> On Dec 9, 2024, at 19:30, Dianne Skoll via linux <linux [ at ] linux-ottawa [ dot ] org> wrote: > > Hmm... https://en.wikipedia.org/wiki/Viber#Security_audit > > "In May 2016, Viber published an overview of their encryption > protocol, saying that it is a custom implementation..." > > This gives me pause. > Agreed. Custom crypto is usually a really bad idea. Cryptography is hard enough to get right even with lots of public analysis. > If there is some sort of communication that you want to be protected > from interception by a nation-state, then this is my recommendation: > > Do not communicate it electronically. > Rubber hose decryption works very well to extract keys and secrets. If you have a real secret. Don’t tell anyone. Traffic pattern analysis tells the TLA tons. They don’t need to see the content. They can always plant some bugs on your computer or in your residence if they are curious about you. Companies like GOOG and FB I am pretty sure does traffic pattern analysis on their email/message traffic. None of you use Gmail or WhatsApp, right? /sc To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org To visit the archives: https://lists.linux-ottawa.org