- cross-posted to:
- opensource@lemmy.ml
- cross-posted to:
- opensource@lemmy.ml
cross-posted from: https://lemmy.ml/post/134819
Olvid, a secure messenger, is finally open-source! They said before the end of 2021, well it’s really just before the end but it’s there. They released the source for their Android and their IOS app.
https://olvid.io/technology/en/#security > Encrypted e-mails:
Plain text unencrypted metadata in the header
Me logging in to my account on posteo.de and checking the settings:
Activate Posteo crypto mail storage for your account: This function encrypts your entire email data at the press of a button, including all content and metadata. The encryption is comprehensive; it encompasses your existing email archive, all newly-arriving emails and your notes.
Lie #1. I think Olvid needs to be more updated :)
And on Olvid’s privacy policy page:
Olvid does not collect ANY personal data.
Next section:
Olvid simply uses purely technical data, i.e. users’ IP addresses
IP addresses counts as personal data -.- Lie #2. But! They states that they do not consulting, collecting, or keeping the IP addresses… but they collects them?
After installed the application, I saw that I need to give them money in order to make secure calls. But to receive secure calls are 100% free. That’s a deal-breaker for me. Uninstalled…
Activate Posteo crypto mail storage for your account: This function encrypts your entire email data at the press of a button, including all content and metadata. The encryption is comprehensive; it encompasses your existing email archive, all newly-arriving emails and your notes.
To be honest, this sounds like gobbledyremoved aimed at duping people who don’t understand cryptography. The problem with encrypted email is first of all that it only works if both sender and receiver agree to do it. You cannot use your posteo account to send an encrypted email to other email users, because they wouldn’t know how to decrypt it! Likewise, incoming emails can only be end-to-end encrypted by the sender; if the sender sends them in plain text (which all but one in a million email users will), the server receives them in plain text. Even if the server “encrypts” them for storage, the plain text is still available to the server.
This is not to say you should trust Olvid’s claims of superiority; on the contrary, they are definitely telling some lies themselves: https://lemmy.ml/post/134819/comment/103067
I’m not sure about “lie #1” so let’s talk about the second one. Read the privacy policy again, they are using IP adresses, they do not collect them. That’s a big difference. I see no lie here.
For secure call, yes you must pay, that’s their business model. Honestly I prefer to know that’s how they make money rather than selling my data.
But hey, we can’t all like the same thing. :)