The French government doesn't consider WhatsApp, signal or telegram secure enough, replaced by Olvid (Google translate link in post text)

Comments

• spiderkle@lemmy.ca ⁨6⁩ ⁨months⁩ ago

  Well that was the dumbest explanation ever, that’s basically just political pretext to give the government contract to some french company. Potentially there has been some lobbying going on.

  Signal doesn’t store it’s encryption/decryotion keys in the cloud, so you would need the devices and then you would still have to decrypt content if the user doesn’t give you access manually.

  To crack a 128-bit AES key, it would take 1 billion billion years with a current supercomputer. To crack a 256-bit AES key, it would take 2^255 / 2,117.8 trillion years on average.

  So until some amazing quantum computer comes along, this is pretty safe. Fuck Olvid.

  source

  • dotMonkey@lemmy.world ⁨6⁩ ⁨months⁩ ago

    I’m sure there are more attack vectors than that though

    source

    • themusicman@lemmy.world ⁨6⁩ ⁨months⁩ ago

      Exactly. “Security assuming nobody fucked up” isn’t enough

      source
• luthis@lemmy.nz ⁨6⁩ ⁨months⁩ ago

  I don’t know much but what I do know is when a government endorses a secure messaging service, it’s definitely not secure.

  source

  • bamboo@lemm.ee ⁨6⁩ ⁨months⁩ ago

    They’re using it themselves, not forcing citizens to use it. It’s when they force citizens to use an app they claim is secure that I am distrustful. I would assume their intentions are more pure when it’s their own state security rather than their citizens’ privacy.

    source
• sudoshakes@reddthat.com ⁨6⁩ ⁨months⁩ ago

  Not being able to inspect their code vs no passing are different things.

  source

  • lemmyvore@feddit.nl ⁨6⁩ ⁨months⁩ ago

    Are they? If you want an answer to the question “is this secure?” then not being able to examine the code should obviously disqualify it.

    source

    • sudoshakes@reddthat.com ⁨6⁩ ⁨months⁩ ago

      Sure it does, but that doesn’t make it bad.

      Open source code is not the only solution to secure communication.

      You can be extremely secure on closed source tools as well.

      If they found specific issues with Signal aside from not being allowed to freely inspect their code base, I suspect we would be hearing about it. Instead I don’t see specific security failings just hat it didn’t make the measure for their security software audit.

      As an example of something that is closed source and trusted:

      The software used to load data and debug the F-35 fighter jet.

      Pretty big problem for 16 countries if that isn’t secure… closed source. So much s you can’t even run tests against the device for loading data to the jet live. It’s a problem to sort out, but it’s an example of where highly important communication protocols are not open source and trusted by the governments of many countries.

      If their particular standard here was open source, ok, but they didn’t do anything to assure the version they inspected would be the only version used. In fact every release from that basement pair of programmers could inadvertently have a flaw in it, which this committee would not be reviewing in the code base for its members of parliament.

      source

      • -> View More Comments
• suckmyspez@lemmy.world ⁨6⁩ ⁨months⁩ ago

  It’s not open source…big no no for me 🤷‍♂️

  source

  • synapse1278@lemmy.world ⁨6⁩ ⁨months⁩ ago

    Looks like it is: github.com/olvid-io/olvid-android/blob/…/LICENSE

    source

    • suckmyspez@lemmy.world ⁨6⁩ ⁨months⁩ ago

      Yup I did see they were on GitHub but when I looked the iOS repository is months (and several releases) out of date.

      I’d expect an open source project to be working in public…not in private and updating their public repositories later down the line

      source

      • -> View More Comments
  • Rokk@feddit.uk ⁨6⁩ ⁨months⁩ ago

    I feel like for internal government communications you might not want it to be open source.

    Doesnt mean everyone else should want to use it.

    source
• merde@sh.itjust.works ⁨6⁩ ⁨months⁩ ago

  on one hand they are trying to illegalize encrypted messaging on the other they’re saying that it’s not secure? 😅

  source

  • Tibert@jlai.lu ⁨6⁩ ⁨months⁩ ago

    That is a European proposition, and not French at all. France can stand for or against that.

    source

    • noodlejetski@lemm.ee ⁨6⁩ ⁨months⁩ ago

      edri.org/…/8-december-case-why-is-encryption-on-t…

      source

      • -> View More Comments
    • merde@sh.itjust.works ⁨6⁩ ⁨months⁩ ago

      laquadrature.net/…/affaire-du-8-decembre-le-droit… laquadrature.net/…/affaire-du-8-decembre-le-chiff…

      source
• kalistia@sh.itjust.works ⁨6⁩ ⁨months⁩ ago

  They had Tchap that may be not perfect but is open source (based on matrix/element), hosted in France and already used by 400 000 ppl from the public services… Why pay for a new app? Don’t get it…

  source
• Tibert@jlai.lu ⁨6⁩ ⁨months⁩ ago

  Another article, much better and presents in more detail that Olvid was audited on an older version and chosen because it was French and they applied for it (French) numerama.com/…/1575168-pourquoi-les-ministres-von…

  source
• Kusimulkku@lemm.ee ⁨6⁩ ⁨months⁩ ago

  Olvid 26, rue Vignon 75009 Paris France

  Lmao big surprise.

  source
• merde@sh.itjust.works ⁨6⁩ ⁨months⁩ ago

  it’s not surprising to see this reaction after learning that their allies were spying on them through nsa

  source
• LWD@lemm.ee ⁨6⁩ ⁨months⁩ ago

  [deleted]

  source

  • topinambour_rex@lemmy.world ⁨6⁩ ⁨months⁩ ago

    Tchap is the messaging app made for the French gov.

    source
• merde@sh.itjust.works ⁨6⁩ ⁨months⁩ ago

  looks like you have to buy the paid version to make calls 🤷

  source