A new ranking of popular encrypted messaging programs finds the ones that are most effective at protecting users’ privacy
Ever since former National Security Agency consultant Edward Snowden revealed mass governmental surveillance, my inbox has been barraged with announcements about new encryption tools to keep people's communications safe from snooping.
But it's not easy to sort out hich secret messaging tools offer true security and which ones might be snake oil. So I turned to two experts — Joseph Bonneau at Princeton and Peter Eckersley at the Electronic Frontier Foundation — for advice about what to look for in encryption tools. Working together, we chose seven technical criteria on which to rank encryption tools.
The criteria aim to assess whether the tool is designed to combat threats such as backdoors secretly built into the software, Internet eavesdroppers, or tricksters who steal the secret "keys" that users must safeguard to keep their communications secure.
Check out the results of our review.
Keep in mind, even an unbreakable encryption tool can be circumvented by hackers or spies that secretly install software on a computer or phone that hijacks communications before it is encrypted.
And even the best encryption tools still don't do enough. All the tools require both people communicating to install software. And few tools provide much anonymity – so even if your messages are unreadable by anyone but you, your contact list could still be exposed. And many of the tools are run by rag-tag teams of volunteers, which could mean that they won't last.
Still, some tools scored highly enough that users can feel confident that they take encryption seriously. "It's important to realize we're mostly grading for effort here and not execution," said Bonneau. "We're still a long way from being able to state which confidence how much security apps are actually delivering."
One program that scored well was Cryptocat, a free chat program that can be installed in any Web browser and was famously used by journalist Glenn Greenwald while he was in Hong Kong meeting with Snowden. Nadim Kobeissi created Cryptocat in 2010 as an experiment when he was a 21-year-old student at Concordia University in Montreal. "It wasn't anything serious," Kobeissi told me.
But his tool won attention after it won a prize in a New York hackathon in 2012. Since then, he has raised about $150,000 in grants to help pay developers to work on improvements to the software. He funds his Web hosting bills through donations, and he pays himself by working as a software consultant and selling Cryptocat stickers and t-shirts. "It's been an uphill battle," he says. Being recognized as a secure tool, "is a huge deal."
A lineup of three cellphone apps from San Francisco-based Open Whisper Systems also received perfect scores: Signal, for making secure phone calls on iPhone; RedPhone for secure phone calls on Android; and TextSecure, for sending secure texts on Android. All the apps are free and relatively simple to use.
The company's Signal app also tries to give users' some anonymity by using a sophisticated system called a " bloom filter," that allows users to find each other without sharing their address books. "The contacts from your device are never transmitted anywhere," says Open Whisper Systems security expert Moxie Marlinspike.
A pricier option is available from a pair of highly ranked encryption apps for Android and iPhone, Silent Text and Silent Phone. The apps are free to install but users must sign up for a $9.95 monthly subscription service.
Mike Janke, CEO of Silent Circle, says that the only way to offer real privacy is to charge users. "It takes a lot of money to have a robust, always-on and high-quality service," he said. "Most free apps don't or cannot support this," without selling ads or user data.
"Our architecture, network and technology is built to not have any user data," he says. "You pay us for a service and a product with money, not with your data or through ad dollars."
Surprisingly, some popular encryption programs didn't fare well in the rankings. Gnu Privacy Guard, an often used email encryption program, fell short of the top score because it has not been audited and past communications can be compromised if the user's secret key is stolen (by theft of a laptop, for instance). Similarly, Apple's iMessage and FaceTime encrypted texting and video calling programs lost points because its software code is not open for public review.
Also, some tools that are popular in the press didn't fare well. Wickr, a cellphone encryption app that was recently profiled on CNBC, lost points for not disclosing its underlying code or its underlying cryptographic protocols, and for not having a way for users to verify each others' identity. Wickr said it is working toward publicly releasing a white paper that will disclose its protocols and is testing a new identity verification feature that it will release soon.
Similarly, Virtru, which was recently profiled in the New York Times, received low rankings because it stores user's "secret keys" at its own computers rather than on user's computers – requiring users to trust Virtru with access to their secret messages. Virtru says it is working on a way to allow users to store their keys on their own computer if they prefer.
One problem that remains thorny for many encryption apps is giving users a way to verify that they are sending secret messages to correct person.
That was an issue when one of Edward Snowden's lawyers, Jesslyn Radack, sent an encrypted e-mail to journalist Glenn Greenwald earlier this year asking if Snowden was going to appear at the Polk Awards. By mistake, she sent the email to the public key of someone masquerading as Greenwald, who then decrypted the message and made it public.
Radack could avoided her mishap by comparing the 'fingerprint' of the fake Greenwald key with the 'fingerprint' of the key that Greenwald publishes on The Intercept's website.
Eckersley said he hopes that the next generation of encryption apps can tackle the key verification problem. "It's like we have extremely trustworthy couriers to deliver our secret packages, but we don't always have a safe way to know what address to send them to," he said.
The market is highly overbought in the short term and will move sideways for a few days
On Monday, we had mentioned that Indian indices are currently highly overbought and although we see the indices moving higher further, it will be met with strong selling. The indices opened Wednesday with a gap up and reached to a new high at the beginning of the session. After moving in a range up to around 11.30am, it started moving lower. However, at around 1.30pm the indices witnessed an upward pull, which led S&P BSE Sensex to reach almost to the same high as it had at the beginning of the session while NSE’s CNX Nifty crossed the high level it hit in the morning session. Both the indices were unable to sustain at that level and gave up most of the intra-day gains but closed marginally higher.
Sensex opened at 27,907 while Nifty opened at 8,351. Sensex moved in the range of 27,858 and 28,010 while Nifty moved between 8,324 and 8,366. This is the fourth consecutive session of the indices to hit a new life time high.
Sensex closed at 27,916 (up 56 points or 0.20%), while Nifty closed at 8,338 (up 14 points or 0.17%). NSE recorded a volume of 112.78 crore shares. India VIX rose 0.13% to close at 13.7550.
Market was closed on Tuesday for Muharram. The market will remain closed on Thursday for Guru Nanak Jayanti.
Adjusted for seasonal factors, the headline HSBC India Services PMI Business Activity Index fell to 50 in October, from 51.6 in September. Despite rising for the sixth consecutive month, new work intakes in the Indian service sector increased at the weakest pace since May during October. Growth of employment in the Indian service sector also slowed in October. However the latest data indicated that service sector firms in India remained highly optimistic regarding prospects for activity growth in the coming year. Business sentiment was the strongest in the three months, with panellists commenting on anticipated improvements in demand and new marketing initiatives as key sources of optimism.
Finance Minister Arun Jaitley at World Economic Forum in New Delhi said that India is open to privatisation of certain loss-making public sector companies. He also said the government will soon unveil reforms for other natural resources sectors along the lines of coal block auctions. The government intends to open railways further to private investment, review tough land purchase rules and relax labour laws, Jaitley said, but insisted the government needed to build support for some of the measures.
The Finance Minister also expressed the hope that the long-pending and controversial Insurance Amendment Bill, that seeks to raise FDI in the sector from existing 26% to 49%, will get Parliament nod in the upcoming Winter Session.
Hexaware Technologies (9.89%) was the top gainer in ‘A’ group on the BSE. The stock also hit its 52-week high today. It posted a net profit of Rs80.21 crore for the September 2014 quarter while the same was at net profit of Rs86.08 crore for the September 2013 quarter. Revenue is Rs344.57 crore for September 2014 quarter while the same was at Rs267.17 crore for September 2013 quarter.
Ipca Lab (10.55%) was the top loser in ‘A’ group on the BSE. The stock hit its 52-week low today. Credit Suisse downgraded the stock to 'Underperform' from 'Neutral' and lowered its target price.
Three of the four bank stocks in Sensex 30-pack were among the top five gainers. Axis Bank (2.93%), SBI (2.24%) and ICICI Bank (1.84%) were among the top five gainers. Axis Bank and ICICI Bank hit their 52-week high today. HDFC Bank (0.25%) was also among the gainers in the pack, it also hit its 52-week high today.
Weak data from China pulled metal stocks lower in the Sensex 30 stock. Hindalco (4.10%), Sesa Sterlite (3.79%) and Tata Steel (2.29%) were among the top five losers.
US indices had a mixed closing on Tuesday.
US trade deficit jumped in September to the highest level since the late spring. The surprising spike in the trade deficit is likely to reduce third-quarter growth when the US government revises the report later this month.
St. Louis Fed President James Bullard yesterday said that the US economy is on track to grow at a 3% annual rate over the next 14 months, which should allow the Federal Reserve to move ahead with plans to hike short-term interest rates.
Except for Nikkei 225 (0.44%) and Straits Times (0.19%) all the other Asian indices closed in the red. Hang Seng (0.63%) was the top loser.
The HSBC China services purchasing managers index edged down to 52.9 in October from 53.5 in September, but most major components of the index remain solid, HSBC Holdings PLC said on Wednesday. A reading above 50 indicates month-on-month expansion while a level below that points to contraction.
European indices were trading in the green. US Futures too were trading higher.
The European Commission on Tuesday, 4 November 2014 cut its growth forecasts for the Eurozone and the European Union, citing the tensions in Ukraine and the Middle East along with a lack of investment. The commission said it now expects gross domestic product in the 18-country Eurozone to grow 0.8% in 2014, down from 1.2% growth it forecast this spring. In 2015, the Eurozone economy will likely grow 1.1%, also less than the 1.7% growth seen in the spring. In 2016, growth in the currency union will rise to 1.7%, the commission said.
The finance minister wants to sell sick PSUs to private companies. The question is who will buy a loss making company that even the government wants to get rid of?
Finance Minister Arun Jaitley on Wednesday said that the government could consider selling off some of the public sector units (PSUs) that were making losses. Jaitley feels that these sick units would be better off in private hands. His statement came at the World Economic Forum conference held in Delhi.
He said that the economy was in a pit and the recovery was the first priority, which is what the government has been doing. “India had fallen off the radar, now people have started looking at us,” he said.
When asked about the strategy to mobilise resources from foreign and domestic investors, the FM said that disinvestment of state-run units will continue, but the feeling is that there are some PSUs, which are lossmaking and are on the verge of closing, could do well in private hands. At present, these loss-making PSUs are getting support from the government but taxpayers cannot continue to support these PSUs, he added.
The big question regarding privatising loss-making PSUs is that why would a private company buy a sick unit when it would have to deal with labyrinthine regulatory and tax issues, in addition to the efforts needed to revive these loss-making companies.
Jaitley’s statement is also contradictory to the government’s initiative to use surplus cash of Maharatnas and Navratnas lying idle in banks to revive ailing PSUs. In September, the union government had formed a committee to study the proposal. The Committee headed by NTPC chairman Arup Roy was expected to submit its report in two months.
According to Heavy Industries and Public Enterprises Minister Anant Geete, there are 70 sick PSUs and 43 out of this can be revived by infusing surplus cash from profit making PSUs. He had said, “All the Maharatnas and Navratnas combined have a (cash) surplus of around Rs2 lakh crore which is lying idle in banks. We have given them a proposal to form a joint venture company which has equal equity share of all these cash rich companies.”
As of 31 March 2013, there were 277 central public sector enterprises (CPSEs) having aggregate investment of Rs8.51 lakh crore and turnover of Rs19.46 lakh crore. The total turnover of CPSEs has grown by about 6% and net profit has recorded a growth rate of about 17% from 2011-12 to 2012-13. These CPSEs contributed Rs1.63 lakh crore to central exchequer by way of excise duty, customs duty, corporate tax and dividend during FY2012-13.The foreign exchange earnings through export of goods and services has shown a growth of 8% in the same period. About 14 lakh people are employed in CPSEs.