3 weeks ago we have launched e2e (end-to-end) encryption in selected countries. I am happy to say that the implementation is working successfully and today we are enabling three more countries – Canada, Germany & Australia.
In case you wondered why we are adding countries gradually instead of all at once, because we are committed to the hundreds of millions of Viber users worldwide and we want their Viber experience to be as smooth as possible, therefore when rolling out such a big change we first want to collect feedback.
One important thing to note is that since Viber does not store your messages, in case you have been enabled for e2e encryption, you might see that some of your messages are not fully synced between different devices (e.g. mobile and desktop) until you login to Viber in each device, this is because all devices need to get the encryption keys in order to decrypt your messages.
One of the things we’ve learned during this release is that more people have a smartphone with a broken camera than we thought 🙂 since the super secure version of Viber requires users to scan a QR code in order to use Viber on Desktop, we’ve received many reports of users that can’t scan the code since their phone camera doesn’t work – so we’ve added an option to scan with the front camera and additional option to authenticate by sending yourself the code via email.
Today we are also publishing an encryption overview (“white paper”) that describes the implementation of our encryption solution, we are doing this to be transparent and since we believe this can help us to keep improving by receiving inputs from the community. The document was written by the engineers that worked on this project – and it has a lot of technical lingo that is mostly relevant for developers and security expects.
In addition, we are also going through an external audit to make sure that your messages and calls are as secure as they can be – something we are committed to keep doing periodically.
One feedback we have received since the release refers to the fact that we have an on/off switch for e2e encryption. The reason for implementing such a switch is (1) to enable gradual roll-out of the feature and (2) in case something goes wrong (an issue affecting the service) to be able to roll-back the change. Please note that in case e2e encryption is not enabled for you, you will not see the “padlock icon” on your text input field or on your call screen.