Barely elected official messaging of the French government, Olvid is already criticized. The French messaging company defended itself, Tuesday, December 12, from accusations of security flaws weighing on it. The site The Informed last week, as well as the chained Duck to be published this Wednesday, accuse Olvid of having its message distribution server hosted by the giant American server Amazon Web Services (AWS), an Amazon subsidiary. Messaging data would thus be subject to American extraterritorial laws, which in principle allows American authorities to claim them.
A problem, when messaging made in France has just been imposed as a mandatory communication tool for ministers and secretaries of state by Élisabeth Borne. The Prime Minister has banned her troops and their offices from using classic messaging services like WhatsApp, but also Signal or Telegram, applications whose communication – sometimes misleading – about their security has transformed them in a few years into channels of communication. privileged exchanges, particularly between politicians and journalists.
However, these messaging services are equipped, according to a circular from Matignon, with “flaws which do not ensure the security of conversations and information shared through them”. All these applications must therefore be replaced by Olvid, unknown to the general public until a few weeks ago, but which the government considers to be safer.
“Secret-defense level” encryption
Is it really, with servers hosted in the United States? “Olvid does not create any centralized directory of its users, does not collect their IP addresses (the identifiers of connected devices), nor their connection data, and everything is encrypted end-to-end with encryption algorithms of the highest level of security “, defended its CEO, Thomas Baignères, to AFP this Tuesday.
“The fact that these are AWS servers is not important in terms of security, because it is encrypted data, with defense-level encryption. To think that this encryption could one day be pierced is conspiracyism, because if that were the case, there would no longer be anything secure on the Internet, neither financial transactions nor any other,” said the founder.
Olvid, owned by French co-founders, is the only messaging service whose security is certified by ANSSI, the National Information Systems Security Agency. But many other messaging services are starting to become more secure. Last week, Meta, parent company of Facebook and WhatsApp, began end-to-end encryption of “all personal conversations and calls on Messenger and Facebook”, as is already the case on WhatsApp. And this despite the protests of many governments which, unlike France, are opposed to it, for fear that these messaging services will be used by criminals who have become impossible to trace.