Encryption Is Contagious: Viber Launching End To End Encryption

from the keep-it-coming dept

It appears that more fully encrypting messaging and content is really catching on. Following Whatsapp’s big move to roll out end-to-end encryption, the super popular communications app Viber has announced it intends to do the same for its 700 million (and growing) users. It’s already testing encryption in a few markets, before rolling it out globally. The company claims that the encrypted system will also let you know if your content is encrypted based on color coding.

Unfortunately, Viber is not entirely clear on what encryption tools they’re using. With Whatsapp, the company was upfront in saying that it was using the popular and tested open source encryption from Open Whisper Systems. Viber doesn’t say what it’s using, leading some to speculate that the company tried to roll its own (generally not a good idea — and likely means there are serious security flaws). The company, however, says that they’re doing “open source plus,” but have not yet named what open source tools it’s pulling from:

?We built [our end-to-end encryption] based on the concept of an established open-source solution with an extra level of security developed in-house,? a Viber spokesperson says, refusing to be more specific.

There are some that will argue that an opaque/unknown encryption system can, in some ways, be worse than no encryption, in that users may think their communications are private, when they really are not. So, the lack of an open, audited encryption solution is definitely a concern here.

However, what’s encouraging is that we’re seeing more and more apps embracing end-to-end encryption for communications, as well as strong disk encryption for data at rest. This is something that cryptographers and security experts pushed for for years without much actual support or adoption. However, it’s finally starting to become a necessary piece of the puzzle for communications service providers, and that’s a good thing.

Filed Under: , ,
Companies: viber, whatsapp

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Encryption Is Contagious: Viber Launching End To End Encryption”

Subscribe: RSS Leave a comment
AnonymousAnonymousCoward says:

Encryption vs legwork

I understand how law enforcement depends on tools to aide their quest in catching criminals, but making all citizens less safe isn’t balancing the scales of justice, the trade off isn’t balanced and the American people polled don’t like the direction or actions being taken.

We need encryption, banks using encryption, communications using encryption, file storage using encryption, power stations, damns, roadway, air traffic routing systems Must absolutely use encryption!

If there’s any key laying around, it will eventually be found and used by the wrong players and from what I’ve read over the past decade, those players have been coming from positions within the government. Manning, Snowden might have felt they had good intentions, the next person might not. No way do I want government holding the keys…

Anonymous Coward says:

Re: Encryption vs legwork

The thing about people with good intentions, is they tend to make their actions public. The people with bad intentions have a vested interest in making sure nobody finds out.

So it’s not really a case of “the next person” but a case of “what are we going to do to plug all the data security holes that are currently leaking huge amounts of data, impacting the financial and physical security of billions of people world-wide?”

To have the government respond to that question with “wait! Patching those holes will make you all less secure because we won’t know what’s going on anymore” just makes me question whether they’ve lost site of their primary goals in pursuit of their secondary ones.

Rich Kulawiec (profile) says:

So, the lack of an open, audited encryption solution is definitely a concern here.

It’s not merely a concern, it’s fraud. The algorithms used may be wonderful and the code which implements them may be perfect; or the algorithms may be outdated and the code junk. Until all of it’s published for independent peer review, there’s no way to know.

Leave a Reply to Anonymous Coward Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...