How is Gruveo Secure?
Update August 15, 2014: The below post applies to an earlier version of Gruveo that used Flash. Click here for a detailed review of the current version's security.
2013 has brought revelations about the massive scale of US surveillance on Internet communications. People all over the world learned that most of their Internet activities are routinely logged, recorded and analyzed. In light of these revelations, we at Gruveo feel that it’s our duty to explain to our users how their calls are protected and what mechanisms we use to ensure the security of their Gruveo communications.
The first thing to note is that wherever possible, all Gruveo calls are established using the so-called peer-to-peer (P2P) technology where data flows directly between the users’ computers. Almost by definition, the absence of a middle point relaying your calls means that it’s harder for a third party to intercept them.
Whether a call is established using P2P is determined by the firewall configuration of the particular pair of users. If a call cannot be established via P2P, it is relayed using our secure servers. Gruveo is quite good in “piercing” firewalls to establish P2P calls, however: 63.1% of the past month’s calls were established over peer-to-peer.
The decentralization brought by peer-to-peer is just part of the story. No matter if your call is established via P2P or not, it is encrypted end to end as part of the RTMFP protocol (P2P), or RTMPS/RTMPTS (non-P2P). In RTMFP, all network traffic is encrypted using 128-bit cipher. RTMPS/RTMPTS rely on the industry-standard SSL standard for traffic encryption.
Last but not least, given how Gruveo connects users, isn’t it possible that someone else can connect to your call just by accidentally entering the same number while you’re talking to somebody? The answer is no – once a Gruveo call is established, it is “sealed” and anyone entering the same number will create a new session just as if your call didn’t exist.
We hope that this answers the important questions you might have about the security of your Gruveo calls. Don’t hesitate to head off to the FAQ and our privacy policy for more information, or drop us a line with any further inquiries!
Gruveo August Update
We have just rolled out an important update to Gruveo that focuses on improving call stability and quality. You will automatically enjoy this latest version of Gruveo the next time you log on to www.gruveo.com. However, if that doesn't happen and you start experiencing issues establishing calls, just clear your browser's cache and restart your browser.
Linux Love!
Some of our users have been reporting connection problems on Linux. When making a call, Gruveo would say “Connecting…” and then return to the home screen. Further investigation showed that this was caused by a pesky bug in Flash Player for Linux that prevented Gruveo from establishing a secure connection.
This past week, our team has coded around the bug so now you can make instant, secure video calls with Gruveo on Linux, too. All you have to do is clear your browser’s cache and reload the Gruveo homepage.
Even Quicker Calls with Gruveo-Generated Random Numbers
One way of using Gruveo to establish a quick video call is to type in some random number, start the call and then pass the direct link to the other party. If that’s how you do it and you don’t care about the particular number used, you can make the whole process even quicker.
Here’s the secret: If you leave the “Number” field empty, Gruveo will generate a random 7-digit number for you. So all you really have to do is go to www.gruveo.com, click “Video call” or “Voice call”, and give the other person the direct link to connect. Now, can it get easier than that?