","11":"tag-security-2"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/private-data-messengers\/5165\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/private-data-messengers\/3617\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/private-data-messengers\/6313\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/private-data-messengers\/6469\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/private-data-messengers\/6393\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/private-data-messengers\/7263\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/private-data-messengers\/9835\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/private-data-messengers\/10611\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/private-data-messengers\/5035\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/private-data-messengers\/5810\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/private-data-messengers\/9650\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/private-data-messengers\/9835\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/private-data-messengers\/10611\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/private-data-messengers\/10611\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/internet\/","name":"internet"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5165"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5165\/revisions"}],"predecessor-version":[{"id":16013,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5165\/revisions\/16013"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5166"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}