Hear me out, maybe we should update pots and sms to have optional end-to-end encryption for modern implementations as well…Optional as backwards compatible and clearly shown as unencrypted when used that way to be clear.
From RFC 2804:
- The IETF believes that adding a requirement for wiretapping will make affected protocol designs considerably more complex. Experience has shown that complexity almost inevitably jeopardizes the security of communications even when it is not being tapped by any legal means; there are also obvious risks raised by having to protect the access to the wiretap. This is in conflict with the goal of freedom from security loopholes.
https://datatracker.ietf.org/doc/rfc2804/
This was written in 2000 in response to US government requests to add backdoors to voice-over-IP (VoIP) standards.
It was recognized 25 years ago that having tapping capabilities is fundamentally insecure.
You don’t need technical knowledge to see the problem.
If you live in an apartment and your landlord has a master key, then all an attacker needs to do is get that master key. In an apartment complex, maybe that’s okay because who’s going to break in to the landlord’s office? But on the internet, tons of people are trying to break in every day, and eventually someone will get the key.
Even for the landlord, I’d rather them have a copy of my key than a master key, because that way they’d need to steal my key specifically.
And I had one experience where our landlords attempted to rob us.
On January 20th: The cyberattack is coming from inside the house!
Dumbfuck and his cronies now have access to PRISM and ECHELON. Again.
What i read [and corrected] from the article :
“The hacking
campaign[group], nicknamed [ by Microsoft ] Salt Typhoonby Microsoft,
[ this actual campaign of attacks ] is one of the largest intelligence compromises in U.S. history, and not yet fully remediated. Officials in a press call Tuesday [ 2024-12-3 ] refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had previously told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.”Thanks I thought from reading this maybe Salt Typhoon was the codename for the next version of windows.
until the republicans ban them so they can find queer kids and pregnant people getting healthcare and people reading books
A good advice: start learning how to self host, specially a matrix instance.
How does that help me hook up on Grindr?
It let you send videos to someone over the grindr limit.
Please don’t ask how I know that grindr only let you send 10 short videos per day.
There’s no fediverse replacement for Grindr yet? I’m honestly surprised.
There should at least be an OSS one though right? Like an OpenGrindr? Or a LibreGrindr?
We were looking into federated+floss MatchGroup alternatives last week, and didn’t find much of anything.
Most compelling was that some people are using matrix spaces to facilitate dating/hookups, but I imagine those spaces have similar pitfalls to Discord “dating”.
Something akin to OkCupid back when it was owned by Humor Rainbow would be pretty popular, imo.
All that happens under Dems, too. Stop giving them a pass.
Yup. The Apple-FBI encryption dispute started under Obama, as did the Snowden leak.
Neither party is particularly pro-encryption, because governments in general see encryption by the public a hurdle for their operations (i.e. you don’t need encryption if you have nothing to hide).
Encryption isn’t a partisan issue, and my understanding is that both major parties suck about equally on this issue.
It’s a wonder they’re not also trying to outlaw printing presses at this point. They openly believe that we are not entitled to private conversations.
It seems we’re moving that direction. Physical media in video games is becoming less and less common, more and more stores are digital only (and Google made a deal w/ Mastercard to get that data), and ebooks are likely to overtake physical books in the near-ish future.
Guess where all that data ends up? The government can just pay retailers to get transaction data, so if the police wants to dig up dirt on you, it’s easier than ever.
That’s pretty messed up IMO, and I’m not happy with this trend given where privacy protections are at these days…
Yep. We need a very strict law to prevent the government from partnering with private companies to get around the fourth amendment. The third party doctrine has obliterated our privacy rights.
Agreed. If there’s anything we should collectively push for, it’s a constitutional recognition to a right to privacy. That’s what Roe v Wade was based on, and it was overturned because it wasn’t constitutionally defensible. The 4th amendment sadly isn’t sufficient, we need to take it a step further.
The Ninth Amendment, if actually followed, would put the burden on the government to prove that something was not a right, rather than just denying it because it wasn’t enumerated in the Constitution. The current Supreme Court has directly contradicted the Ninth by claiming that only enumerated rights are really rights. Except when they make up new ones like corporate personhood.
Dumb people are down voting you despite the fact that you’re 1000000% correct.
Leftists need to stop defending the Democratic party so hard, it’s making them look like neo liberals
Wait what? You know that leftists dislike Democrats, right?
Are you really not aware they are two different things?
You know that leftists dislike Democrats, right?
They’re classic Frienamies. Every two years, they hold their noses while screaming “I hate this! I hate this! I hate you all!” and pull the lever for the party. Then the party either wins, thanks to all the Michael Bloombergs and Liz Cheneys who guided the party successfully to the right. Or the party loses, thanks to all the civil rights activists and environmentalists and train lovers who made Whitey McDickweasel look like a Communist.
Leftists are the Dems’ most loyal voters and their most bitter enemies.
I’m aware yet I’ve been seeing so many so-called lefties going crazy for the DNC.
I think the desperation and need to defeat Trump has led to a lot of “blind acceptance” of Democrats
Leftists need to stop defending the Democratic party
The joke of it is you’re either with the Democratic Party or you’re a hyper-authoritarian anti-democratic Russia/China loving Tankie. You will eat your police state and you will like it, because otherwise the Bigger Fascists will win.
It’s just treated like team sports for so many people. It doesn’t matter what the team does, it’s offensive to them to criticize it at all.
Those downvoting need to learn about the PATRIOT act and FISA “courts”.
Those downvoting aren’t the type of people who enjoy challenging their worldview. That won’t look at shit.
Absolutely right. Their echo chamber is their safe space so don’t threaten it!
The Snowden leaks came out when Obama was president. Obama was the one who said, “The only people who don’t want to disclose the truth are people with something to hide”. The republicans and democrats are the same fucking people.
The republicans and democrats are the same fucking people.
In many cases, literally. From Michael Bloomberg and Liz Cheney to Donald Trump and Joe Manchin, the number of cross-overs and turn-coats who end up getting into leadership in their opponent’s parties is absolutely crazy. The Nixonian Southern Strategy did one thing brilliantly. It completely crossed the wires of the partisan voter for three generations to the benefit of the corporate oligarchs who get to play both ends against the middle.
It goes on long before that. The Dixiecrats were as conservative as the Republicans, and more racist than some Republicans.
All that happens under Dems, too
Fucking what? Which democrats are banning books and putting together lists of trans children?
And no, I’m not a fan of the DNC, I’m just not a fucking dishonest piece of shit.
Which Dems are stopping it?
End-to-end encryption is indispensable. Our legislators (no matter where we live) need to be made to understand this next time they try to outlaw it.
The same people who want to get rid of encryption
Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who’d have thunk it? 🤦
Guess that confirms that E2EE is effective against these backdoors.
We’ve long had NSA slides that showed Tor and e2ee solutions as “disastrous” to their visibility.
Like Signal?
No, BPs are a risk. Better to avoid apps that require phone numbers
Or alternatively, Molly
I read Molly is forked from Signal. Can I message Signal users from Molly, or do all parties need Molly?
Yes, like Signal!
Which does not only use end-to-end encryption for communication, but protects meta data as well:Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.
Source: https://signal.org/blog/signal-is-expensive/
I haven’t verified that claim investigating the source code, but I’m positive others have.
There’s been a lot of good research done lately on how to achieve trusted communication on untrusted platforms and over untrusted channels. Encryption is a big part of that.
And there are a number of scenarios where the ISP creates a hostile environment without having been compromised by an external actor. A malicious government, for example, or an ISP wanting to exploit customer communications for commercial reasons.
It’s probably also good practice to assume that not all encrypted apps are created equal, too. Google’s RCS messaging, for example, says “end-to-end encrypted”, which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.
Start assuming every corporation is evil. At worst you lose some time getting educated on options.
End-to-end encryption matters if your device isn’t actively trying to sabotage your privacy.
If you run Android, Google is guilty of that.
If you run Windows in a non-enterprise environment Microsoft is guilty of that.
If you run iOS or MacOS, Apple is (very likely) guilty of that.
RCS is an industry standard, not a Google thing.
End to end is end to end. Its either “the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them” or it’s not.
Signal is a more trustworthy org, but google isn’t going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.
End to end could still - especially with a company like Google - include data collection on the device. They could even “end to end” encrypt sending it to Google in the side channel. If you want to be generous, they would perform the aggregation in-device and don’t track the content verbatim, but the point stands: e2e is no guarantee of privacy. You have to also trust that the app itself isn’t recording metrics, and I absolutely do not trust Google to not do this.
They make so of their big money from profiling and ads. No way they’re not going to collect analytics. Heck, if you use the stock keyboard, that’s collecting analytics about the texts you’re typing into Signal, much less Google’s RCS.
You may be right for that particular instance, but I’d still argue caution is safer.
Signal doesn’t harvest, use, sell meta data, Google may do that.
E2E encryption doesn’t protect from that.
Signal is orders of magnitude more trustworthy than Google in that regard.Agreed. That still doesnt mean google is not doing E2EE for its RCS service.
Im not arguing Google is trustworthy or better than Signal. I’m arguing that E2EE has a specific meaning that most people in this thread do not appear to understand.
End to end matters, who has the key; you or the provider. And Google could still read your messages before they are encrypted.
You have the key, not the provider. They are explicit about this in the implementation.
They can only read the messages before encryption if they are backdooring all android phones in an act of global sabotage. Pretty high consequences for soke low stakes data.
Yup, they can read anything you can, and send whatever part they want through Google Play services. I don’t trust them, so I don’t use Messenger or Play services on my GrapheneOS device.
They do encrypt it and they likely dont send the messages unencrypted.
Likely what’s happening is they’re extracting keywords to determine what you’re talking about (namely what products you might buy) on the device itself, and then uploading those categories (again, encrypted) up to their servers for storing and selling.
This doesn’t invalidate their claim of e2ee and still lets them profit off of your data. If you want to avoid this, only install apps with open source clients.
E2EE means a 3rd party cant extract anything in the messages at all, by definition.
If they are doing the above, it’s not E2EE, and they are liable for massive legal damages.
Thats not what it means. It means that a third party cannot decrypt it on their servers.
Of course if the “third party” is actually decrypting it on your device, then they can read the messages. I dont know why this is not clear to you.
Note that it doesn’t mean metadata is encrypted. They may not know what you sent, but they may very well know you message your mum twice a day and who your close friends are that you message often, that kinda stuff. There’s a good bit you can do with metadata about messages combined with the data they gather through other services.
end to end is meaningless when the app scans your content and does whatever with it
For example, WhatsApp and their almost-mandatory “backup” feature.
Unless you’re Zoom and just blatantly lie lol
Well yeah, to use RCS on Android, you need to use Google’s Messenger app, so they can absolutely still get your data. Source from GrapheneOS.
I don’t use RCS because I refuse to use Google’s Messenger app. Simple as.
If its not Open Source and Audited yearly, its compromised. Your best option for secure comms is Signal and Matrix.
Sounds bad I guess, but the USA has been spying on us for a long time now. Is the bad part that it’s China?
When a whole nation’s communications are intercepted by another entity, yes, the bad part is that it’s another nation. Especially an adversarial one.
This is not about individuals’ personal privacy. It’s about things that happen at a much larger scale. For example, leverage for political influence, or leaking of sensitive info that sometimes finds its way into unsecured channels. Mass surveillance is powerful.
Bets on this being directly related to back doors that US spy agencies demand be installed?
RTFA
The third has been systems that telecommunications companies use in compliance with the Commission on Accreditation for Law Enforcement Agencies (CALEA), which allows law enforcement and intelligence agencies with court orders to track individuals’ communications. CALEA systems can include classified court orders from the Foreign Intelligence Surveillance Court, which processes some U.S. intelligence court orders.
Wouldn’t surprise me. “We’re doing this to be helpful to you!” is actually moustached disney villain behavior.
^ similar to the prisoners with cats gimmick. “look how nice we’re being to our prisoners” is actually “stop yelling at your bunkmate or we’ll take away your cat”
The US gov should provide us with their own encryption app to protect us and just have a backdoor only they can access so they can keep an eye on any baddies! #Igotnothingtohide #amiright #muricafuckyeah
Poe’s law?
Coles law
