Does your mobile messaging app use strong end-to-end encryption by default when communicating with your friends?
Strong =
- Allows for key verification
- Uses up-to-date encryption protocols
- Forward secrecy, usually through OTR or ratcheting
End-to-end =
- Messages can't be decrypted by an intermediate server
- Messages aren't stored in plaintext by an intermediate server
Default =
- E2E encryption is automatically on for all messaging methods
- The user does not need to activate E2E encryption on first use
- Offering an optional "private" or "incognito" mode doesn't count
TODO:
- Find a good technical / operational analysis of ChatSecure.
- Make a nifty chart that shows the attributes of each app.
- Do apps use certificate pinning?
- Do apps encrypt local storage of messages?
This project is maintained by @SecureUtah. Please submit issues there: https://github.com/secureutah/defaultornot