Encryption Is Contagious: Viber Launching End To End Encryption

from the keep-it-coming dept

It appears that more fully encrypting messaging and content is really catching on. Following Whatsapp's big move to roll out end-to-end encryption, the super popular communications app Viber has announced it intends to do the same for its 700 million (and growing) users. It's already testing encryption in a few markets, before rolling it out globally. The company claims that the encrypted system will also let you know if your content is encrypted based on color coding.

Unfortunately, Viber is not entirely clear on what encryption tools they're using. With Whatsapp, the company was upfront in saying that it was using the popular and tested open source encryption from Open Whisper Systems. Viber doesn't say what it's using, leading some to speculate that the company tried to roll its own (generally not a good idea -- and likely means there are serious security flaws). The company, however, says that they're doing "open source plus," but have not yet named what open source tools it's pulling from:
“We built [our end-to-end encryption] based on the concept of an established open-source solution with an extra level of security developed in-house,” a Viber spokesperson says, refusing to be more specific.
There are some that will argue that an opaque/unknown encryption system can, in some ways, be worse than no encryption, in that users may think their communications are private, when they really are not. So, the lack of an open, audited encryption solution is definitely a concern here.

However, what's encouraging is that we're seeing more and more apps embracing end-to-end encryption for communications, as well as strong disk encryption for data at rest. This is something that cryptographers and security experts pushed for for years without much actual support or adoption. However, it's finally starting to become a necessary piece of the puzzle for communications service providers, and that's a good thing.

Filed Under: communication, encryption, privacy
Companies: viber, whatsapp


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 21 Apr 2016 @ 3:53pm

    Are they still storing all your contacts on their servers, not just those that use the service?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2016 @ 4:16pm

    Great! More people using strong encryption is an incredible thing It shifts the debate about encryption from "why do I need it?" to "why do they want to take it away from me?".

    reply to this | link to this | view in chronology ]

  • icon
    JBDragon (profile), 21 Apr 2016 @ 4:28pm

    So thanks to the FBI, the Internet is going more and more DARK!!!!!! HAHAHAHAHA I hope it continues and accelerates. Maybe the U.S. Government will then wise up and realize it's a global market and we can't go back in time and pretend Encryption doesn't exist or that criminals won't take advantage of weak security.

    reply to this | link to this | view in chronology ]

  • identicon
    AnonymousAnonymousCoward, 21 Apr 2016 @ 4:54pm

    Encryption vs legwork

    I understand how law enforcement depends on tools to aide their quest in catching criminals, but making all citizens less safe isn't balancing the scales of justice, the trade off isn't balanced and the American people polled don't like the direction or actions being taken.

    We need encryption, banks using encryption, communications using encryption, file storage using encryption, power stations, damns, roadway, air traffic routing systems Must absolutely use encryption!

    If there's any key laying around, it will eventually be found and used by the wrong players and from what I've read over the past decade, those players have been coming from positions within the government. Manning, Snowden might have felt they had good intentions, the next person might not. No way do I want government holding the keys...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2016 @ 5:03pm

      Re: Encryption vs legwork

      The thing about people with good intentions, is they tend to make their actions public. The people with bad intentions have a vested interest in making sure nobody finds out.

      So it's not really a case of "the next person" but a case of "what are we going to do to plug all the data security holes that are currently leaking huge amounts of data, impacting the financial and physical security of billions of people world-wide?"

      To have the government respond to that question with "wait! Patching those holes will make you all less secure because we won't know what's going on anymore" just makes me question whether they've lost site of their *primary* goals in pursuit of their secondary ones.

      reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 21 Apr 2016 @ 5:01pm

    So, the lack of an open, audited encryption solution is definitely a concern here.

    It's not merely a concern, it's fraud. The algorithms used may be wonderful and the code which implements them may be perfect; or the algorithms may be outdated and the code junk. Until all of it's published for independent peer review, there's no way to know.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2016 @ 5:04pm

      Re:

      Especially on a system that routes through a service provider, where you really have no way at all of verifying what they're doing with your data.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Apr 2016 @ 6:14pm

        Re: Re:

        > through a service provider, where you really have no way at all of verifying what they're doing with your data.

        TLS makes this mostly a non-issue. The endpoints are where most of the concern should be.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2016 @ 9:21pm

    Encryption will only be accepted by the establishment when their data cannot be protected.

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 22 Apr 2016 @ 5:32am

    "Viber doesn't say what it's using"
    If you look closely, the software says Copyright© 2016 NSA.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.