At first glance, it’s hard to find common ground between the Raid cops and Geoffroy Roux of Bezieux, the head of Medef. Are they all great athletes? Do they share a certain penchant for order? It might be. They mostly adopted Olvid. A funny messaging service, unfairly misunderstood, that presents itself as the most secure solution on the market. Safe? Already because the messages are encrypted as well as the metadata. The app also collects a minimum of personal data. When downloading, the application does not ask you to fill in a phone number or email address, or name, or date of birth. In fact, Olvid does not have a central directory. “By downloading WhatsApp, you give access to your address book, which allows the application to detect users you know”, he explains. Thomas Baigneres, CEO of the company, from its Parisian premises. This directory of two billion people represents a huge security risk because it is impossible to secure such an infrastructure. »
Instead of a phone number, Olvid users must exchange a QR code and then a four-digit code to establish a chat channel. The easiest way is to scan this QR code on the other’s phone, to physically find your interlocutor. A unique operation that would almost make the user look like a secret agent. Why so much care to exchange banal messages? Why when you have WhatsApp and, a fortiori, nothing to be ashamed of, download an ultra-secure app? For Thomas Baignères, the answer is clear: “In real life, we don’t want us to listen to our conversations. Why would it be any different in the digital world? »
Post-Quantum Encryption Algorithms
Thomas Baignères is in his forties. He is French-Swiss, the son of a cultural journalist father in Figaro and a mother who is a conference interpreter at the European Parliament. She spent her childhood traveling to the four corners of the continent. Scientific preparation in Paris, before landing at the Polytechnic School of Lausanne. After years of hard work, a regular professor introduces you to the sweet world of cryptography. It is decided, Thomas Baignères will be a researcher in this field. “I was working on the ability to quantitatively prove the secret-key encryption algorithm,” he gleefully slips away. We’re lost.
One day he walks into his office Matthew Finiasz, a normal young man specializing in “post-quantum cryptography algorithms”. Immediate agreement. “I explained to him what I did for 3 years. He figured it all out in 2 days. “Together, they will write many investigative articles, before Thomas Baignères makes a detour to Brussels, where he has been, for more than a year, the “Mister crypto” of the Belgian State. The two friends meet in Paris at the same cryptology consulting firm. They are invited to do a study on consumer messages. They discover that WhatsApp, Signal or Telegram use a central directory to connect users. What if they could do the opposite?
At first, they did it just for fun: “We thought it wasn’t hard to do better. Well, it took us three years…” In addition to the technical complexities, it was difficult to find an economic model, as the project became serious. “All the business models for these apps are based on mining data. So we went to see potential investors, explaining that our entire system was precisely for not exploiting data… Knowing that, in addition, there are already 150 messaging services…” They received some provocations and countless rejections. “I’ve been told many times that we could just make a small encryption engine. “You will resell it for 40,000 euros to Thales, you will be very happy. And then you will do real work. »
” We are the best “
Four years after its launch, Olvid has still managed to attract around 100,000 regular users, who are divided into two very different audiences. On one side, the ayatollahs of digital security. If they opt for Olvid, it is also a French solution, when WhatsApp belongs to the American Meta and Telegram to two Russian brothers, even though they are Putin’s opponents. On the other, the “good parents”, who use Olvid as a family messenger, less viral than WhatsApp and its dozens of unwanted notifications. Olvid is also a good tool for very young users. Your parents can make sure their kids don’t come into contact with the first stranger. And then the photos are not compressed. Who said it best?
But the problem is that the user is completely alone after downloading the application. It was up to him to look for his interlocutors and, therefore, undertake the tedious work of evangelization. For its part, Olvid does not hesitate to qualify itself as “the safest mail service in the world”, in order to attract customers. A controversial argument in the world of cybersecurity. “We must salute his initiative to create a sovereign messaging system, with floor-to-ceiling control, applauds ethical hacker Baptiste Robert. But be careful with this communication that aims to inflate the trunk, saying “we are the best”. There is no app that cannot be hacked, so there is no app that is the best in the world. »
The start-up is still experiencing strong growth. It now has 15 employees but new needs are being felt. “We code all the time, at night, even on weekends”, breathes Thomas Baignères. The goal ? Improving the application’s graphics, still quite simplistic, due to the recognition of its designers. And add new features. Ephemeral messages arrived recently. Video calls are still missing (coming soon), while audio calls remain charged. Eventually, they should no longer be, when Olvid manages to reach a certain financial breakeven, which should be based on paid use of the application by companies.
But the requirement to scan a QR code remains an obstacle to the company’s development. Thomas Baignères, for his part, prefers to see him as an asset. “This is also what users are looking for,” he insists. “Slow technology” messaging, which would prioritize safety over virality. Approves ? Like any messaging system, Olvid must respond to legal requests, for example if investigators find the application on a drug dealer’s laptop. But the amount of information that society can provide remains very scarce. “We can see the size of a message and have access to the IP address of a possible recipient. ” That’s all. Does this mean that Olvid would play into the hands of the criminals? “The traffickers don’t need us. They already have their solution internally”, believes Thomas Baignères. A reference to Encrochat or Sky ECC, two messaging services used, among others, by drug trafficking bosses and… infiltrated in recent years by the European police.