Olvid
github.com
external-link
Olvid has 2 repositories available. Follow their code on GitHub.

Olvid, a secure messenger, is finally open-source! They said before the end of 2021, well it’s really just before the end but it’s there. They released the source for their Android and their IOS app.

@Yujiri@lemmy.ml
link
fedilink
30
edit-2
3Y

Some red flags about this messenger:

They are dishonest about the merits of existing secure messengers.

From the homepage:

Download Olvid, the most secure messenger in the world.

There is no “most secure messenger in the world”; that judgement is much too nuanced and situation-dependent for such a claim.

Most of the supposedly free messaging services are financed through the exploitation of the exchanged data.

This is false of at least several alternatives, including Signal and Matrix.

From the “technology” link on top bar:

Our security model is utterly game-changing. Olvid is the first and only messaging system whose security no longer relies on any trusted third party, either operators or their servers.

Objectively false. Even if you consider end-to-end encrypted and federated platforms like Matrix to “rely on a trusted third party”, there are P2P messengers which truly have no servers and which solve the problem of mapping username to public key, such as Tox.

Olvid servers get hacked? Not an issue! No one will ever be able to read your messages, including the servers relaying them. It is forever impossible. Nor can any users identities ever be revealed. Olvid is the only system that also encrypts metadata, thus guaranteeing the anonymity of interlocutors. Finally, Olvid guarantees the authentication of users, contrary to all messaging servers that replace trusted third parties…

Actually, all existing secure messengers have cryptographic authentication, and I’m pretty sure some of them also encrypt as much metadata as possible, such as Signal.

It seems like they’re dishonest about the merits of their own messenger.

Inability of the operator to know “who is talking to whom”. No third party could ever identify the participants, not even the server. No trace of any metadata.

This is huge. I’m developing a federated messenger and had given up on hiding the recipient ID when sending a message because I couldn’t find a way to do it. If there’s a practical way to do it, I want to hear about it. So I opened their protocol specification.

In the section “Upload message and get UID”, I see that the request actually contains a list of both the device UIDs and the identity of all recipients. They call it “encoded”, but it sounds like that just means JSON.


In summary, I would stay away from this messenger in favor of another option like Matrix or SIgnal.

I think Molly may be trying to do something similar https://ccs.getmonero.org/proposals/vd-molly-payments-stage1.html and molly.im

Similar to what? According to their client’s github readme, it’s just an alternate client for the signal server (which IIRC is illegal and previous alt-clients such as LibreSignal have been shut down because Moxie threatened legal action, so I’m not sure how Molly’s getting away with that).

Your right, they could be shut down at any time so that’s a risk for now. That’s why they are working on their own messenger that improves on signal using their own decentralized servers. Signal hasn’t taken down others in operation currently either

Marketing speak bends the truth? Say it ain’t so!

Hamster
link
fedilink
21
edit-2
3Y

They are trying to sell audio calls, video calls and desktop clients as premium feautures. Important consideration for my anti-capitalist ass. Also those features shouldn’t be catered to businesses only.

They also list “unlimited contacts” as a free feature. I think this should not even be considered negotiable.

@Reaton@lemmy.ml
creator
link
fedilink
13Y

The only thing that really bugs me it’s the desktop clients as a premium feature. Even if I would prefer to get everything freely, I understand their choice to make call premium.

Just browsing around the Swift files in the iOS app, I found these:

final class PersistedDiscussionOneToOneLockedToPersistedDiscussionOneToOneLockedMigrationPolicyV24ToV25: NSEntityMigrationPolicy {

private func processContactGroupHasUpdatedPendingMembersAndGroupMembersNotification(obvContactGroup: ObvContactGroup) {

try UtilsForAppMigrationV24ToV25.createDefaultPersistedDiscussionSharedConfiguration(forDiscussion: dInstance, destinationContext: manager.destinationContext)

And they say Java has verbose names.

Sometimes, for my own internal solo projects, I give my variations and functions wacky names because I was bored, I wonder if that’s the same for whoever named those.

NonFree server.

sj_zero
link
fedilink
23Y

To me, self-hosted and federated (so you can self-host and others can self-host and it seamlessly works across instances) is the way of the future. There might be criticisms of xmpp or matrix, but to me the moment you’re no longer looking at a single point of failure like with big tech services (or aspiring big tech services like this) you’re much more secure because your data isn’t in one centralized spot with everyone else’s data to get picked up in one big hack.

Hope someone forks it and makes all premium features free, lol.

@Reaton@lemmy.ml
creator
link
fedilink
43Y

That could be cool, I hope it’s feasible!

Unfortunately it might not be since it seems their server is still closed source.

@Reaton@lemmy.ml
creator
link
fedilink
23Y

Ah. yes, forgot about that part. And I bet they will not open the source code of their server anytime soon…

such a dick move.

There is little incentive to publish open source code in a commercial setting comments like that validates it.

¯\_(ツ)_/¯

Well, I’m poor and I’m already expecting that stuff for free, my poor friends are also not going to pay for that and therefore they will not switch to a private messenger therefore, so give me free real state or gtfo. I know people want to live from that and it must be great, but I live under capitalism and I don’t have many choices.

What about their server?

Apperantly, they run E2EE which means no servers are being used for storage of what people send to each other. They tell their visitors this on olvid.io (below “Olvid cares for you”).

E2EE doesn’t mean servers are not used for storage, it only means servers can’t see message contents.

Note that this doesn’t mean that Olvid uses no servers (it does). It means that you do not have to trust them: your privacy is ensured by cryptographic protocols running on the client-side (i.e., on your device), and these protocols assume that the servers were compromised from day one. Even then, your privacy is ensured blush.

(From the GitHub repo of the Android app.)

repost of that xkcd article which goes: “there are 14 standards”; “that’s too many! we need one that meets all use cases!”; “there are 15 standards”

Here you go!

How Standards Proliferate (See: A/C chargers, character encodings, instant messaging, etc.) Situation:  There are 14 competing standards. Cueball: 14?! Ridiculous! We need to develop one universal standard that covers everyone's use cases. Ponytail: Yeah! Soon: Situation: There are 15 competing standards.

I don’t think matrix protocol will be surpassed by this.

Helix 🧬
link
fedilink
33Y

But competition is good for business, and innovation. Maybe Matrix is ‘forced’ to implement some features because of this.

what features does olvid have that matrix doesnt have yet?

Halce
link
fedilink
13Y

Most notably voice calls probably.

Jama
link
fedilink
23Y

Matrix/element should have that too, afaik

Awesome! Hope its on f droid soon

“Olvid’s not Covid” 🤪

...gnu

Gnu’s not Unix

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

  • 0 users online
  • 5 users / day
  • 14 users / week
  • 19 users / month
  • 6 users / 6 months
  • 22 subscribers
  • 584 Posts
  • 1.24K Comments
  • Modlog