Privacy @programming.dev Pierre-Yves Lapersonne @programming.dev 1 yr. ago

France bans ministers from WhatsApp, Signal; demands French alternatives.

www.politico.eu France bans ministers from WhatsApp, Signal; demands French alternatives

‘These digital tools are not devoid of security flaws,’ government document says.

After the Tchap project based on Matrix, the French Prime Minister asks anyone in the gouvernement to use Olvid, the only app validated by the ANSSI, with metadata encryption and no centralised architecture nor contacts discovery. But only the front-ends are open source, not the back-end.

Source: https://www.politico.eu/article/france-requires-ministers-to-swap-whatsapp-signal-for-french-alternatives/

World News @lemmy.world Lee Duna @lemmy.nz 1 yr. ago

France bans ministers from WhatsApp, Signal; demands French alternatives

www.politico.eu /article/france-requires-ministers-to-swap-whatsapp-signal-for-french-alternatives/

Interesting Global News @lemmy.zip BrikoX @lemmy.zip 1 yr. ago

France bans ministers from WhatsApp, Signal; demands French alternatives

www.politico.eu /article/france-requires-ministers-to-swap-whatsapp-signal-for-french-alternatives/

53 comments

I can understand the WhatsApp part, its a closed source app but it makes no sense to ban an open source app bc of security concerns, just order a study of the source code to validate it
- France wants backdoors into these apps, it's not a lack of trust thing.
  
  France wants backdoors into these apps, it’s not a lack of trust thing.
  
  If it's trivial for a host nation to add backdoors to instant messaging services, you'd be agreeing with the government of France and you'd be pressing to migrate your communication out of the hand of third parties.
  
  Darmanin's dream.
- A far better reason not to use WhatsApp is that it is run by Facebook. It was also a primary vector for Pegasus.
  
  A far better reason not to use WhatsApp is that it is run by Facebook. It was also a primary vector for Pegasus.
  
  Aren't you doubling down on the government of France's position?
  
  I mean, the french minister did explicitly stated that "[you] cannot guarantee the security of conversations and information shared via them".
- Indeed. However we can think the Olvid company, a private company, was very pushy to promote its product and made people think the other apps are worse. In fact it seems Olvid, compared to Signal, encrypt metadata and does not rely on contacts nor identity server. And because it’s a French app, “sovereignty matters” (even of ministers use Microsoft Office solutions 🤡)
  
  Western countries got 'lobbying', Eastern countries got 'corruption' amirite? If they really cared, they would've certified Tox, that I2P IM or Simplex...
  
  That shouldn't be a job for the French administration ? How can they give credit to a private company for such sensible informations ?
To start Europe should have secure phones made in EU.
- To start Europe should have secure phones made in EU.
  
  Doesn't switching instant messaging services count as a start? Switching hardware is far harder than switching software.
  
  Also, local messaging systems also determine where your traffic goes and who controls that data. If you have a french messaging service with data centers in france routing traffic between people in France, you are in a far better shape.
  
  When Real-Time Bidding allows foreign states and non-state actors to obtain compromising sensitive personal data about key European personnel and leaders to get location data, time-stamps, websites and apps activities; switching to a local messaging service appears to be a weak patch. You can get an overview of the actual situation here : https://www.iccl.ie/digital-data/europes-hidden-security-crisis/
Can't wait to hear how this gets hacked!
- Olvid is the only messaging application today certified by the ANSSI (the French security agency), I doubt this one will be hacked.
  
  Olvid is the only messaging application today certified by the ANSSI
  
  Is there a list of those they've tested, and why they didn't meet criteria? Has Signal been tested?
  
  Without that info, just seems coincidental that the French government has bestowed this cert on only a French app.
  
  It's only a matter of time.
i rather doubt a government would push people out of signal-protocol apps and into Some Other App if they didn't already have a backdoor into the designated substitute
- Servers are private, so we can conclude anything…
I downloaded and scanned it with App Manager. Google play billing, another Google something, and telemetry from someone else. Also has the Google maps api. Pass

Edit: I use SimpleX which has many of the same features (no phone number, ETEE, lots more) but is FOSS, has no trackers, has been audited by Trail of Bits, and can be self hosted if you wish. I am very happy with it after leaving Signal.
- Don’t know App Manager. What is it? The report from Exodus Privacy is interesting: https://reports.exodus-privacy.eu.org/fr/reports/io.olvid.messenger/latest/
  
  It's an Android app that can 'Scan for trackers and libraries in apps and list (all or only) tracking classes (and their code dump)' as well as many other functions
  
  https://github.com/MuntashirAkon/AppManager
Ah yes, politicians making technical decisions about technology they won't understand.
- To be fair, their job is not to 100% understand the technology, but to govern (they are politicians, not IT or SysAdmins)...and listen to subject matter experts as they make those decisions.
So what are the vulnerabilities in Signal? And how is Olvid better?
- It's about digital sovereignty. France (or at least the prime minister) wants the government to control its own infrastructure. IMO, this is good and if they're serious, it will mean getting rid of Microsoft, Apple, Google and everything else in governmental institutions. Best case would be if they also got rid of all of that stuff in schools to teach the next generation how to use FLOSS stuff.
  
  Seeing as they picked Olvid though... I'm not sure how serious they are about FLOSS. Probably more about keeping the money in France instead of it being siphoned off to some company in the US.
  
  Forgive my ignorance, But I know FOSS, I've yet to see FLOSS, is this another acronym for Free Open Source Software or did auto correct mess something up?
Minitel 2 let's go
- Bring back the future!
Olvid seems okay, but I find it weird that they advertise the fact that they don't need to trust their servers as a feature somehow unique to them. Yeah, their "lack of centralized user directory" USP is a good feature (or lack thereof), but in the end it's "yet another secure messenger", even tough their github specificially says it's not.

If it were federated (as far as I can tell it's not), then it would be a different matter. That would be a great USP. Kind of like Tox, but federated instead of P2P.
This is the best summary I could come up with:

French Prime Minister Élisabeth Borne has banned widely used messaging applications WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo seen by POLITICO.

Borne set a deadline of December 8 for the government to switch to using the French app Olvid instead, which is certified by France's cybersecurity agency ANSSI.

Tchap, the government-developed secure messaging and collaboration app, launched in 2019, is also allowed.

In December, the entire government will be using [Olvid], the world's most secure instant messaging system," French digital minister Jean-Noël Barrot confirmed on X.

The government previously ordered civil servants to remove all types of social media platforms, gaming and video-streaming apps — including TikTok, CandyCrush and Netflix — from their work devices over cybersecurity and privacy concerns.

This article was updated to include details on the memo seen by POLITICO.

The original article contains 193 words, the summary contains 143 words. Saved 26%. I'm a bot and I'm open source!
Is berty still around?

Edit: they are https://berty.tech/

You've viewed 53 comments.