this post was submitted on 31 Dec 2021
25 points (85.7% liked)

Open Source

31173 readers
442 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
25
Olvid is now open-source! (github.com)
submitted 2 years ago by Reaton@lemmy.ml to c/opensource@lemmy.ml
26 comments fedilink hide all child comments
 

Olvid, a secure messenger, is finally open-source! They said before the end of 2021, well it's really just before the end but it's there. They released the source for their Android and their IOS app.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Yujiri@lemmy.ml 32 points 2 years ago* (last edited 2 years ago) (4 children)

Some red flags about this messenger:

They are dishonest about the merits of existing secure messengers.

From the homepage:

Download Olvid, the most secure messenger in the world.

There is no "most secure messenger in the world"; that judgement is much too nuanced and situation-dependent for such a claim.

Most of the supposedly free messaging services are financed through the exploitation of the exchanged data.

This is false of at least several alternatives, including Signal and Matrix.

From the "technology" link on top bar:

Our security model is utterly game-changing. Olvid is the first and only messaging system whose security no longer relies on any trusted third party, either operators or their servers.

Objectively false. Even if you consider end-to-end encrypted and federated platforms like Matrix to "rely on a trusted third party", there are P2P messengers which truly have no servers and which solve the problem of mapping username to public key, such as Tox.

Olvid servers get hacked? Not an issue! No one will ever be able to read your messages, including the servers relaying them. It is forever impossible. Nor can any users identities ever be revealed. Olvid is the only system that also encrypts metadata, thus guaranteeing the anonymity of interlocutors. Finally, Olvid guarantees the authentication of users, contrary to all messaging servers that replace trusted third parties...

Actually, all existing secure messengers have cryptographic authentication, and I'm pretty sure some of them also encrypt as much metadata as possible, such as Signal.

It seems like they're dishonest about the merits of their own messenger.

Inability of the operator to know "who is talking to whom". No third party could ever identify the participants, not even the server. No trace of any metadata.

This is huge. I'm developing a federated messenger and had given up on hiding the recipient ID when sending a message because I couldn't find a way to do it. If there's a practical way to do it, I want to hear about it. So I opened their protocol specification.

In the section "Upload message and get UID", I see that the request actually contains a list of both the device UIDs and the identity of all recipients. They call it "encoded", but it sounds like that just means JSON.

In summary, I would stay away from this messenger in favor of another option like Matrix or SIgnal.

[โ€“] BridgeBum@lemmy.ml 2 points 2 years ago

Marketing speak bends the truth? Say it ain't so!

load more comments (3 replies)