#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"
Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform isEVERcompletely, and totally secure.
That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.
Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"
Bemerkenswert, wenn solche wichtigen Projekte nicht mehr im freien Fediverse bekannt gemacht werden, sondern auf Threads.
Es geht um nichts anderes, als eine E2E Verschlüsselung für AP.
♲ threads.net/
You have to analyse every Apple announcement through the lens of how it will use it to maintain its market power and attack regulation. So, will Apple’s promised Rich Communication Services (RCS) support make iMessage fully interoperable at least with Google’s Messages? What would the most grudging compliance with Chinese 5G regulations look like?
Google apparently makes RCS support ubiquitous regardless of carrier support (via IP), as well as using a specific telco gateway. Will Apple do the same, or push individual telcos to enable RCS support on their networks? (Many already do.)
Apple won’t support Google’s end-to-end encryption extension but instead work to standardise it in RCS. How long will that take?
Trade body GSMA is responsible for the RCS standard. Telcos in the past, unlike Internet developers, have been most open to developing backdoored encryption standards for mobile communications. Will Google and Apple be able to override this here?
I haven’t tried digging out a good translation of the relevant Chinese 5G regulations, but they are allegedly the source of Apple’s change of mind on RCS support. Supporting it within a single country of course does not mean support anywhere else in the world. Many (most?) of the DMA gatekeepers are trying to limit DMA benefits to their EU users (and in Apple’s case withdrawing them once a user leaves the EU for 30 days!)
"Discord wyłącza boty „szpiegowskie”, które zbierały i sprzedawały wiadomości użytkowników.
Po tym, jak w zeszłym tygodniu 404 Media poinformowało o usłudze, Discord zamknął teraz wiele kont typu scraping i twierdzi, że rozważa podjęcie kroków prawnych."
I recently saw a conversation between two people I respect that ended poorly. This being a social platform, shortage of mutual understanding is not surprising. Most of the time, I just back away slowly, but this time, the topic is important enough, and I think I can see a framing that can help make conversations about it less antagonistic.
When different people prioritize different kinds of assets and threats, it's easy to end up comparing risks that can't be compared or balanced.
For a protester, the assets they need to protect are identity and location history. The threat they need to protect it from is local law enforcement. If a hostile foreign government operated platform such as #TikTok is less likely to volunteer their data to FBI, it's a bit safer for their use case than domestic platforms other than #E2EE messengers. 2/
"While the UK government adopted powers that could allow the private messages of everyone in the UK to be scanned, it did concede that this could not be put into practice without jeopardizing people’s security and privacy.
ORG has called for Ofcom to publish regulations that make clear that there is no available technology that can allow for scanning of user data to co-exist with strong #encryption and #privacy.“
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
Ich sehe dies nicht so und könnte sogar die #Wirtschaft extrem schaden aber erst dann wird verspätet zugesagt und wir alle haben ein #Privatsphare-Recht.
»#Europol sieht Ende-zu-Ende-Verschlüsselung (#E2EE) kritisch, #EU soll handeln:
Europäische #Polizei'chefs fordern Industrie und Regierungen auf, Maßnahmen gegen die Einführung von Ende-zu-Ende-#Verschlusselung zu ergreifen - demnach gehen den Behörden die Maßnahmen zu weit, mit denen Nutzerdaten geschützt werden.«
🇬🇧 To enable #ChatControl mass surveillance, 32 European police chiefs call for halting end-to-end encryption #E2EE. This is an attack on our security and digital privacy in violation of fundamental rights!
🇩🇪 Um #Chatkontrolle zu ermöglichen fordern 32 Europäische Polizeichefs (wohl auch das #BKA) Ende-zu-Ende-Verschlüsselungsstopp. Das ist ein grundrechtswidriger Angriff auf unsere Sicherheit und das digitale Briefgeheimnis! #E2EE
Politische Überwachungsphantasien, die mit dem Vorwand gerechtfertigt werden, "schlimmste Verbrechen wie den sexuellen Missbrauch von Kindern zu bekämpfen", sind unerträglich.
Wer wirklich etwas für Kinder tun will, engagiert sich im Kampf gegen den Klimawandel, für sichere Schul- und Radwege, für Bildung, gewaltfreie Familien, Chancengleichheit und freie Entfaltungsmöglichkeiten.
🇬🇧 New #leak on #ChatControl: Privacy-friendly and #E2EE encrypted messaging services are to be penalised with chat control bulk scanning orders. They want to turn the safest services into the most monitored ones!
Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?