Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.

Frequently Asked Questions

Privus® is a Swiss-based company, born out of our experience in real world digital surveillance and the urgent need to bring privacy back under the control of the individual.

Article 12 of the Universal Declaration of Human Rights states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence”. The right to privacy is one of our fundamental human rights, and reflects one of our principal concerns in both our personal and professional capacities. Privacy, however, has become an illusion in the digital age.

As digital communications increasingly permeate every aspect of our lives, the focus of digital surveillance for political, security, economic and criminal motives has become the individual and his smartphone. Everyone's digital communications are systematically monitored worldwide. Criminal hacking, identity theft, and corporate espionage are becoming increasingly common, especially as the technology has evolved to lower the costs and skills required to undertake such digital intrusions into our privacy.

The only effective protection against these threats is through the type of end-to-end encryption that we employ at Privus®.

All our solutions have been developed to protect our clients’ communications against a wide range of attacks ranging from illegal digital surveillance and industrial espionage to sophisticated dragnet interception.

Recent leaks of internal NSA documents in German newspapers clearly state that the type of encryption we use is classified by NSA as “catastrophic”. Mathematically, with the computational power currently and foreseeably available worldwide, under ideal conditions our encryption algorithms would take 9x1040 billion years to crack.

We are very confident even the NSA would not be able to decrypt our secure communications, as they described the protocol we use as "catastrophic". Nonetheless, it is impossible to offer 100% protection against a targeted effort by an agency like NSA. Anyone who tells you their service is 100% NSA proof is simply lying.

Although our encryption is effectively uncrackable, as we protect your digital communications using the strongest encryption possible, there is a limit to what we can do. Ultimately, security also lies in the hands of each individual.

Privus® does not protect against:

  • Talking loudly in a crowded place. As strong as our encryption is, it won’t protect you from casual eavesdroppers sitting beside you;
  • Improper use of our applications. Always make sure that you are indeed using our application and check that the screen confirms the call is secure before starting any sensitive conversation;
  • Trojans, viruses or other malware that may infect your smartphone, tablet or computer. Privus does detect if your device has been rooted or jailbroken and we warn you if we find anything suspicious, but complete endpoint protection is very difficult and falls outside our scope.
  • A targeted intrusion from a powerful adversary with the necessary sophistication and resources to gain physical control over your device.

Open source software is simply software where the code is available for review.

This is a crucial and defining characteristic of our business model. Many cybersecurity solutions are built on proprietary software, which can, and usually do, hide a number of weaknesses such as “backdoors” and other vulnerabilities.

In our case, our code can be scrutinized to ensure that it contains no vulnerabilities and is encrypting the data properly and as promised. Privus® relies on open source software for its applications as well as on its secure network to ensure the protection of our clients’ privacy. This is why we chose linphone (one of the first linuxphone open source SIP stacks) as the building block for SecurLine, and we regularly conduct external whitebox security audits to ensure it is secure.

No. The SecurLine app and the underlying network are proprietary. Our SecurLine code, however, is based on open source encryption libraries, which are available to anyone. Nonetheless, we will allow clients to access and verify our full source code.

Privacy and security are our core business and our experienced team knows what works in the real world.

We use open source software that has been tested and reviewed by thousands of the world’s best cryptographers and adopted by the most demanding users, including governments for top-level security communications.

An independent security audit, by a well respected company, has been undertaken on all our code and cloud infrastructure for SecurLine, which we can provide to our clients.

Furthermore, we encourage clients that have the requisite technical skills to verify our claims themselves.

"Military grade" is not an official designation. It is a concept commonly used to describe certain types of encryption considered sufficiently robust to be used by the military for its highly sensitive communications. Our encryption is indeed employed by military services and intelligence agencies worldwide.

We use the ZRTP protocol to negotiate new, ephemeral session keys, only on the client's device, for each phone call, and we use the AES cipher with 256 bit key sizes. This is the same cipher and key size that the US government itself requires its agencies to use to protect its own Top Secret communications (the highest level of security).Furthermore, we employ classic 3072 bits Diffie-Hellman key negotiation instead of the newer trend towards elliptic curve. This is a deliberately conservative choice on our part since we believe elliptic curve crypto is still too untested and dependent on choosing a safe curve. Recent revelations about backdoored algorithms seem to warrant our cautious approach.

Notwithstanding the complex and lengthy path to the development of a fully-functioning, quantum-based computer, these are expected, at least in theory, to solve certain problems significantly more quickly than existing classical computers. Privus, however, uses encryption algorithms and key negotiation protocols which are considered quantum resistant; even quantum computers would have a hard time with our existing encryption, but the truth is that no one really knows the real impact quantum computers will have on cryptography, and we assume that if/when they become reality there will also be new quantum resistant algorithms which we can then adopt

As we are firm believers in using tried-and-tested technology that has withstood intense scrutiny from the international cryptographic community, we are not tied down to any specific cryptographic primitives and are able to substitute our existing encryption with newer standards as they become available and prove themselves trustworthy.

Quantum Computers (QC) will be able to break most existing encryption schemes used today, but it is false that QC will break all encryption. Some mathematical problems, like factoring large primes - which is the basis of most asymmetric encryption schemes like PKI that underpin internet security, will be easily solved by QC, thus breaking the encryption. Other types of mathematical problems will continue to be safe against QC. Symmetric ciphers like AES, which we employ in SecurLine, are quantum resistant. One category of mathematical problems specially vulnerable to QC is Elliptic Curve Cryptography (ECC). Most cryptologists agree that ECC will fall instantly to QC, which is quite worrying considering most of the encryption used in today's internet is based on ECC... At Privus we are paranoid by design and like to err on the side of caution which is why we don't use any ECC in SecurLine. Instead, the ZRTP protocol we use in SecurLine is based on the original zfone project and employs a feature called self-healing and key continuity. This means that even if the classic Diffie-Hellman 3072 bit key negotiation we use to establish a symmetric AES256 session key for each call is one day broken by quantum computers, the call would still not be decrypted because of the extra initial secret that's mixed in to establish a new session key for each call. This is not a perfect solution but it is a powerful method to protect current client communications against QC while we await the emergence of tried and tested post-quantum encryption schemes.

When you dial a SecurLine number, after the other side answers the call, you will have to wait a few seconds while the ephemeral encryption key is negotiated between the 2 devices. Once the key is exchanged you will hear the other side (if the key can't be negotiated for some reason you will hear no audio at all) and you will see a green padlock around the avatar on your screen indicating the call is secure.

A yellow padlock indicates an encrypted call which has not yet been authenticated through an authentication check (it is still encrypted, just not yet authenticated).

This authentication check is done by verifying the two code words that will appear on your screen during your first call with a new device. You should both read aloud these two words to each other. If they match click Accept and you're done. The padlock should now turn green and you don't have to perform this authentication any longer in future calls between the 2 phones. This one-time only authentication check is needed to protect against a fairly unlikely but very sophisticated attack. Please note you'll have to perform this authentication check at least once before exchanging messages or pictures

To undertake an authentication check at any time, simply press the yellow or green padlock during your call and two randomly generated words will pop-up again on your screen. If you ever encounter a situation where the 2 code words do not match, hang up the call immediately and contact us.

Of course. The right to privacy is enshrined in article 12 of the Declaration of Human Rights and is a basic human right in any democracy. Furthermore, our Terms of Service clearly state that services will be terminated if used with any unlawful or criminal intent.

We are a Swiss company located in Zug. We believe that Swiss privacy laws are an important additional layer of protection for our clients' privacy.

No. Our technology has been developed for those who require absolute privacy and the need for secure communications. Typically, we cater to government entities, businesses, national and international institutions and select individuals, usually through their agents or family offices.

We do not offer our services anonymously to anyone. All our clients are known to us and are required to go through a KYC process before using our services.

In keeping with our philosophy, we log the absolute minimum information needed to protect our network and our clients.

We are fully compliant with Swiss law and we are currently logging metadata information for six months, after which we delete the log files definitively.
For more information please see our privacy policy.

We have applied our encryption technology and built our operating infrastructure from the ground up on the premise that we need to deliver the most secure and private solutions for our clients worldwide.

The logs we keep for legal reasons only include metadata. Our services are encrypted peer-to-peer, with encryption keys generated exclusively on the clients’ smartphones, so we have no access to or knowledge of our clients’ communications or their encryption keys.

Our services work anywhere in the World where there is a suitable Internet connection.

The General Data Protection Regulation ("GDPR") is an EU-wide regulation that comes into effect in May 2018, to unify existing regulation across the EU and to strengthen the rights of individuals within the EU over their personal data, regardless of where the company is actually located. This means that even non EU companies are subject to GDPR as long as they collect any data from EU citizens.

Among other measures, GDPR establishes an individual's right to request the erasure and transfer of personal data, and the requirement for business processes for products and services to be private by design as well as by default.

Any company in breach of GDPR can be fined up to 4% of its global annual turnover.

Because privacy is the essence of what we do, all our business processes and everything we design has privacy at its core. In addition to our solutions, which are both private and secure by design and by default, we work on the basis of a zero-knowledge architecture, which collects no personal data from our clients. So yes, we are and were compliant with GDPR even before its existence.

Our HD audio and video quality is far superior to regular PSTN or GSM phones.
The quality of the call, however, depends greatly on the speed and quality of the internet connection of each call participant.

Not in our cloud solution. For security reasons, our network is completely separate from the standard telephone network. As such, you can only make and receive calls to other Privus® subscribers within our network. This also means you cannot call the emergency services numbers from the Privus® network.

SecurLine is a smartphone application, however, and does not interfere with the normal use of your mobile phone

How can I obtain more information or support?

Contact us through our website or through your assigned customer service representative.