Encryption Is Contagious: Viber Launching End To End Encryption
from the keep-it-coming dept
It appears that more fully encrypting messaging and content is really catching on. Following Whatsapp's big move to roll out end-to-end encryption, the super popular communications app Viber has announced it intends to do the same for its 700 million (and growing) users. It's already testing encryption in a few markets, before rolling it out globally. The company claims that the encrypted system will also let you know if your content is encrypted based on color coding.Unfortunately, Viber is not entirely clear on what encryption tools they're using. With Whatsapp, the company was upfront in saying that it was using the popular and tested open source encryption from Open Whisper Systems. Viber doesn't say what it's using, leading some to speculate that the company tried to roll its own (generally not a good idea -- and likely means there are serious security flaws). The company, however, says that they're doing "open source plus," but have not yet named what open source tools it's pulling from:
“We built [our end-to-end encryption] based on the concept of an established open-source solution with an extra level of security developed in-house,” a Viber spokesperson says, refusing to be more specific.There are some that will argue that an opaque/unknown encryption system can, in some ways, be worse than no encryption, in that users may think their communications are private, when they really are not. So, the lack of an open, audited encryption solution is definitely a concern here.
However, what's encouraging is that we're seeing more and more apps embracing end-to-end encryption for communications, as well as strong disk encryption for data at rest. This is something that cryptographers and security experts pushed for for years without much actual support or adoption. However, it's finally starting to become a necessary piece of the puzzle for communications service providers, and that's a good thing.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: communication, encryption, privacy
Companies: viber, whatsapp
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Encryption vs legwork
We need encryption, banks using encryption, communications using encryption, file storage using encryption, power stations, damns, roadway, air traffic routing systems Must absolutely use encryption!
If there's any key laying around, it will eventually be found and used by the wrong players and from what I've read over the past decade, those players have been coming from positions within the government. Manning, Snowden might have felt they had good intentions, the next person might not. No way do I want government holding the keys...
[ link to this | view in thread ]
It's not merely a concern, it's fraud. The algorithms used may be wonderful and the code which implements them may be perfect; or the algorithms may be outdated and the code junk. Until all of it's published for independent peer review, there's no way to know.
[ link to this | view in thread ]
Re: Encryption vs legwork
So it's not really a case of "the next person" but a case of "what are we going to do to plug all the data security holes that are currently leaking huge amounts of data, impacting the financial and physical security of billions of people world-wide?"
To have the government respond to that question with "wait! Patching those holes will make you all less secure because we won't know what's going on anymore" just makes me question whether they've lost site of their *primary* goals in pursuit of their secondary ones.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
TLS makes this mostly a non-issue. The endpoints are where most of the concern should be.
[ link to this | view in thread ]
[ link to this | view in thread ]
If you look closely, the software says Copyright© 2016 NSA.
[ link to this | view in thread ]