Thanks Katrin and Talmon,
Voice may or may not pass through our servers (depending on network
conditions). Voice is scrambled, but not encrypted. So someone who
manages to capture the voice packets going between users may, in
theory be able to access the audio. They will need a good
understanding of what we do, but theoretically, it's possible.
Unfortunately then, Amin's question is answered -- as long as Viber relies
on the obscurity of their transport encoding, rather than real encryption,
the application is unsafe for places where communications are surveilled.
Certainly it may be difficult at first, however, Amin, Eric and others have
proven that there is a market flush with cash for a
sufficiently motivated actor to reverse engineer the application.
Cordially,
Collin
On Fri, Sep 21, 2012 at 1:01 PM, Katrin Verclas kat...@mobileactive.orgwrote:
Thanks, Talmon, for replying.
This leaves a lot of questions open, unfortunately. There is a lengthy
thread on Viber security on the Stanford University Liberation Technology
list with a number of security experts, so copying your response to the
list.
Regards,
Katrin
On Sep 21, 2012, at 12:37 PM, Talmon Marco wrote:
Dear Katrin,
My name is Talmon Marco and I am Viber's CEO. The question you sent to
our Privacy/Support team was brought to my attention.
Generally speaking, absent physical or software access to the device
message sent via Viber should be considered secured and fully
encrypted between the user and the server. That means that Viber has
the technical capability to access messages. To date, we have never
done this, but this is something that could be developed.
Voice may or may not pass through our servers (depending on network
conditions). Voice is scrambled, but not encrypted. So someone who
manages to capture the voice packets going between users may, in
theory be able to access the audio. They will need a good
understanding of what we do, but theoretically, it's possible.
Identity, login, etc. are fully encrypted, protected by secret keys
and all the other right things. However, if you are using an Irani
phone number as your ID, it stands to reason that Irani government
could register the same number and access the activation SMS. You may
want to register using a non Irani number - pinger, for example, gives
away free US numbers.
As for warrants, we generally accept warrants but only from countries
where we believe due process exists. Iran does not fall under this
category and as such we will not be accepting warrants issued by Iran.
I hope this addresses your question.
Kind Regards,
Talmon
---
Talmon Marco, CEO
Viber Media, Inc.
Sent from my Phone
Katrin Verclas
MobileActive.org
kat...@mobileactive.org
skype/twitter: katrinskaya
(347) 281-7191
A global network of people using mobile technology for social impact
http://mobileactive.org
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech