French government recommends against using foreign chat apps and use open source Olvid instead

French flag flying on a flag pole with blue sky behind it

Well, this is interesting! The move by France in this direction is not new at all as in 2018 they announced they were moving towards using Matrix and Riot to replace WhatsApp and Telegram, and then in 2020 they announced they would roll out their in-house developed messaging service called Tchap (based on Matrix protocol). In February 2020, the Tchap service had 80,000 users in the French public administration.

What is new, though, is a seemingly complete move away from self-hosting of Matrix servers with Tchap, to Olvid.

Olvid is also open source and E2EE, uses a decentralized infrastructure, and doesn’t require a phone number or any other personal data for registration. Hence, it is seen as a more trustworthy option that includes all the key features of its more renowned and widely used competitors.

Security comparisons between Olvid and other messaging apps may be rendered moot due to Olvid’s unique distinction of having ANSII (France’s national cybersecurity agency) “first-level security certification.”

This certification involves a thorough examination of the app’s source code by the state’s experts, and none of the other mainstream apps mentioned in this post have undergone the stringent evaluation process.

So, although Signal is secure, it still requires phone numbers, and France is not controlling the hosting.

Too many countries are still dependent on US technology or hosting, and as we’ve seen before in the UK and Germany, you can’t unfortunately trust even your allies not to spy on you. France is therefore to be admired for taking accountability over their own security and privacy.

But like with anything that is not WhatsApp, Telegram or Signal, there is always going to be a major struggle to get broad adoption. WhatsApp, Signal and Telegram are popular because they require phone numbers to register, and that helps everyone find their friends and contacts easily. But any government can of course call the shots as to what software is installed on their official phones. It just depends on whether a phone is deemed official or private.

The Olvid website also has a link to a technical paper about how the protocol actually works.


EDIT: 2 Dec 2023: Should note though, their server side is not yet open source, so right now it is not yet decentralised now able to be self-hosted.