• phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    204
    arrow-down
    2
    ·
    19 days ago

    The US Govt 5 years ago: e2e encryption is for terrorists. The govt should have backdoors.

    The US Govt now: Oh fuck, our back door got breached, everyone quick use e2e encryption asap!

    • theherk@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      ·
      19 days ago

      Different parts of the government. Both existed then and now. There has for a long time been a substantial portion of the government, especially defense and intelligence, that rely on encrypted comms and storage.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      11
      ·
      18 days ago

      More like 23 years ago when the Patriot Act was signed, and every time it has been re-authorized/renamed since. Every President since Bush Jr. is complicit, and I’m getting most of them in the previous 70-ish years (or more) wish they could’ve had that bill as well.

  • Maeve@kbin.earth
    link
    fedilink
    arrow-up
    165
    arrow-down
    3
    ·
    19 days ago

    Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who’d have thunk it? 🤦

    • rottingleaf@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      18 days ago

      They knew, they were putting backdoors when they needed them.

      Now the new administration will take half of the blame in public opinion (that’s how this works) and also half of the profits, so they won’t investigate too strictly those who’ve done such things.

      But also words don’t cost anything. They can afford to say the obvious after the deed has been done.

  • circuitfarmer@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    4
    ·
    19 days ago

    It’s probably also good practice to assume that not all encrypted apps are created equal, too. Google’s RCS messaging, for example, says “end-to-end encrypted”, which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.

    Start assuming every corporation is evil. At worst you lose some time getting educated on options.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      33
      arrow-down
      4
      ·
      19 days ago

      End to end is end to end. Its either “the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them” or it’s not.

      Signal is a more trustworthy org, but google isn’t going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          7
          ·
          edit-2
          19 days ago

          Thats a different tech. End to end is cut and dry how it works. If you do anything to data mine it, it’s not end to end anymore.

          Only the users involved in end to end can access the data in that chat. Everyone else sees encrypted data, i.e noise. If there are any backdoors or any methods to pull data out, you can’t bill it as end to end.

          • circuitfarmer@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            13
            arrow-down
            1
            ·
            19 days ago

            You are suggesting that “end-to-end” is some kind of legally codified phrase. It just isn’t. If Google were to steal data from a system claiming to be end-to-end encrypted, no one would be surprised.

            I think your point is: if that were the case, the messages wouldn’t have been end-to-end encrypted, by definition. Which is fine. I’m saying we shouldn’t trust a giant corporation making money off of selling personal data that it actually is end-to-end encrypted.

            By the same token, don’t trust Microsoft when they say Windows is secure.

            • mosiacmango@lemm.ee
              link
              fedilink
              English
              arrow-up
              11
              arrow-down
              7
              ·
              edit-2
              19 days ago

              Its a specific, technical phrase that means one thing only, and yes, googles RCS meets that standard:

              https://support.google.com/messages/answer/10262381?hl=en

              How end-to-end encryption works

              When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.

              The secret key is a number that’s:

              Created on your device and the device you message. It exists only on these two devices.

              Not shared with Google, anyone else, or other devices.

              Generated again for each message.

              Deleted from the sender’s device when the encrypted message is created, and deleted from the receiver’s device when the message is decrypted.

              Neither Google or other third parties can read end-to-end encrypted messages because they don’t have the key.

              They have more technical information here if you want to deep dive about the literal implementation.

              You shouldn’t trust any corporation, but needless FUD detracts from their actual issues.

              • circuitfarmer@lemmy.sdf.org
                link
                fedilink
                English
                arrow-up
                11
                arrow-down
                1
                ·
                19 days ago

                You are missing my point.

                I don’t deny the definition of E2EE. What I question is whether or not RCS does in fact meet the standard.

                You provided a link from Google itself as verification. That is… not useful.

                Has there been an independent audit on RCS? Why or why not?

                • mosiacmango@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  arrow-down
                  7
                  ·
                  edit-2
                  19 days ago

                  Not that I can find. Can you post Signals most recent independent audit?

                  Many of these orgs don’t post public audits like this. Its not common, even for the open source players like Signal.

                  What we do have is a megacorp stating its technical implementation extremely explicitly for a well defined security protocol, for a service meant to directly compete with iMessage. If they are violating that, it opens them up to huge legal liability and reputational harm. Neither of these is worth data mining this specific service.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                ·
                18 days ago

                Even if we assume they don’t have a backdoor (which is probably accurate), they can still exfiltrate any data they want through Google Play services after it’s decrypted.

                They’re an ad company, so they have a vested interest in doing that. So I don’t trust them. If they make it FOSS and not rely on Google Play services, I might trust them, but I’d probably use a fork instead.

          • micballin@lemmy.world
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            1
            ·
            19 days ago

            They can just claim archived or deleted messages don’t qualify for end to end encryption in their privacy policy or something equally vague. If they invent their own program they can invent the loophole on how the data is processed

            • cheesemoo@lemmy.world
              link
              fedilink
              English
              arrow-up
              11
              ·
              19 days ago

              Or the content is encrypted, but the metadata isn’t, so they can market to you based on who you talk to and what they buy, etc.

              • mosiacmango@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                19 days ago

                This part is likely, but not what we are talking about. Who you know and how you interact with them is separate from the fact that the content of the messages is not decryptable by anyone but the participants, by design. There is no “quasi” end to end. Its an either/or situation.

                • sugar_in_your_tea@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  18 days ago

                  It doesn’t matter if the content is encrypted in transit if Google can access the content in the app after decryption. That doesn’t violate E2EE, and they could easily exfiltrate the data though Google Play Services, which is a hard requirement.

                  I don’t trust them until the app is FOSS, doesn’t rely on Google Play Services, and is independently verified to not send data or metadata to their servers. Until then, I won’t use it.

              • rottingleaf@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                18 days ago

                Provided they have an open API and don’t ban alternative clients, one can make something kinda similar to TOR in this system, taking from the service provider the identities and channels between them.

                Meaning messages routed through a few hops over different users.

                Sadly for all these services to have open APIs, there needs to be force applied. And you can’t force someone far stronger than you and with the state on their side.

            • mosiacmango@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              edit-2
              19 days ago

              The messages are signed by cryptographic keys on the users phones that never leave the device. They are not decryptable in any way by google or anyone else. Thats the very nature of E2EE.

              How end-to-end encryption works

              When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.

              The secret key is a number that’s:

              Created on your device and the device you message. It exists only on these two devices.

              Not shared with Google, anyone else, or other devices.

              Generated again for each message.

              Deleted from the sender’s device when the encrypted message is created, and deleted from the receiver’s device when the message is decrypted.

              Neither Google or other third parties can read end-to-end encrypted messages because they don’t have the key.

              They cant fuck with it, at all, by design. That’s the whole point. Even if they created “archived” messages to datamine, all they would have is the noise.

            • circuitfarmer@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              19 days ago

              Exactly. We know corporations regularly use marketing and doublespeak to avoid the fact that they operate for their interests and their interests alone. Again, the interests of corporations are not altruistic, regardless of the imahe they may want to support.

              Why should we trust them to “innovate” without independent audit?

          • ITGuyLevi@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            17 days ago

            End to end doesn’t say anything about where keys are stored, it can be end to end encrypted and someone else have access to the keys.

      • zergtoshi@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        19 days ago

        Signal doesn’t harvest, use, sell meta data, Google may do that.
        E2E encryption doesn’t protect from that.
        Signal is orders of magnitude more trustworthy than Google in that regard.

        • renzev@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          19 days ago

          There’s also Session, a fork of Signal which claims that their decentralised protocol makes it impossible/very difficult for them to harvest metadata, even if they wanted to.Tho I personally can’t vouch for how accurate their claims are.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          18 days ago

          Agreed. That still doesnt mean google is not doing E2EE for its RCS service.

          Im not arguing Google is trustworthy or better than Signal. I’m arguing that E2EE has a specific meaning that most people in this thread do not appear to understand.

          • zergtoshi@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            18 days ago

            Sure!
            I was merely trying to raise awareness for the need to bring privacy protection to a level beyond E2EE, although E2EE is a very important and useful step.

      • MonkderVierte@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        19 days ago

        End to end matters, who has the key; you or the provider. And Google could still read your messages before they are encrypted.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          18 days ago

          You have the key, not the provider. They are explicit about this in the implementation.

          They can only read the messages before encryption if they are backdooring all android phones in an act of global sabotage. Pretty high consequences for soke low stakes data.

          • ITGuyLevi@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            17 days ago

            I’m pretty sure the key is stored on the device, which is backed up to Google. I cannot say for sure if they do or don’t backup your keyring, but I feel better not using it.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          18 days ago

          Yup, they can read anything you can, and send whatever part they want through Google Play services. I don’t trust them, so I don’t use Messenger or Play services on my GrapheneOS device.

      • renzev@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        19 days ago

        Of course our app is end-to-end encrypted! The ends being your device and our server, that is.

        • jagged_circle@feddit.nl
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          18 days ago

          That’s literally what zoom said early in the pandemic.

          Then all the business in the world gave them truck loads of money, the industry called them out on it, and they hired teams of cryptographers to build an actual e2ee system

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        18 days ago

        They do encrypt it and they likely dont send the messages unencrypted.

        Likely what’s happening is they’re extracting keywords to determine what you’re talking about (namely what products you might buy) on the device itself, and then uploading those categories (again, encrypted) up to their servers for storing and selling.

        This doesn’t invalidate their claim of e2ee and still lets them profit off of your data. If you want to avoid this, only install apps with open source clients.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          18 days ago

          E2EE means a 3rd party cant extract anything in the messages at all, by definition.

          If they are doing the above, it’s not E2EE, and they are liable for massive legal damages.

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            18 days ago

            Thats not what it means. It means that a third party cannot decrypt it on their servers.

            Of course if the “third party” is actually decrypting it on your device, then they can read the messages. I dont know why this is not clear to you.

    • kingthrillgore@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      18 days ago

      If its not Open Source and Audited yearly, its compromised. Your best option for secure comms is Signal and Matrix.

    • s_s@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      3
      ·
      18 days ago

      End-to-end encryption matters if your device isn’t actively trying to sabotage your privacy.

      If you run Android, Google is guilty of that.

      If you run Windows in a non-enterprise environment Microsoft is guilty of that.

      If you run iOS or MacOS, Apple is (very likely) guilty of that.

    • zergtoshi@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      edit-2
      19 days ago

      Yes, like Signal!
      Which does not only use end-to-end encryption for communication, but protects meta data as well:

      Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.

      Source: https://signal.org/blog/signal-is-expensive/

      I haven’t verified that claim investigating the source code, but I’m positive others have.

  • Lost_My_Mind@lemmy.world
    link
    fedilink
    English
    arrow-up
    61
    arrow-down
    1
    ·
    19 days ago

    Everybodies aunt at thanksgiving:

    “I should be fine. I only trust the facebook with my information. Oh, did I tell you? We have 33 more cousins we didn’t know about. I found out on 23andme.com. All of them want to borrow money.”

  • Obinice@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    2
    ·
    19 days ago

    Real encrypted apps, …or just the ones their own government can use to spy on them?

  • mox@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    37
    ·
    19 days ago

    End-to-end encryption is indispensable. Our legislators (no matter where we live) need to be made to understand this next time they try to outlaw it.

      • pdxfed@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        19 days ago

        “you wouldn’t put a dump truck full of movies on a snowy road without chains on the tires would you?”

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        18 days ago

        Ew.

        Think of it like this:

        • no encryption - sending a postcard
        • client to sever encryption - dropping off the postcard at the post office instead of the mailbox
        • end to end encryption - security envelope in the mailbox
        • read receipts - registered mail

        Hopefully you’re less wrong now Mr/Mrs legislator.

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    18 days ago

    On January 20th: The cyberattack is coming from inside the house!

    Dumbfuck and his cronies now have access to PRISM and ECHELON. Again.

    • overload@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      18 days ago

      I go one further and also use public/private key pairs that my acquaintances must use to decrypt the scrambled letters I mail them.

    • spyd3r@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      18 days ago

      I use some decoder ring I found in a cereal box, it’s totally secure.

      B̷̡̡̢̧̺̩̝̤̜̪̰͖̻̗͇͓͙͍̦̹̹͚̠̲͔͕̫̤͎̳̱̦̜̖̤͙̎͌͑̂̿̋͐͂̉͜͜͜ͅe̸̺̠̰̋̐͑͒͗͑̑͂̿͑͘͠͝ ̴̡̨̢̨̨̡̯̺̤̝͇̠̯͚͇̰͈͙͍͕̖͕͖̜̹̰̗͙̈̍̄͂́͜ṣ̵̡̞̰͎̝͙͚̘̞̓̊̿̂̉͐͐̐̀̍̂́͋̏́̚͘͠͠ư̴̧̧̨̧̝͙̰̗͓͉͚͇̻͇̝͖̞͙̤͙̞͔̯͈̙̗̰̖̺̼͕͇̗̂̎̐̅͊̔͋̄̿̅̎̍͂̏͘̚ͅṛ̶͙͙͚͖̭̆̄̎̔̾͛̏̈̽͌̎͋̿̈̌̃̃͑̑̏̐̽̎̉́̊̿̆̌̕͜͝͠e̵̛̝̱͓̐̂͊̀̓̑̈́̒̓́̂̿̒̒̔͌̆͌̎͆̓͂̂̏͆̑͜͝͝ ̶̧̧̳̮̬̤̱̯͚̜̜͔̞̰̠̼̩̘͖̹͕̥͔̰͎͖̩̠͇̭̭̺̮̔͊͛̉͐͗͛͌̓̂͐̇̔̑̓̐̇̀̅̿̿̃͛̈́̔̏͛̓͂̏̕̚̕͜͠͠ͅͅͅͅţ̵͔͂̋͌̋͊͗̇ơ̷̘̱͙̝͖͍̪̗̮̫͉͖̪͉̯͙͛̋̾̑͛̇́̑̒̓͐̀̇̓͒̾͛͆̾͗̒̕̚͘͜͝ ̶̧̡̢̭̥͚̱̲̮͙̠̼͉͖̞̩̞̰̠͍̭̭͖͖̻̜͖͇̬͎̮͙̦͗͌̈̌̍̔̋̔̈́̈́̃̍̓͌͒̉̓͐̓̏̓̃̇̅́̐̃̂̚̕͜͝͝d̸̢̨̢̧̢͔͚̼̩̮͖̭̥̮͓̭͇͖̞̰̞̰̋̓̊̈́̈̐̄̆͊̈͑̓̉͝͠ͅŗ̵̲͓̠̮͉̹͍̰̟̘̄̈́̈́̂̀̆͗̔̓̔̐̀̍̓̄̾̋͋̆̈́̓͐͊͒͋͂̓̽͌̂̊͂̔͋̓͌͐̈́̓͠͝ĩ̴̛̛̝̹͓͚̦̱̰̫̌̋͌̏̒́̇̂̅̎̄͒̏̎̈͊͊̽͘̕͜͝͝͝͠n̴̨̡̡̛͚͖̼̖̦͔̬̩̝̞͔̥͖̫̮͎̻͔̪͍͖̣̻̯͉̝̜͓̐̏̾̋̂͛́̍̄̿̔͛̉̾̏̆̍͋͒̂́̽̆͐̋̈͆̊̈̈́̽̔̏̏̎̕̚͘̚͠k̴̡̭̙̼̻̟͔̏̂ ̵̨͓̺̲͇͔̪͇͓̥̰͈̲͊́̂́͋̊̀̾̌͋̉͑̍̿̆̊͐͆̏̑̑͛̾̀̀̏͆̽́͝͠ỵ̶̡̝̺̙͇̪̮͚̣̓̍̐̄̉̇̀͋̔̀̂͒̾̋͘ǫ̴͇̝̤͕̮̺̦̼̪̯̟̼̳͙̼̃̈́́͗̓̊͑́̾̈́͘̕͜͝͠ͅͅų̷̢̛̭̟̭̖̟͇̪̦̪̳̯̟̬͉̬͉͎̫͎̮̜̠͔̝̜̭̪̤͆̆͋̉̆̓̽̋̀̆̌͝r̵̨̡̳͈̝͈̖͈̻̺̮͖̻͓͓͇̩͖̬̣̪͙̗̥̯̍̍͂͂́̑ͅ ̷̢̧̢̧̛̛̖̹͉̳͚̞̟̻̮̟͙̥̥͓͙̻̩̙̈̓͆͌̈́͊́̈́̎̑͗̑̆̀̈́͆̏ͅƠ̴̛̛̱̰̬̲̼̹̬̰̮͓̜̐̔̈́̾̓͆̔͂̂͂̂̓̏̾͐͌͘̕͘͝͝͝v̴̛̤̝̹͙̩͌̾̾̒͋͐͂̍̽̈́͛̎̆̋̓̔̀́̍͑͌͌͂͆̈̚̚̚͘͜͝͝ͅå̶̡̢̹̻͙͗͒̌̓̑̋̂̉̿̌̋͋̆͋͋̈́̋̎̀͝͝ĺ̶̡̨̨̨̛̻͙̘̖͍̥̝̺͔͙̱̼͙̱̀͌̃̍́͊̉͑̐ͅt̶̡̛͎͕̥͉̙̰̫̲̺̩̘̜̖͔̝̜̤̮͙̳̻̮̠̦́̌͌̍̑̃̿̔͒͗̑̏̎̿̉̀̀͊̽̃̽͌͆̏͗͗̋̈́̔̉́̒͗̑̊͜͝ͅį̴̡̢̡̪̥͉̩̯͎̩̤̺̙̩̳̘͓̣̮̰͔̯̘̰̖̪̻͉̣̖̬̩͉̦̃̂̍͜ͅͅņ̵̡̢̧̢̯̠͍͖͔̬̜̥̗̜͈̮͖̗̺̳̱̣̟̦̗͉̮̥̏̿͒̏͆̔̀͐̉̀͗͋͐͌͒̀́̿́͗͂́̏̂͊̑̅͝͝͝͝ȩ̶̨̡̨̫͉̱͉̦̫͇̪̼̰̺̩̘̼̬̝̘̥͖͎̬̺̀̓͋̄̂̉͝͝

  • A_A@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    19 days ago

    What i read [and corrected] from the article :

    “The hacking campaign [group], nicknamed [ by Microsoft ] Salt Typhoon by Microsoft,
    [ this actual campaign of attacks ] is one of the largest intelligence compromises in U.S. history, and not yet fully remediated. Officials in a press call Tuesday [ 2024-12-3 ] refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had previously told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.”

  • 2pt_perversion@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    19 days ago

    Hear me out, maybe we should update pots and sms to have optional end-to-end encryption for modern implementations as well…Optional as backwards compatible and clearly shown as unencrypted when used that way to be clear.

    • micballin@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      19 days ago

      Att won’t make money off that unless they offer it as a paid service. No reason to give that away for free and the other cell carriers can just pay off (bribe with campaign contributions) legislators to understand encryption is “too costly to implement at such a scale”

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      18 days ago

      You mean RCS?

      I’ll raise you one better: use Signal (or simplex.chat if you’re cool). Google and Apple control RCS, and carriers can still sniff metadata. Cut both groups out with a proper messenger.

  • treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    3
    ·
    19 days ago

    Guess that confirms that E2EE is effective against these backdoors.

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      18 days ago

      We’ve long had NSA slides that showed Tor and e2ee solutions as “disastrous” to their visibility.

  • futatorius@lemm.ee
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    18 days ago

    There’s been a lot of good research done lately on how to achieve trusted communication on untrusted platforms and over untrusted channels. Encryption is a big part of that.

    And there are a number of scenarios where the ISP creates a hostile environment without having been compromised by an external actor. A malicious government, for example, or an ISP wanting to exploit customer communications for commercial reasons.