Unknown to the general public, Olvid is a French instant messaging application. It advertises itself as an alternative to Signal and WhatsApp and boasts of being the safest in the world. She was chosen in May by the RAID to serve as its internal messaging service.
Olvid is not a name that evokes much for most French women and men. However, the encrypted instant messaging app is French and it has just been chosen at the beginning of May bythe RAID, the intervention unit of the National Police, to be the messaging application for its troops to exchange with a high level of confidentiality.
” The RAID chooses Olvid for the communications of its members “, proudly announced on May 5 on Twitter the messaging service, also explaining in passing to be “ immensely proud to meet such high standards “. Its nationality, its level of security, its functionalities and its openness are all criteria that have worked in its favor.
While the app is starting to get more and more people talking about it, it still remains very little known. So what is this world’s safest instant messenger “, as she likes to present herself on her website? Numerama goes into detail on the latter.
Olvid: what is this secure messaging app?
Olvid is an encrypted instant messaging app available on Android and iOS. The first version of the app was launched in November 2018. Among the founders of the company are cryptologists – therefore encryption experts – who explain that they carried out research and development work for several years before launching Olvid.
Concretely, Olvid presents itself as a classic messaging app. It allows you to have private conversations, between two people, but also group conversations. Conversations are end-to-end encrypted by default, says Olvid.
This process is possible thanks to cryptographic protocols with unparalleled power ”, according to its site. Concretely, according to the technical paper describing Olvid’s specifications, the team relies on the SHA-256 hash function and the AES-256 block cipher algorithm, as well as other processes, at the HMAC image for message authentication.
These different cryptographic bricks are considered viable and robust solutions, as can be read in a 2021 guide from the National Information Systems Security Agency (Anssi), which deals with the cybersecurity of the State. They are in any case to be preferred, insofar as they have not been fundamentally questioned.
Messages, but also attachments, such as photos, are therefore protected. In addition to messages, Olvid allows you to make calls. However, these are limited to audio calls: Olvid does not offer video communication.
Another interesting aspect, it is not necessary to have a SIM card to use Olvid: the app does not need a phone number to work, only an Internet connection, which reinforces a little plus user privacy. Clearly, it can be used by connecting to a Wi-Fi hotspot, an Internet box or any device sharing its Internet connection.
The app is intended for individuals and professionals. However, Olvid has emphasized the use by companies in its communication, and has implemented a lot of features specifically designed for them, including license management, deployment options or the creation of managed groups.
This highlighting of companies is logical: Olvid offers free use for individuals, but paying for companies wishing to equip their employees. However, individuals still have access to a large number of features, even in the free version. Finally, last information: Olvid explains that he respects the GDPR “ 100 % », taking into account his nationality and his presence in France.
How is Olvid secure?
Olvid claims to be the safest messenger in the world and what is clear is that the company has adjusted the way the application works to tend towards this claim as much as possible. And this also requires a minimum collection of personal data. Because in a way, the best data we protect is the one we don’t collect.
Olvid therefore announces that its mode of operation ” does not require any personal data: no phone number, no email, no surname, no first name, no address, no date of birth “, and that she does “ not rest the security of exchanges on servers “.
Olvid explains that his ” cryptographic protocols are capable of guaranteeing data security “, even if ” servers get hacked “. This highlights the use of forward secrecy, an encryption technique that ensures the secrecy of past conversations is preserved, even if the keys used to encrypt the exchanges have been compromised.
The app will also never request access to the phone book, which means that this information is not transmitted – this means above all that there are no servers in which user identifiers are stored. Eliminating its servers from the equation makes it possible to do without a third party, who could be hacked, believes Olvid.
Conversations are end-to-end encrypted by default on the app, as is the case for Signal and WhatsApp. End-to-end encryption is a specific mathematical protocol for encrypting messages, which can be read only by people in possession of a secret key. Without this key, the messages are unreadable. This type of encryption is therefore a very important element to take into account which ensures that no one outside a conversation can access the messages, thus guaranteeing a high level of protection.
It’s not just messages that are encrypted on Olvid: the app also indicates that it encrypts conversation metadata. In the case of “classic” encryption, it is the contents of the messages that are encrypted. But the metadata remains visible. However, this metadata – which is in a way the context around the message – can say a lot about the conversations themselves: they can contain information on who wrote a message and who received it, at what time, on the number of messages sent, their frequency, by which means and from which place, etc.
Olvid ensures to encrypt the metadata, and therefore, to make this kind of information inaccessible. It is this protection that is particularly interesting. For now, only Olvid takes this kind of precaution: Telegram does not encrypt metadata, and WhatsApp has access to metadata. Signal, on the other hand, does not retain metadata beyond the period required for the circulation of the message, but does not encrypt it.
The safest messaging system in the world?
All of these efforts serve as a foundation for Olvid to claim to be the most secure messenger in the world. It can also pride itself on having won certain distinctions from reputable third parties in the field.
In 2021, Olvid thus received the CSPN (First Level Security Certification) from Anssi, which has always been very picky about IT security issues, due to its key role in securing the administration and operators of vital importance.
Messaging has also won several innovation competitions, and is advised by the International Federation for Human Rights and by the computer systems department of the Ecole Polytechnique. Finally, aevaluation of Quarkslab, a company specializing in cybersecurity and the study of software, showed in 2019 that the app did not have to be ashamed of its direct competitors and evaluated it positively.
Another element in favor of Olvid: the codes for the iOS and Android mobile applications are available in open source on the company’s GitHub, and a bug bounty is open to hackers. Put simply, this allows everyone — at least everyone with the time and skills — to check the behavior of the software’s innards.
And the messaging is thinking ahead, saying prepare for ” post-quantum cryptography in order to continue to ensure the security of the app when quantum computers have succeeded in breaking the ciphers.