|
How safe is instant messaging? A security and privacy survey |
|
|
Written by Daniel
|
|
Monday, 09 June 2008 |
How safe is instant messaging? A security and privacy survey
Declan McCullagh
The number of interested parties eager to listen in on your online conversations, including what you type through instant messaging, has never been higher.
It's trivial to monitor unencrypted wireless networks and snatch IM passwords as they flow through the ether. Broadband providers and their business partners are enthusiastically peeking into their customers' conversations. A bipartisan majority in Congress has handed the FBI and shadowy government agencies greater surveillance authority than ever before.
The need, in other words, for secure IM communication has never been greater. But not all IM networks offer the same privacy and security. To chart the differences, CNET News.com surveyed companies providing popular IM services and asked them to answer the same 10 questions.
One focus was how secure the IM service was--in other words, does it protect users against eavesdropping? It's been 12 years since the introduction of ICQ in 1996, and 20 years since the Usenix paper (PDF) describing the Zephyr IM protocol that spread to MIT and Carnegie Mellon University. By now, encryption should be commonplace.
We found that only half of the services provide complete encryption: AOL Instant Messenger, Google Talk, IBM's Lotus Sametime, and Skype do. To their credit, not one service says it keeps logs of the content of users' communications (a certain lure for federal investigators or snoopy divorce attorneys). For connection logs, Microsoft alone said it keeps none at all--though Google and Skype said their logs were deleted after a short time. [C/Net news...] [Comments] |
