the entire government will be using [Olvid], the world's most secure instant messaging system," French digital minister Jean-Noël Barrot confirmed on X.
Clearly they're very discerning when it comes to their choice of communication apps. 🙄
From their Google play store page:
"Olvid is the first private instant messaging application for everyone."
At least it's open source, so we should know soon enough how it compares to Signal
the client is open source. but the server? not so much.
in any case, if security is the concern... they should probably switch to a government-built system that only runs on gooberment devices. Will it be shitty? absolutely. But data is owned by whoever has the hardware it sits on. if it's not your device its not your data.
No trust in servers
Persistent security even in case of a compromised server
From Olvid website
They are advertising the fact that the security does not depend on the server.
I don't know what is worth.
Also it's developed by a French company, I think this is the main argument for the French government, they want to have options that does not rely on US companies.
Without the server-side code there’s no way to validate that. (This is the reason open source is preferred.)
It’s definitely being selected because it’s French. (And has all the buzzwords,)
You've misunderstood. With the client code you can be sure that your messages are properly encrypted before leaving the device. If that's done correctly, you don't need to trust the server, because it can't read your messages just like some attacker couldn't. Signal is pretty similar, they didn't update the public server source for a few years, and even with the source, we can't know that that is what they're actually running. But with a verified build of the client code we can know that our messages are encrypted such that, even if they held on to them until quantum computers became mainstream, they'd still be properly protected.
the server can store metadata though. who you're texting, when, how often, etc. - and store that indefinitely. or even store the encrypted message, and when a flaw in the encryption is discovered 10 years later, they're all readable. their servers could be breached and that info could be siphoned by criminals selling it to the highest bidder.
signals blog had an interesting post about what they're doing to prevent these issues
You’ve misunderstood. With the client code you can be sure that your messages are properly encrypted before leaving the device. If that’s done correctly, you don’t need to trust the server, because it can’t read your messages just like some attacker couldn’t.
It kind of depends on how keys are handled. If the key passes through their servers at all (and it probably does,) then they have access to the keys and sufficient information to decrypt it. it's possible the app does send keys independent of their server- I don't know- but I very much doubt it. if they were capable of sending keys without a server, chances are very good they don't actually need the server for the messages themselves. (which would then ask why they do have a server.)
But with a verified build of the client code we can know that our messages are encrypted such that, even if they held on to them until quantum computers became mainstream, they’d still be properly protected.
Assuming they don't have the keys. This is not a valid assumption so far as I'm aware.
It should most definitely be a valid assumption.
If the key passes through their servers at all (and it probably does,) then they have access to the keys and sufficient information to decrypt it. it's possible the app does send keys independent of their server- I don't know- but I very much doubt it.
The keys shouldn't be on or go through a server anywhere, that would be an absolute joke.
What makes you think that private keys are being sent anywhere? This app uses a slightly modified version of the Signal protocol (because of course it does), as they describe here, section 27, page 90. Only public keys should ever leave your device, otherwise no amount of showing the code would make it secure. That's the whole point.
Again, with the client code you should be able to tell that the keys are generated there and not sent anywhere.
As I said, with any app, just because they publish some server code does not mean that that's what they're running on their server - for security you have to be sure that the app is sufficiently secure on its own. Even if they were running the exact public code that "didn't save the keys" the server could harvest them from memory.
Again, with the client code you should be able to tell that the keys are generated there and not sent anywhere
then no one- including the intended recipient- can decode them without that physical device. kinda defeats the point of a messenger service. The codes have to be sent somehow. Either it's sent along their servers, or the recipient's device directly.
I really don't care to get into it. Just know that if you're using a generic, stock device... any message you send should be considered compromised. depending on the app, and the device in question, it may (but not necessarily) require physical access to the device. but, by it's very nature, the messenger service meant to be decoded and read. it is fundamentally permissive in nature.
Is it secure enough for France's needs? Probably. does it mean it's the best? Probably not.
You seem to be a bit confused about how asymmetric encryption works. There is no need for private keys to be transmitted for a messaging service to work. I encourage you to read about the difference between public and private keys in asymmetric encryption. They are generated in pairs, such that when something is encrypted using a public key, it can only be decrypted using the corresponding private key. So it's not correct to say that the message can't be decrypted by the intended recipient - they are in fact the only party who can, but even the sender can not.
Only the client. Though that's probably enough to make sure messages leave your device suitably encrypted. Depending on the algos it could be quite vulnerable to hndl attacks, though, or (less likely) any undiscovered backdoors in the implementations. Of course, even for Signal one has to trust they're using the public server code anyway, but at least we know they're folding in a quantum-resistant algo.
That thing has some of the most verbose documentation I've ever seen. Stuff that should be a paragraph takes multiple pages.
They’ve gone in on matrix pretty hard at this point
Simplex is promising, but not ready for primetime.
On my divest OS phone it doesn't even run. Just launches and dies.
Contact Discovery is still a big issue, simple x doesn't have a solution for that yet. You have to do out of band manual addition of your contacts.
No Contact Discovery is a feature for me.
Interesting it does not work on your device, I have tried it on a few different phones and have not had any issues. My friends are of course using it as well, all on different devices.
WRT Contact Discovery, if your a large organization like... the french government, you want your people to be able to communicate with each other, so they need to solve contact discovery if you really want them to adopt and use simplex for their communication.
Is it French?
It can be can be, some French person just have to fork it.
French here. It is all about the IT sovereignty (souveraineté numérique). The idea is to use French solutions in order to limit leaks if confidential information and dealing with other country without worrying about threat of limiting, stopping critical services. Also it is easier to apply EU laws like GPDR.
That is why all the French private company dealing with sensitive information (military, cyber security..) are only using French solutions.
I get it, but I just don't get why wouldn't they just follow other govs' steps and just set up a matrix server instead. It's already available and proven.
💶 Money.
French companies will now get contracts and profit off of taxpayer dollars.
That’s good. Domestic spending is the best way for a government to stimulate the economy.
It's not good if it doesn't result in a better deal for the public.
How is this a bad deal for the public? Tax dollars go directly to the local market and the only people who have to change their behavior are those voluntarily seeking employment in the government.
It’s a complete win.
Because sometimes that only results in worse features with more overhead. Not everything is interchangeable with the press of one button.
The harm is negligible and the benefit massive. This is an obvious win for the French people.
You have no idea how complex it is to develop E2EE software. At least they could go with self hosted Matrix (in fact they already do in some departments!). Matrix is even designed to be extensible!
Because they could be paying more money for a worse product or service.
It's not beneficial to take a worse deal just because you're making domestic people richer instead of foreign ones.
That's actually what they're doing. They built their own messenger based on Matrix.
Yeah I mean you’re not exactly shedding some deep insight here, it’s very obviously that. While there’s merit to banning WhatsApp, it’s just foolish to ban signal. It’s the best in class for a reason, and it’s open source. France should devote resources to auditing and supporting signal if they really want to throw money to developing secure software.
You say it is obvious but yet you still talking about using Signal.
The logic is simple, is it French ? Yes, ok we can use it if it is secure. No, we won't use it.
I am not endorsing this logic, this is just the logic the politician are using. So no, financing Signal won't be a solution here.
And of course what is the simplest way to spy your citizens, control the main way of communication.
Why is it that signal users are so... obsessive? it's just an encrypted messaging app. Not the second coming of christ.
What security vulnerabilities does Signal have? I implore them to find a more secure messenger.
Edit: Apparently they're using Olvid. Claims to be the most secure messenger. Only the clients are open source, not the server code and they're using a whole different algorithm. I seriously don't understand why they don't just partner with Signal, bet these guys don't even have Signal's level of quantum resistant encryption.
Olvid is French and Signal isn't, which seems to be très important.
Plus for the French Government it's easier to twist arms in France than in Switzerland.
Plot twist: maybe whatsapp, signal and telegram are harder to hack, maybe olvid has back doors that allows them snoop on each other 🤔
(am only half joking 😉)
I think that it has to do with GDPR. Signal has servers outside the jurisdiction of France or the EU. This app probably not.
Not that I agree though. Signal would be a better option.
It's a really big problem for ministers using private messaging services. All of this is supposed to either be public domain or secret. If it's labelled as Secret it should be officially secret, not just "we didn't tell anyone about it".
Accountability and transparency are cornerstones of democracy.
How about GApps tho?
You know, the piece of spyware Google embeds in Android's system partition?
FYI:
Private open source alternative to it,
is MicroG
Micro g is still downloads Google proprietary blobs and runs those. So it is not open source so much as it's an open source launcher of Google's proprietary software. It's an interesting improvement, but it does not a panacea it does not fix the issues
Are you sure? I thought that what you describe is what packages suck as NikGapps did, while MicroG is a reimplementation of the code. It does call Google webservers, but it doesn't run Google's blobs (which is also why it's severely limited/fragile compared to packages that run them)
MicroG reverse engineered,
and re-written as much as possible from GApps libraries, from the ground up, as open source software.
These re-implementations are as light weight and privacy respecting as possible on your local device,
however the same does not count for the Google servers it communicates with (if you choose to enable them).
For SafetyNet attestation, a proprietary, isolated, DroidGuard blob is downloaded (if you choose to enable it).
I see the graphene OS community says micro g downloads binaries from Google.
I did a couple minutes of looking at the micro g website, and the wiki, and I don't see anything that says they aren't downloading extra components from Google. So I'm not sure.
....
It seems I was confusing OpenG apps, which does download proprietary bits, and micro g which apparently does not download proprietary bits
The thing that comes with lineage OS by default is OpenG apps.
I believe microG still use Google's services, at very least it connects to supl.google.com
What they really mean is that they're having trouble reading the messages on signal so please stop
I mean, any program you didn't make isn't truly secure from your POV, that's all there is to it. And since this affects their governmental employees only it's more than reasonable.
Is that all there is to it? Signal is open source. If they wanted to be extra paranoid they could take and maintain their own branch but that's a bit silly. Building your own is almost certainly the least secure option
What's wrong with XMPP? I've been using it for many years, it's by far been the greatest experience and it has OMEMO encryption.
ios apps are all really, really shit.
This is the best summary I could come up with:
French Prime Minister Élisabeth Borne has banned widely used messaging applications WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo seen by POLITICO.
Borne set a deadline of December 8 for the government to switch to using the French app Olvid instead, which is certified by France's cybersecurity agency ANSSI.
Tchap, the government-developed secure messaging and collaboration app, launched in 2019, is also allowed.
In December, the entire government will be using [Olvid], the world's most secure instant messaging system," French digital minister Jean-Noël Barrot confirmed on X.
The government previously ordered civil servants to remove all types of social media platforms, gaming and video-streaming apps — including TikTok, CandyCrush and Netflix — from their work devices over cybersecurity and privacy concerns.
This article was updated to include details on the memo seen by POLITICO.
The original article contains 193 words, the summary contains 143 words. Saved 26%. I'm a bot and I'm open source!
Aren't they already using their own version of Matrix for IM comms?
Clearly they're very discerning when it comes to their choice of communication apps. 🙄
From their Google play store page: "Olvid is the first private instant messaging application for everyone."
https://github.com/olvid-io
At least it's open source, so we should know soon enough how it compares to Signal
the client is open source. but the server? not so much.
in any case, if security is the concern... they should probably switch to a government-built system that only runs on gooberment devices. Will it be shitty? absolutely. But data is owned by whoever has the hardware it sits on. if it's not your device its not your data.
From Olvid website
They are advertising the fact that the security does not depend on the server.
I don't know what is worth.
Also it's developed by a French company, I think this is the main argument for the French government, they want to have options that does not rely on US companies.
Without the server-side code there’s no way to validate that. (This is the reason open source is preferred.)
It’s definitely being selected because it’s French. (And has all the buzzwords,)
You've misunderstood. With the client code you can be sure that your messages are properly encrypted before leaving the device. If that's done correctly, you don't need to trust the server, because it can't read your messages just like some attacker couldn't. Signal is pretty similar, they didn't update the public server source for a few years, and even with the source, we can't know that that is what they're actually running. But with a verified build of the client code we can know that our messages are encrypted such that, even if they held on to them until quantum computers became mainstream, they'd still be properly protected.
the server can store metadata though. who you're texting, when, how often, etc. - and store that indefinitely. or even store the encrypted message, and when a flaw in the encryption is discovered 10 years later, they're all readable. their servers could be breached and that info could be siphoned by criminals selling it to the highest bidder.
signals blog had an interesting post about what they're doing to prevent these issues
It kind of depends on how keys are handled. If the key passes through their servers at all (and it probably does,) then they have access to the keys and sufficient information to decrypt it. it's possible the app does send keys independent of their server- I don't know- but I very much doubt it. if they were capable of sending keys without a server, chances are very good they don't actually need the server for the messages themselves. (which would then ask why they do have a server.)
Assuming they don't have the keys. This is not a valid assumption so far as I'm aware.
It should most definitely be a valid assumption.
The keys shouldn't be on or go through a server anywhere, that would be an absolute joke.
What makes you think that private keys are being sent anywhere? This app uses a slightly modified version of the Signal protocol (because of course it does), as they describe here, section 27, page 90. Only public keys should ever leave your device, otherwise no amount of showing the code would make it secure. That's the whole point.
Again, with the client code you should be able to tell that the keys are generated there and not sent anywhere.
As I said, with any app, just because they publish some server code does not mean that that's what they're running on their server - for security you have to be sure that the app is sufficiently secure on its own. Even if they were running the exact public code that "didn't save the keys" the server could harvest them from memory.
then no one- including the intended recipient- can decode them without that physical device. kinda defeats the point of a messenger service. The codes have to be sent somehow. Either it's sent along their servers, or the recipient's device directly.
I really don't care to get into it. Just know that if you're using a generic, stock device... any message you send should be considered compromised. depending on the app, and the device in question, it may (but not necessarily) require physical access to the device. but, by it's very nature, the messenger service meant to be decoded and read. it is fundamentally permissive in nature.
Is it secure enough for France's needs? Probably. does it mean it's the best? Probably not.
You seem to be a bit confused about how asymmetric encryption works. There is no need for private keys to be transmitted for a messaging service to work. I encourage you to read about the difference between public and private keys in asymmetric encryption. They are generated in pairs, such that when something is encrypted using a public key, it can only be decrypted using the corresponding private key. So it's not correct to say that the message can't be decrypted by the intended recipient - they are in fact the only party who can, but even the sender can not.
Jack-shit without evidence and demonstrations.
Only the client. Though that's probably enough to make sure messages leave your device suitably encrypted. Depending on the algos it could be quite vulnerable to hndl attacks, though, or (less likely) any undiscovered backdoors in the implementations. Of course, even for Signal one has to trust they're using the public server code anyway, but at least we know they're folding in a quantum-resistant algo.
That thing has some of the most verbose documentation I've ever seen. Stuff that should be a paragraph takes multiple pages.
Why dont they use SimpleX?
They’ve gone in on matrix pretty hard at this point
Simplex is promising, but not ready for primetime.
On my divest OS phone it doesn't even run. Just launches and dies.
Contact Discovery is still a big issue, simple x doesn't have a solution for that yet. You have to do out of band manual addition of your contacts.
No Contact Discovery is a feature for me.
Interesting it does not work on your device, I have tried it on a few different phones and have not had any issues. My friends are of course using it as well, all on different devices.
https://github.com/simplex-chat/simplex-chat/issues/3184
Appears to be a known issue
WRT Contact Discovery, if your a large organization like... the french government, you want your people to be able to communicate with each other, so they need to solve contact discovery if you really want them to adopt and use simplex for their communication.
Is it French?
It can be can be, some French person just have to fork it.
French here. It is all about the IT sovereignty (souveraineté numérique). The idea is to use French solutions in order to limit leaks if confidential information and dealing with other country without worrying about threat of limiting, stopping critical services. Also it is easier to apply EU laws like GPDR. That is why all the French private company dealing with sensitive information (military, cyber security..) are only using French solutions.
I get it, but I just don't get why wouldn't they just follow other govs' steps and just set up a matrix server instead. It's already available and proven.
💶 Money.
French companies will now get contracts and profit off of taxpayer dollars.
That’s good. Domestic spending is the best way for a government to stimulate the economy.
It's not good if it doesn't result in a better deal for the public.
How is this a bad deal for the public? Tax dollars go directly to the local market and the only people who have to change their behavior are those voluntarily seeking employment in the government.
It’s a complete win.
Because sometimes that only results in worse features with more overhead. Not everything is interchangeable with the press of one button.
The harm is negligible and the benefit massive. This is an obvious win for the French people.
You have no idea how complex it is to develop E2EE software. At least they could go with self hosted Matrix (in fact they already do in some departments!). Matrix is even designed to be extensible!
Because they could be paying more money for a worse product or service.
It's not beneficial to take a worse deal just because you're making domestic people richer instead of foreign ones.
That's actually what they're doing. They built their own messenger based on Matrix.
Yeah I mean you’re not exactly shedding some deep insight here, it’s very obviously that. While there’s merit to banning WhatsApp, it’s just foolish to ban signal. It’s the best in class for a reason, and it’s open source. France should devote resources to auditing and supporting signal if they really want to throw money to developing secure software.
You say it is obvious but yet you still talking about using Signal.
The logic is simple, is it French ? Yes, ok we can use it if it is secure. No, we won't use it.
I am not endorsing this logic, this is just the logic the politician are using. So no, financing Signal won't be a solution here.
And of course what is the simplest way to spy your citizens, control the main way of communication.
Why is it that signal users are so... obsessive? it's just an encrypted messaging app. Not the second coming of christ.
What security vulnerabilities does Signal have? I implore them to find a more secure messenger.
Edit: Apparently they're using Olvid. Claims to be the most secure messenger. Only the clients are open source, not the server code and they're using a whole different algorithm. I seriously don't understand why they don't just partner with Signal, bet these guys don't even have Signal's level of quantum resistant encryption.
https://github.com/olvid-io
Olvid is French and Signal isn't, which seems to be très important.
Plus for the French Government it's easier to twist arms in France than in Switzerland.
Plot twist: maybe whatsapp, signal and telegram are harder to hack, maybe olvid has back doors that allows them snoop on each other 🤔
(am only half joking 😉)
I think that it has to do with GDPR. Signal has servers outside the jurisdiction of France or the EU. This app probably not.
Not that I agree though. Signal would be a better option.
It's a really big problem for ministers using private messaging services. All of this is supposed to either be public domain or secret. If it's labelled as Secret it should be officially secret, not just "we didn't tell anyone about it".
Accountability and transparency are cornerstones of democracy.
How about GApps tho? You know, the piece of spyware Google embeds in Android's system partition?
FYI:
Private open source alternative to it,
is MicroG
Micro g is still downloads Google proprietary blobs and runs those. So it is not open source so much as it's an open source launcher of Google's proprietary software. It's an interesting improvement, but it does not a panacea it does not fix the issues
Are you sure? I thought that what you describe is what packages suck as NikGapps did, while MicroG is a reimplementation of the code. It does call Google webservers, but it doesn't run Google's blobs (which is also why it's severely limited/fragile compared to packages that run them)
https://github.com/microg/GmsCore/wiki
You're both kinda right afaik.
MicroG reverse engineered, and re-written as much as possible from GApps libraries, from the ground up, as open source software.
These re-implementations are as light weight and privacy respecting as possible on your local device,
however the same does not count for the Google servers it communicates with (if you choose to enable them).
For SafetyNet attestation, a proprietary, isolated, DroidGuard blob is downloaded (if you choose to enable it).
I see the graphene OS community says micro g downloads binaries from Google.
I did a couple minutes of looking at the micro g website, and the wiki, and I don't see anything that says they aren't downloading extra components from Google. So I'm not sure.
....
It seems I was confusing OpenG apps, which does download proprietary bits, and micro g which apparently does not download proprietary bits
The thing that comes with lineage OS by default is OpenG apps.
I believe microG still use Google's services, at very least it connects to
supl.google.comWhat they really mean is that they're having trouble reading the messages on signal so please stop
I mean, any program you didn't make isn't truly secure from your POV, that's all there is to it. And since this affects their governmental employees only it's more than reasonable.
Is that all there is to it? Signal is open source. If they wanted to be extra paranoid they could take and maintain their own branch but that's a bit silly. Building your own is almost certainly the least secure option
What's wrong with XMPP? I've been using it for many years, it's by far been the greatest experience and it has OMEMO encryption.
ios apps are all really, really shit.
This is the best summary I could come up with:
French Prime Minister Élisabeth Borne has banned widely used messaging applications WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo seen by POLITICO.
Borne set a deadline of December 8 for the government to switch to using the French app Olvid instead, which is certified by France's cybersecurity agency ANSSI.
Tchap, the government-developed secure messaging and collaboration app, launched in 2019, is also allowed.
In December, the entire government will be using [Olvid], the world's most secure instant messaging system," French digital minister Jean-Noël Barrot confirmed on X.
The government previously ordered civil servants to remove all types of social media platforms, gaming and video-streaming apps — including TikTok, CandyCrush and Netflix — from their work devices over cybersecurity and privacy concerns.
This article was updated to include details on the memo seen by POLITICO.
The original article contains 193 words, the summary contains 143 words. Saved 26%. I'm a bot and I'm open source!
Aren't they already using their own version of Matrix for IM comms?