Viber Update Brings End-To-End Encryption and Hidden Chats

An anonymous reader writes: The new hip thing to do if you're a developer of a messaging app is to encrypt everyone's messages -- everyone's doing it! WhatsApp announced earlier this month all messages being sent through the service will now be end-to-end encrypted. Today, Viber has announcd it is doing something similar. All messages being sent through the latest version of the app will be end-to-end encrypted. To confirm messages are being encrypted, a padlock icon will appear in the chat UI. The latest version of the app is already available in the iOS App Store and Android Google Play Store. Viber is one of the largest messaging platforms with over 700 million users. Hidden chats can also be found in the new update. Users can hide select chats with people and access/display them with a PIN or Touch ID.

Is Viber written using the Rust programming lang?

Is Viber written using the Rust programming language? It's getting to the point where the only software I'll trust is software written in Rust. It's like being a vegan in a lot of ways. It's healthier for you, but it can also make life more difficult. For example I've switched to using Servo for all of my web browsing, since it's written in Rust. Servo is still a young project, though, so there are some rough edges. But since it's written in Rust I have a lot more trust for it than I do of other software.

I would really like to use a realtime mobile chat app written in Rust. I would also like to use a mobile OS that's fully written in Rust, too. I wish that Google would port Android to Rust. I'd really, really like it if I could use a software stack that's 100% rust from the OS up to the apps. I'd feel so much safer using that software because I know that Rust is all about safety and writing code that's pretty much unbreakable.

How can this be checked?

[thesupraman]

I wonder which of them will be the first to open up their implementation to scrutiny?
Showing us a nice little padlock icon is all very well, but encryption is *hard*, and getting it right is subtle.

An assurance that they cannot access any of the data themselves would be a start, because it points
to true end-to-end (rather than end-to-middleman, which is much less useful...)

If you can access your messages from more than one device, then it is a sign that all is not well in paradise,
as they may hold the keys themselves (in which case what is the point), but not necessarily.

If trust is part of security, then do you trust the security? ;)

can someone explain this to me?

So geezer here, been online since the early 80's. For a long time, store-and-forward type messaging (usenet) and instant messengers (IRC, when it appeared) alike separated the protocol from the client. There were dozens upon dozens of usenet and IRC clients, so you could pick one with features you wanted, but still communicate with everyone else, because they'd all abide the same underlying communication protocol.

For some reason, everyone decided that they'd rather have kik that can't talk to viber that can't talk to whatsapp that can't talk that MS one that can't talk to any of the other dozens of competing ones. Fractured little fiefdoms. This confuses me. It seems like a significant loss.

I can even understand why a company wants to lock people into its messager and only its messenger. What I don't understand is why everyone insists on flocking to those things, and eschews the kind of platform agnostic standards that let the internet succeed so wildly in the first place. You can email someone without caring much about which reader they use! What was wrong with that model, that we had to run as fast as possible away from it?

Re:can someone explain this to me?

[110010001000]

The reason Viber is popular is because it uses your phone number as your address. So you can use it to "SMS" for free internationally. What open standard clients usually forget is that people want something easy to use and attached to an address that they can remember. If someone did Jabber/XMPP using your phone number as the endpoint it would probably be more popular.

Re:i must be getting old.. really, really old..

[DiSKiLLeR]

idk why you haven't.

I started using viber years ago, but switched to fb messenger and whatsapp over time.

I think a lot of americans haven't heard of these because they are hugely popular overseas which let you text and make phone calls internationally over wifi/data.

Texting/calling in the US within the US (and sometimes Canada and Mexico too) is essentially free on plans so you have no motivation to use apps like Viber or WhatsApp but that is not the case for the rest of the world. Especially within places like europe.

Re:Signal?

[chihowa]

Pssh, all of the important details are in the summary: "To confirm messages are being encrypted, a padlock icon will appear in the chat UI."

What more do you need to know?

Hidden chats, what else is hidden...

[mackermacker]

Viber shares a founder with one of those Israeli shitware companies from Download Valley and has ties to several others https://en.wikipedia.org/wiki/...

Also, they have questionable security and/or sold people contacts in the past http://haydenjames.io/i-refuse...

On November 4, 2014, Viber scored 1 out of 7 points on the Electronic Frontier Foundation's "Secure Messaging Scorecard". Viber received a point for encryption during transit but lost points because communications were not encrypted with keys that the provider didn't have access to (i.e. the communications were not end-to-end encrypted), users could not verify contacts' identities, past messages were not secure if the encryption keys were stolen (i.e. the service did not provide forward secrecy), the code was not open to independent review (i.e. the code was not open-source), the security design was not properly documented, and there had not been a recent independent security audit.