Five letters for a small digital revolution: Olvid. Friday December 8 “at the latest”, confidential professional conversations of ministers and cabinet members must go through this secure French messaging service. “The main instant messaging applications for the general public (WhatsApp, Messenger, Telegram, Signal, etc.) occupy a growing place in our communications but are not devoid of security vulnerabilities,” motivated a circular dated November 22, spotted by Point.
Olvid, this free messaging service born in 2019 from the minds of cryptography doctors, attracts 100,000 active users. Far from the behemoths WhatsApp (2 billion users) and Messenger (930 million). But the French start-up says it has identified the weakness of its competitors: cybersecurity.
“The security chosen by the big couriers does not suit us. They force users to trust a centralized directory. This approach is dangerous, judges Thomas Baignières, one of the four co-founders of Olvid. This involves two actions: being forced to collect user data, and creating a single point of weakness. All you have to do is attack this to jeopardize the security of all users. »
“High-level” confidentiality guarantees
After diagnosis, action. To access Olvid, you do not need to enter your phone number or email. The solution does not suck up your numbers, adding a contact is done via a QR code. “The application offers high-level guarantees of confidentiality and total anonymity,” says Loïc Guézo, cybersecurity expert, vice-president of Clusif, himself a messaging user. The system is designed in a decentralized way, which complicates the task of hackers. »
Before seducing the government, the model convinced the National Information Systems Security Agency (Annsi) three years ago by being the only messaging service to obtain top-level security certification. “The other messaging services have not asked to be evaluated because they do not want to reveal their internal workings,” explains Gérôme Billois, cybersecurity expert at Wavestone. Olvid has, on the contrary, demonstrated transparency. »
“It’s normal not to have heard about it”
An attitude which has also convinced large groups like Sopra-Stéria or Capgemini to use messaging services, “in particular to secure the Comex”, or in the event of “crisis management”, messaging continuing to operate “even when the rest is attacked” according to Thomas Baignières. “We do end-to-end encryption, but we also provide authentication. Each user has the guarantee that when their message goes out, it goes to the person they have in mind,” specifies the co-founder of the start-up.
Still unknown to the general public, messaging will also have to face a new challenge: popularity, i.e. a sudden increase in the number of users. With a precedent, which is intended to be reassuring: the change in the conditions of WhatsApp users, in 2021.
An issue of sovereignty
“In two weeks, the number of registrations exploded, and it held up. Since our launch, we have not had a second of downtime in the servers,” assures Thomas Baignières. “It’s normal not to have heard of this messaging when you’re not a cybersecurity specialist,” says Loïc Guézo. It is not intended to accumulate as many users as possible, its model is rather geared towards businesses. »
After the ban on the Chinese giant TikTok for civil servants, the French government wants to regain control and move towards “greater French sovereignty on the subject”. And the nationality of the messaging necessarily plays a role. “The fact that the company is French allows us to have confidence when we deal with sensitive subjects,” judges Gérôme Billois.
“We know that being a French company is used politically,” recognizes Thomas Baignières, “before hammering home its objective: sovereignty for each user over their personal data… No matter the nationality.