Encryption Is Contagious: Viber Launching End To End Encryption

from the keep-it-coming dept

Thu, Apr 21st 2016 3:33pm — Mike Masnick

It appears that more fully encrypting messaging and content is really catching on. Following Whatsapp's big move to roll out end-to-end encryption, the super popular communications app Viber has announced it intends to do the same for its 700 million (and growing) users. It's already testing encryption in a few markets, before rolling it out globally. The company claims that the encrypted system will also let you know if your content is encrypted based on color coding.

Unfortunately, Viber is not entirely clear on what encryption tools they're using. With Whatsapp, the company was upfront in saying that it was using the popular and tested open source encryption from Open Whisper Systems. Viber doesn't say what it's using, leading some to speculate that the company tried to roll its own (generally not a good idea -- and likely means there are serious security flaws). The company, however, says that they're doing "open source plus," but have not yet named what open source tools it's pulling from:

“We built [our end-to-end encryption] based on the concept of an established open-source solution with an extra level of security developed in-house,” a Viber spokesperson says, refusing to be more specific.

There are some that will argue that an opaque/unknown encryption system can, in some ways, be worse than no encryption, in that users may think their communications are private, when they really are not. So, the lack of an open, audited encryption solution is definitely a concern here.

However, what's encouraging is that we're seeing more and more apps embracing end-to-end encryption for communications, as well as strong disk encryption for data at rest. This is something that cryptographers and security experts pushed for for years without much actual support or adoption. However, it's finally starting to become a necessary piece of the puzzle for communications service providers, and that's a good thing.

Filed Under: communication, encryption, privacy
Companies: viber, whatsapp

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 21 Apr 2016 @ 3:53pm

Are they still storing all your contacts on their servers, not just those that use the service?
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2016 @ 4:16pm

Great! More people using strong encryption is an incredible thing It shifts the debate about encryption from "why do I need it?" to "why do they want to take it away from me?".
[ link to this | view in thread ]
JBDragon (profile), 21 Apr 2016 @ 4:28pm

So thanks to the FBI, the Internet is going more and more DARK!!!!!! HAHAHAHAHA I hope it continues and accelerates. Maybe the U.S. Government will then wise up and realize it's a global market and we can't go back in time and pretend Encryption doesn't exist or that criminals won't take advantage of weak security.
[ link to this | view in thread ]
AnonymousAnonymousCoward, 21 Apr 2016 @ 4:54pm

Encryption vs legwork
I understand how law enforcement depends on tools to aide their quest in catching criminals, but making all citizens less safe isn't balancing the scales of justice, the trade off isn't balanced and the American people polled don't like the direction or actions being taken.

We need encryption, banks using encryption, communications using encryption, file storage using encryption, power stations, damns, roadway, air traffic routing systems Must absolutely use encryption!

If there's any key laying around, it will eventually be found and used by the wrong players and from what I've read over the past decade, those players have been coming from positions within the government. Manning, Snowden might have felt they had good intentions, the next person might not. No way do I want government holding the keys...
[ link to this | view in thread ]
Rich Kulawiec, 21 Apr 2016 @ 5:01pm

So, the lack of an open, audited encryption solution is definitely a concern here.

It's not merely a concern, it's fraud. The algorithms used may be wonderful and the code which implements them may be perfect; or the algorithms may be outdated and the code junk. Until all of it's published for independent peer review, there's no way to know.
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2016 @ 5:03pm

Re: Encryption vs legwork
The thing about people with good intentions, is they tend to make their actions public. The people with bad intentions have a vested interest in making sure nobody finds out.

So it's not really a case of "the next person" but a case of "what are we going to do to plug all the data security holes that are currently leaking huge amounts of data, impacting the financial and physical security of billions of people world-wide?"

To have the government respond to that question with "wait! Patching those holes will make you all less secure because we won't know what's going on anymore" just makes me question whether they've lost site of their *primary* goals in pursuit of their secondary ones.
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2016 @ 5:04pm

Re:
Especially on a system that routes through a service provider, where you really have no way at all of verifying what they're doing with your data.
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2016 @ 6:14pm

Re: Re:
> through a service provider, where you really have no way at all of verifying what they're doing with your data.

TLS makes this mostly a non-issue. The endpoints are where most of the concern should be.
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2016 @ 9:21pm

Encryption will only be accepted by the establishment when their data cannot be protected.
[ link to this | view in thread ]
I.T. Guy, 22 Apr 2016 @ 5:32am

"Viber doesn't say what it's using"
If you look closely, the software says Copyright© 2016 NSA.
[ link to this | view in thread ]