Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
Yet another reason why your private messages should be stored on a server you control or e2ee (ideally, both): it's likely the pseudonyms and accounts you use can be linked back to your IRL identity... and sold to anyone willing to pay
Signal becomes even more private by removing the need to share your phone number to new contacts. The secure messaging app has so far added support for usernames in beta.
🇬🇧 The judgement of the European Court of Human Rights on the right to #EndToEndEncryption#E2EE is a victory for civil liberties! EU governments must finally remove the proposed destruction of secure encryption from the #ChatControl 2.0 bill!
British man acquitted over London-Spain flight bomb hoax | …SnapChat leaking messages to security services & supporting KOSA? Not a good combo for user privacy | HT @rebeccamkern
SnapChat must* be surveilling their non-encrypted chats (i.e. all of them, but they travel over HTTPS for privacy) & triggering on sensitive words, either on-server or on-client, reporting to law enforcement who then over-react … PLUS they announced support for the illiberal & misconceived KidsOnlineSafetyAct.
The two, combined, are not a great indicator for how they view user privacy.
A Spanish court has cleared a British man of public disorder, after he joked to friends about blowing up a flight from London Gatwick to Menorca […] A key question in the case was how the message got out, considering Snapchat is an encrypted app. One theory, raised in the trial, was that it could have been intercepted via Gatwick’s Wi-Fi network. But a spokesperson for the airport told BBC News that its network “does not have that capability”. In the judge’s resolution, cited by the Europa Press news agency, it was said that the message, “for unknown reasons, was captured by the security mechanisms of England when the plane was flying over French airspace”. The message was made “in a strictly private environment between the accused and his friends with whom he flew, through a private group to which only they have access, so the accused could not even remotely assume… that the joke he played on his friends could be intercepted or detected by the British services, nor by third parties other than his friends who received the message,” the judgement added. It was not immediately clear how UK authorities were alerted to the message, with the judge noting “they were not the subject of evidence in this trial”.
[*] if the cause is not Snap themselves then their transport security is broken and that’s an even bigger story, being either being a weakness in the app or an undocumented man-in-the-middle HTTPS backdoor implemented by authorities in airport wireless transportation
Previously
Scoop for @politico– @Snapchat is the first social media platform to support the Kids Online Safety Act. This comes as CcEO Evan Spiegel joins the heads of Meta, TikTok, X and Discord next week in a @JudiciaryDems hearing on child sexual abuse material. https://t.co/PTKLQpqtHP
I wish that I could be as optimistic as @ciaranmartinoxf regarding the eventual wisdom of the British state regarding end-to-end encryption, but I cannot…
There will have to be at least 2x changes of Government before what Ciaran is asking for below, can happen; the first will be an ouster of the Tories which is necessary because they are fuelling the Home Office mindset (NB: not the other way around) that “The Tech Companies Must Be Brought To Heel” in the most authoritarian way possible, because they have a confused understanding of how social media is all of us, mediated; they recognise that the unwashed public having a voice is a bad thing for them, but they believe that the middlmen can/will be the ones to fix it.
The problem is: Labour are in the same position but for mirror reasons. They whine about billionaires and “surveillance capitalism” and channel Ciaran’s second tweet, re-interpreting it as “the role of Government is to create new and different ways to protect the most vulnerable [demographics]” which – being literally a statist party – to them also means “tech interventionism” and trying to stop technology rather than trying to improve humans.
We are in thrall to politicians who are trying to find levers to pull in pursuit of protecting people, rather than educating them towards invulnerability.
The only question is how much time is wasted before the state accepts the reality of basic modern communications security, & works out new & different ways to protect the most vulnerable in this new secure reality that users across the world demand 2/2https://t.co/fJ6YeGW4My
Facebook Messenger joins the likes of WhatsApp and Signal, by embracing end-to-end encryption protection. Personal chats and and calls on Facebook and Messenger will default to this new private service.
Deku SMS
SMS app with end to end encryption and photo sharing support
Deku SMS is a feature-rich, open-source default SMS app designed to enhance your messaging experience while prioritizing your privacy and security. With Deku SMS, you can seamlessly send and receive end-to-end encrypted SMS messages, ensuring that your conversations remain confidential.
Reminder about Mastodon "private" messages. Aside from not being end-end-encrypted (and so visible to instance administrators), they CC anyone @-mentioned ANYWHERE in the body of the message (not just those listed at the start).
They are now called "private mentions" rather than "private messages", but if you don't fully understand the semantics, this behavior may be unexpected and/or cause unpleasant side effects.
@ErikJonker jammer, als thema ontbreekt #privacy . We weten inmiddels dat #d66 dit thema heeft losgelaten en zelfs op sommige vlakken anti-privacy is geworden. #endtoendencryption
🥁🥁🥁 Say hi to Messaging Layer Security! After 5 years in the making, the protocol has been published as RFC 9420. #MLS is the first standardized and fully specified end-to-end #encryption protocol. The specification is freely accessible, and its security has been analyzed in numerous academic publications.
We wrote a blog post giving a high-level overview of MLS, its practical applications, and why it matters. https://blog.phnx.im/rfc-9420-mls/
The Messaging Layer Security (MLS) protocol has been published as RFC 9420 today! MLS is the first standardized and fully specified end-to-end encryption protocol. The specification is freely accessible, and its security has been analyzed in numerous academic publications.
Check out our blog post for a high-level overview of MLS, its practical applications, and why it matters. https://blog.phnx.im/rfc-9420-mls/
Protecting our online privacy is more important than ever. End-to-end encryption ensures that our messages and data are secure from prying eyes. Let's demand it from all our communication tools!
As an act of protest against the EARN IT act and the STOP CSAM act, today, I'm wearing my "Encryption is not a crime" T-shirt while I'm out shopping. It's not much, but hopefully, it does something.