Facebook IM Chat: “Least Secure”

Facebook IM Chat: Least SecureWith more and more online chatters using wireless instant messaging for both personal and business use, it’s not surprising that dodgy types are queuing up to try and eavesdrop on the conversation.

With more users helping themselves to free unencrypted wireless networks in cafes, libraries etc, it’s easier than ever to grab IM passwords as they whizz through the air, IM security is becoming a growing issue.

CNet have just conducted their own survey of popular services, firing off questionnaires to the big providers about their own security provisions.

They found that only half of the services provide complete encryption, and these were AOL Instant Messenger, Google Talk, IBM’s Lotus Sametime and Skype. See the CNet article for a full run down of each IM client’s performance.

None of the services retained logs of the content of users’ communications, and Microsoft was the only company to keep no connection logs at all, although Google and Skype maintained that such logs were dumped after a short time.

Facebook IM Chat: Least SecureFreeloading folks helping themselves to open wireless connection were found to be particularly at risk, with traffic analysis tools like dSniff letting nefarious lurkers listen in to unencrypted IM communications streams with ease.

Although poor IM encryption can be barely better than no unencrypted IM communications streams, the survey found that Jabber was worthy of commendation for using open standards set by the Internet Engineering Task Force.

The system uses encryption both to log on and to protect conversations once a connection is established, with users able
to set up their own Jabber servers with personalised configurations.

Google adopted the technology for Google Talk, with Apple’s iChat, Adium (OS X), Trillian Pro (with a plug-in), and Psi also support Jabber.

Facebook Chat was found to be the least secure and ‘privacy-protective’ of the lot, with CNet discovering that both conversations and the logging in processed were untroubled by encryption, leaving users passwords wide open to be grabbed.

However, a post on the Facebook Developers Blog said the company is currently building a Jabber/XMPP interface for Facebook Chat.