Another article, much better and presents in more detail that Olvid was audited on an older version and chosen because it was French and they applied for it (French) https://www.numerama.com/tech/1575168-pourquoi-les-ministres-vont-devoir-renoncer-a-whatsapp-signal-et-telegram.html

Google translate link original post : https://www-lepoint-fr.translate.goog/high-tech-internet/les-ministres-francais-invites-a-desinstaller-whatsapp-signal-et-telegram-29-11-2023-2545099_47.php?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=fr&_x_tr_pto=wapp

The translation has some mistakes but good enough to understand the context.

Here is a short summary :

Olvid passed a 35d intrusion test by Anssi (French cybersecurity state organisation) experts or designated experts, with code examination without finding any security breach. Which is not the case of all other 3 messaging apps (either because they didn’t do any test, or because they didn’t pass).

This makes WhatsApp, signal and telegram unreliable for state security.

And so government members and ministerial offices will have to use Olvid or Tchap (French state in house messaging app).

More detail in the article.

  • Tibert@jlai.luOP
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Well let’s give some counter examples in the softwares I mentioned :

    • WhatsApp closed : Owned by Facebook. Well Facebook had multiple data leaks, privacy violations and nothing substantial was done about it. Definitely not trustable (also zero days are getting sold on the black market for WhatsApp (https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/ ).

    • Telegram closed : not end to end encrypted. Russian app. Not trustable.

    • Signal open : well this one is e to e encrypted. Open source, maybe could be trusted. Seems to have passed some security audits (https://community.signalusers.org/t/overview-of-third-party-security-audits/13243), tho it’s based in the US and uses servers, maybe the US may have super computers capable of decrypting such communications. However is signal has switched their encryption to quantum computer resistance it may be too hard even for a state actor. However they also “debunked”/ignored zero-day reports which were not reported through their own tool, and by asking the US for confirmation. I am not sure if the US can be trusted to give confirmation about the existance or not of vulnerabilities when they are very likely to use them (https://thehackernews.com/2023/10/signal-debunks-zero-day-vulnerability.html?m=1).

    • Olvid open (servers closed) : is French, e to e, and backed up by an encryption PhD. And why not use a local messaging app witch also is very secure and open source.

    Notice how closed source is untrusted here. The economic activity of the tool changes how trustable it is. Military équipement has a huge and strict budget, it has to be secure.

    Communication apps are user first. So they do what they can get away with, and that is very true for Facebook.

    • jetA
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      I had no idea o l v i d was open source, since you mentioned it I googled and I found their repo, it’s not mentioned on the English web page

      https://github.com/olvid-io/olvid-android

      AGPLv3 … nice

      Client only source, just like telegram, no server side source.