this post was submitted on 29 Nov 2023
127 points (97.7% liked)

Technology

59209 readers
4221 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Another article, much better and presents in more detail that Olvid was audited on an older version and chosen because it was French and they applied for it (French) https://www.numerama.com/tech/1575168-pourquoi-les-ministres-vont-devoir-renoncer-a-whatsapp-signal-et-telegram.html

Google translate link original post : https://www-lepoint-fr.translate.goog/high-tech-internet/les-ministres-francais-invites-a-desinstaller-whatsapp-signal-et-telegram-29-11-2023-2545099_47.php?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=fr&_x_tr_pto=wapp

The translation has some mistakes but good enough to understand the context.

Here is a short summary :

Olvid passed a 35d intrusion test by Anssi (French cybersecurity state organisation) experts or designated experts, with code examination without finding any security breach. Which is not the case of all other 3 messaging apps (either because they didn't do any test, or because they didn't pass).

This makes WhatsApp, signal and telegram unreliable for state security.

And so government members and ministerial offices will have to use Olvid or Tchap (French state in house messaging app).

More detail in the article.

you are viewing a single comment's thread
view the rest of the comments
[–] suckmyspez 4 points 11 months ago (2 children)

Yup I did see they were on GitHub but when I looked the iOS repository is months (and several releases) out of date.

I’d expect an open source project to be working in public…not in private and updating their public repositories later down the line

[–] [email protected] 2 points 11 months ago (1 children)

Signal isn’t much better in this regard. They certainly don’t work directly in the public repos - they have internal repos that they work from and they push updates from them to the public repos after the fact.

I’m not sure about the current state but when I looked into it a couple years ago, their client side repos were around a year behind. I recall reading some issues stating that the client was so far behind that the server was refusing to communicate with builds of it.

[–] [email protected] 1 points 11 months ago (1 children)

Signal’s official policy is that third party clients aren’t permitted, and lacks reproducible builds for their android client. Even if the open source code was up to date, using it without patching it to use a custom server would be a TOS violation.

[–] [email protected] 2 points 11 months ago

One of the ways Signal doesn’t really feel FOSS that I read about was related to third party clients and the official server. Projects wanted to use forks of their client with the official servers. In one case this was just so they could remove nonfree software. In another they were adding minor features (that Signal would have been free to take back into the main build, since they were under the same license). But Moxie said they couldn’t use their servers, period.