Encryption Is Contagious: Viber Launching End To End Encryption
from the keep-it-coming dept
It appears that more fully encrypting messaging and content is really catching on. Following Whatsapp's big move to roll out end-to-end encryption, the super popular communications app Viber has announced it intends to do the same for its 700 million (and growing) users. It's already testing encryption in a few markets, before rolling it out globally. The company claims that the encrypted system will also let you know if your content is encrypted based on color coding.Unfortunately, Viber is not entirely clear on what encryption tools they're using. With Whatsapp, the company was upfront in saying that it was using the popular and tested open source encryption from Open Whisper Systems. Viber doesn't say what it's using, leading some to speculate that the company tried to roll its own (generally not a good idea -- and likely means there are serious security flaws). The company, however, says that they're doing "open source plus," but have not yet named what open source tools it's pulling from:
“We built [our end-to-end encryption] based on the concept of an established open-source solution with an extra level of security developed in-house,” a Viber spokesperson says, refusing to be more specific.There are some that will argue that an opaque/unknown encryption system can, in some ways, be worse than no encryption, in that users may think their communications are private, when they really are not. So, the lack of an open, audited encryption solution is definitely a concern here.
However, what's encouraging is that we're seeing more and more apps embracing end-to-end encryption for communications, as well as strong disk encryption for data at rest. This is something that cryptographers and security experts pushed for for years without much actual support or adoption. However, it's finally starting to become a necessary piece of the puzzle for communications service providers, and that's a good thing.
Filed Under: communication, encryption, privacy
Companies: viber, whatsapp
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Encryption vs legwork
We need encryption, banks using encryption, communications using encryption, file storage using encryption, power stations, damns, roadway, air traffic routing systems Must absolutely use encryption!
If there's any key laying around, it will eventually be found and used by the wrong players and from what I've read over the past decade, those players have been coming from positions within the government. Manning, Snowden might have felt they had good intentions, the next person might not. No way do I want government holding the keys...
[ link to this | view in thread ]
It's not merely a concern, it's fraud. The algorithms used may be wonderful and the code which implements them may be perfect; or the algorithms may be outdated and the code junk. Until all of it's published for independent peer review, there's no way to know.
[ link to this | view in thread ]
Re: Encryption vs legwork
So it's not really a case of "the next person" but a case of "what are we going to do to plug all the data security holes that are currently leaking huge amounts of data, impacting the financial and physical security of billions of people world-wide?"
To have the government respond to that question with "wait! Patching those holes will make you all less secure because we won't know what's going on anymore" just makes me question whether they've lost site of their *primary* goals in pursuit of their secondary ones.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
TLS makes this mostly a non-issue. The endpoints are where most of the concern should be.
[ link to this | view in thread ]
[ link to this | view in thread ]
If you look closely, the software says Copyright© 2016 NSA.
[ link to this | view in thread ]