First of all, the notion that any HTTPS/SSL content can’t be eavesdropped on by your ISP, etc is wrong. Some standards are safe (TLS with Diffie-Hellman) while other like RC4 are not.
Regarding Viber, they (allegedly) us a proper End-To-End-Encryption, which should make eavesdropping near impossible, however as their source code isn’t open, this can hardly be verified.
OK. Do you think if messages are encrypted, that contacts of participants are also encrypted?
I know there cant be given definitive answer, because their code isn’t open source, just what is your assumption? Can you find out some information about this problem from their white paper? lets assume everything what they state in that paper is true. In that case can you tell are contacts encrypted or not?
What I have in mind is under normal circumstances, without additional effort on ISP side, as if they are not using some advanced tools for decryption, virus, etc.
I for one do not even consider bothering to research proprietary solutions for gaining security or privacy.
Yes. Note, that ISP can see how much traffic flows, when and which destinations you are talking to. So when posting into lets say a https forum, it should not be hard to correlate whom is posting at which time. [That’s one reason for Tor.]
Depends on if connections are always routed through the central server or if (perhaps one day after an automatic update) also peer to peer connections are established.
I already stated that I know Viber isnt best solution but I need to use it, I cant choose another messenger. we dont have ideal conditions.
You dont know the answer and speaking from the top of your head.
I only asked “can ISP see my contacts or not?” if someone knows I would appreciate.
I am only concerned about “average” local ISP. I know that powerful governmental agencies can eavesdrop almost anything.
It escapes me why you insist on asking us questions we don’t have answers for and can’t even if we cared.
We don’t know what cross jurisdictional agreements your government has with Viber. We don’t know if your government has attacked Viber servers and is monitoring everything from there. We don’t know what surveillance capabilities your government has.
We don’t know how shitty their closed crypto implementation is or if it can be decrypted on the fly by your ISP. If you care about the ISP and not the government then switch to another ISP.
Perhaps if your threat model includes keeping your little sister or neighbor from listening in it might be relevant - but so far your choice of communication doesn’t hold up against anyone we care about protecting against.
I already stated that I know Viber isn’t best solution but I need to use it, I cant choose another messenger. we don’t have ideal conditions.
Well to that I can shrug my shoulders and say you are “shit outta luck”. Please direct future inquiries to Viber support forums.
You shouldnt write if you obviuously don’t know the answer and not interested in subject. Since you dont know, and didnt even read their white paper or look in the problem you cant claim anything. You ony read the title. Still, it is from the top of your head and nothing more than that.
You should not speak in the name of all members, if someone knows he can answer if don’t he will skip this question.
I wrote specifically what I am interesting about, this is just stupid. Since you are just a time wasting fagot, I will not come to this topic again.
You shouldn’t ask if you aren’t interested in getting an objectively correct answer because you don’t enjoy what it is.
Also, what are we supposed to do?
What white paper? Could you link to one? Since currently there isn’t one. They don’t provide any information other than that “Encryption Overview” which includes no usable information and ISN’T what usually would be defined as a white paper. The information in said “Encryption Overview” is so simple and doesn’t include some necessary key points to even make an half-educated guess to what the answer to your question “can the ISP see who I communicate with” is.
So, in conclusion, the answer by @HulaHoop is correct. There is no information which could be used to even fabricate being protected from ISP based surveillance.
Also, this is a forum mainly created to discuss Whonix related “things”, so we can’t give you information we don’t have regarding a project we don’t manage. Your best bet would be asking their customer support though I doubt their representatives are willing or even capable to provide you with a more thorough anwer. You may contact them here: https://support.viber.com/customer/portal/emails/new
anon556 is standing in front of a giant growling rottweiler with teeth bared.
anon556 asks: Will it hurt me if he hits me with his stubby tail?
HulaHoop: Uhh, that dog has some really sharp teeth…
anon556: I asked about his tail. You obviously don’t know anything about his tail. Go away.
Meaning you are plotting the overthrow of the CCP? or you’re a drug dealer? or a student? or someone who likes pretending to be concerned about security? living in a Western nation with a strong legal system that’s sometimes bypassed? or in a corrupt banana republic?
I would assume that they are lying and that their “white paper” is complete bullshit. For example,
Viber’s protocol uses the same concepts of the “double ratchet” protocol used in Open Whisper Systems Signal application, however, Viber’s implementation was developed from scratch and does not share Signal’s source code.
Uhh, why would they develop “from scratch” an open source implementation that has received strong marks from auditors and reviewers? And who has reviewed Viber’s implementation. Right, nobody.
Oh, ok then. In that case, this is all they say about it:
In order to establish a session with a different account, the device
(“Alice”) wishing to establish a session with a peer (“Bob”) sends a
query to the Viber server with the recipient’s phone number.
Might be encrypted, or cleartext - or maybe they just add a 1 to each digit and hope no one notices…
You are being forced to use Viber.
You don’t trust your ISP.
You don’t care about any other risks.
Instead of trying to convince yourself that Viber is a cryptographically-gifted Savior that’s done everything right, just assume the worst and tunnel through your ISP. Tor, VPN, SSH, lots of options.
