It’s a really big problem for ministers using private messaging services. All of this is supposed to either be public domain or secret. If it’s labelled as Secret it should be officially secret, not just “we didn’t tell anyone about it”.
Accountability and transparency are cornerstones of democracy.
What they really mean is that they’re having trouble reading the messages on signal so please stop
I mean, any program you didn’t make isn’t truly secure from your POV, that’s all there is to it. And since this affects their governmental employees only it’s more than reasonable.
Is that all there is to it? Signal is open source. If they wanted to be extra paranoid they could take and maintain their own branch but that’s a bit silly. Building your own is almost certainly the least secure option
What security vulnerabilities does Signal have? I implore them to find a more secure messenger.
Edit: Apparently they’re using Olvid. Claims to be the most secure messenger. Only the clients are open source, not the server code and they’re using a whole different algorithm. I seriously don’t understand why they don’t just partner with Signal, bet these guys don’t even have Signal’s level of quantum resistant encryption.
Olvid is French and Signal isn’t, which seems to be très important.
Plus for the French Government it’s easier to twist arms in France than in Switzerland.
What’s wrong with XMPP? I’ve been using it for many years, it’s by far been the greatest experience and it has OMEMO encryption.
ios apps are all really, really shit.
Aren’t they already using their own version of Matrix for IM comms?
French here. It is all about the IT sovereignty (souveraineté numérique). The idea is to use French solutions in order to limit leaks if confidential information and dealing with other country without worrying about threat of limiting, stopping critical services. Also it is easier to apply EU laws like GPDR. That is why all the French private company dealing with sensitive information (military, cyber security…) are only using French solutions.
the entire government will be using [Olvid], the world’s most secure instant messaging system," French digital minister Jean-Noël Barrot confirmed on X.
Clearly they’re very discerning when it comes to their choice of communication apps. 🙄
From their Google play store page: “Olvid is the first private instant messaging application for everyone.”
At least it’s open source, so we should know soon enough how it compares to Signal
the client is open source. but the server? not so much.
in any case, if security is the concern… they should probably switch to a government-built system that only runs on gooberment devices. Will it be shitty? absolutely. But data is owned by whoever has the hardware it sits on. if it’s not your device its not your data.
How about GApps tho? You know, the piece of spyware Google embeds in Android’s system partition?
FYI:
Private open source alternative to it,
is MicroGMicro g is still downloads Google proprietary blobs and runs those. So it is not open source so much as it’s an open source launcher of Google’s proprietary software. It’s an interesting improvement, but it does not a panacea it does not fix the issues
Are you sure? I thought that what you describe is what packages suck as NikGapps did, while MicroG is a reimplementation of the code. It does call Google webservers, but it doesn’t run Google’s blobs (which is also why it’s severely limited/fragile compared to packages that run them)
You’re both kinda right afaik.
MicroG reverse engineered, and re-written as much as possible from GApps libraries, from the ground up, as open source software.
These re-implementations are as light weight and privacy respecting as possible on your local device,
however the same does not count for the Google servers it communicates with (if you choose to enable them).For SafetyNet attestation, a proprietary, isolated, DroidGuard blob is downloaded (if you choose to enable it).
I see the graphene OS community says micro g downloads binaries from Google.
I did a couple minutes of looking at the micro g website, and the wiki, and I don’t see anything that says they aren’t downloading extra components from Google. So I’m not sure.
…
It seems I was confusing OpenG apps, which does download proprietary bits, and micro g which apparently does not download proprietary bits
The thing that comes with lineage OS by default is OpenG apps.
I believe microG still use Google’s services, at very least it connects to
supl.google.com
