How to evaluate secure messengers and decide which one is for you

The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app — this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger.


Today's installment, Thinking About What You Need In A Secure Messenger is the best one yet, a clear, point-by-point way of thinking about why you're using a secure messenger and how that can inform your choice of which one to use.

I especially like the bit about the "hammer test" and the "puddle test."


Are you more worried about the possibility of losing your messages forever, or about someone else being able to read them? The “Puddle Test” reflects the first concern, and the “Hammer Test” reflects the second.

Messaging developers sometimes talk about the “Puddle Test”: If you accidentally dropped your phone in a Puddle and ruined it, would your messages be lost forever? Would you be able to recover them? Conversely, there’s the “Hammer Test”: If you and a contact intentionally took a Hammer to your phones or otherwise tried to delete all your messages, would they really be deleted? Would someone else be able to recover them?

There is a tension between these two potential situations: accidentally losing your messages, and intentionally deleting them. Is it more important to you that your messages be easy to recover if you accidentally lose them, or difficult to recover if you intentionally delete them?

If the hypothetical “Hammer Test” reflects your concerns, you may want to learn about a security property called forward secrecy. If an app is forward-secret, then you could delete all your messages and hand someone else your phone and they would not be able to recover them. Even if they had been surveilling you externally and managed to compromise the encryption keys protecting your messages, they still would not be able to read your past messages.

Cloud backups of your messages can throw a wrench in the “Hammer Test” described above. Backups help you pass the “Puddle Test,” but make it much harder to intentionally "hammer" your old messages out of existence. Apps that backup your messages unencrypted store a plaintext copy of your messages outside your device. An unencrypted copy like this can defeat the purpose of forward secrecy, and can stop your deleted messages from really being deleted. For people who are more worried about the “Puddle Test,” this can be a desirable feature. For others, it can be a serious danger.


Thinking About What You Need In A Secure Messenger
[Gennie Gebhart/EFF]