Coviu – a technical deep dive for our security conscious clients

In April 2020, in light of the Covid-19 driven increase in telehealth services being offered, the Australian Psychological Society conducted a review of the main video teleconferencing platforms available to practitioners. The full report can be found here.

The Coviu relevant results can be found below. Note, those coloured blue are deemed the most secure.

Coviu leverages the WebRTC video conferencing protocol. WebRTC video technology is the jewel in the HTML5 video conferencing crown. Sessions are fully encrypted, run entirely within the browser and can be accessed by any modern device including desktops, laptops, tablets and smartphones.

WebRTC is the most secure video technology available today.

All communication between Coviu servers and Coviu users are encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher 128-bit encryption (AES_128_GCM). This includes any signalling data.

Within a Coviu call, all data, video and audio that is exchanged is encrypted using DTLS-SRTP between the participants.

Coviu only stores user signup information – none of the data that is exchanged in a video call is saved. User signup data is stored in AWS in Sydney.

Coviu does not store the identities of a guest user – the snapshot and name is only taken to identify a clilent to the Karepsych psychologist so they can more easily decide to allow a client into the call.

None of the audio, video or data exchanged in a Coviu call is stored by Coviu. Specifically, Coviu does not store any clinical information that is exchanged in a call. All of the video, audio or shared documents in a call are transmitted peer-to-peer only, are fully encrypted and cannot be listened into by anyone except for the call participants. That data does not even reach Coviu storage servers.