> French prime minister Elisabeth Borne asked that government workers "take all measures" to deploy Olvid by December 8.
> France's junior minister in charge of digital, Jean-Noel Barrot, wrote in a social media post that the messaging app had been used by his team since July 2022.
> "In December, the entire government will use Olvid, the most secure instant messaging service in the world."
Never heard of it before. Has anyone looked into their protocols?
Countries should in-house their critical technology, jobs, and infrastructure true as much as possible. Sure, you can save a few bucks by using that huawei router or Russian developed secure message app. And maybe it’s cheaper to pay people in China to handle all of your advanced fabrication. And foreign investment money seems to flow a lot more freely than domestic. But I think we’ve seen over and over again how countries that control investments and supply chain are more than willing to use their influence as a political lever when it suits them.
Hypothesis yet plausible scenario: Signal is actually a NSA/CIA-run honeypot.
As far as I know, nobody knows (for sure) what software runs on the official Signal servers. Only the official client app can be used to communicate with ONLY the Signal server.
US law (as far as I know) forces ALL US-based organizations (including non-profits) to cooperate with any and all government agencies, without being legally allowed to publicly admit or disclose that they're doing so. Thanks to Snowden we know that this has happened A LOT in the past. After Snowden, when exactly did the NSA stop illegally spying on everybody? ... Exactly...
With the above in mind it is possible that all Signal traffic is not actually e2e encrypted and is instead decrypted and re-encrypted at the server.
A less "far fetched" version of the above would be that there are simply known vulnerabilities in the Signal client app (and/or Android and/or iOS and/or other apps) that governments are exploiting to see all decrypted Signal communications.
IMO it would be extremely dumb for an EU country to voluntarily use software made in the US or in any other country if it isn't FULLY open source and FULLY audited (and compiled from source) by the EU country itself.
Just like it is extremely dumb that EU-based companies are PAYING to upload their own trade secrets to their direct competitors in the US through OneDrive.
Signal claims to only have the phone number and, IIRC, last connection time. But being American they seem at least somewhat vulnerable to pressure by the US government.
I don’t fully believe this. Over the past few years, we’ve seen politicians in every country using WhatsApp/Signal to conduct their official/corrupt practices without oversight. I cannot imagine they’d abandon those channels for the officially sanctioned one.
And yet many of these same ministers undoubtedly support the EU's recent nth attempts to open encryption backdoors for the most commonly used consumer messaging systems on the continent, arguing that it won't be harmful to security while adding in all the usual "for the children, fighting terrorists" bullshit..
Hypocrisy is never more than a stone's toss away from any government policy.
>The entire client code is open-source. This code, once compiled, makes it possible to produce iOS and Android clients which are able to communicate with our production server (the exact same one used by the client applications downloaded from the App Store or Google Play), and thus enter into contact and chat with all other Olvid users.
>For the moment, however, we have chosen not to publish the source code of the server through which the messages transit.
Quite a few reasons to be concerned. Moxie left Signal and at least one of the new board members has a US government background. The update methods allow issuing a compromised update to targeted users. And while Signal still claims that “in our model, the server knows nothing about users”, for a few years now users’ contacts lists (sweet, sweet metadata nearly as valuable as the messages) have been uploaded to servers, protected only by the notoriously vulnerable Intel SGX technology.
Allegedly the major governments participate in a cooperative spying exchange dubbed Five Eyes. Since it's illegal for Country A to spy on their own citizens, they instead have Country B do it and vice-versa. Then participants exchange info in a quid-pro-quo fashion.
Edit: reading a bit more about it they will be able to use both Olvid and Tchap, to have a Tchap account you must be a public sector employee so Olvid will be a way to communicate with external contact I guess.
> France's junior minister in charge of digital, Jean-Noel Barrot, wrote in a social media post that the messaging app had been used by his team since July 2022.
> "In December, the entire government will use Olvid, the most secure instant messaging service in the world."
Never heard of it before. Has anyone looked into their protocols?
https://olvid.io/assets/documents/2020-12-15_Olvid-specifica...
The client app sources are available under AGPLv3 license:
https://github.com/olvid-io/olvid-android
https://github.com/olvid-io/olvid-ios
Does this mean they are pushing Olvid in general preference over Tchap, their Matrix network? https://joinup.ec.europa.eu/collection/open-source-observato...