To security experts: Do you use #VPN for services that are already end-to-end encrypted? Or, you add their apps in split-tunnelling mode?
Or, to rephrase it: is there any use in keeping end-to-end encrypted apps behind a VPN?
This is under the assumption that all things are equal (no ISP issues; no need to bypass any network set up; end-to-end encryption is enabled by default).
The Going Dark High-Level Group is suggesting that the EU should be more like China/Iran and block access to communications services which do not comply with (also suggested) EU law on lawful interception for all types of communications services ("level playing field"), including of course secure #E2EE OTT services.
🚨 Important update from @signalapp 🚨
The latest update (v7 on Desktop):
✅ Keep your phone number hidden
✅ Choose to share a username instead
✅ Take control with new privacy settings - You decide who finds you by phone number.
I just finished writing a code test which creates and queues for delivery an end-to-end encrypted email-like message in somewhere around 10-15 lines of #Kotlin code.
Think about it. It's starting getting real. SQUEEEE!!!
Inzwischen bereue ich, #Nuudel mit #Framadate aufgesetzt zu haben, obwohl es damals Croodle schon gab. Ich hatte einfach nicht gründlich genug recherchiert.
Today, a district court in Nevada is hearing a case about whether Meta should have to comply with the state AG’s demand for a temporary restraining order to stop Meta from offering end-to-end #encryption (#E2EE) on Facebook’s Messenger for children in Nevada under the age of 18.
"This is a full-on attack on encryption. If Nevada succeeds here, then it’s opening up courts across the country to outlaw #encryption entirely. This is a massive, dangerous attack on security and deserves much more attention."
If you believe the good guys need to have a way to get around encryption, you either haven’t thought about it enough, or you’re not one of the good guys.
#Apple strengthens iMessage end-to-end encryption with post-quantum cryptography: PQ3.
"iMessage now meets this goal with a new cryptographic protocol that we call PQ3, offering the strongest protection against quantum attacks and becoming the only widely available messaging service to reach Level 3 security"
🇬🇧 The judgement of the European Court of Human Rights on the right to #EndToEndEncryption#E2EE is a victory for civil liberties! EU governments must finally remove the proposed destruction of secure encryption from the #ChatControl 2.0 bill!
Fascinating ... Apple joins Signal to provide the most secure end-to-end encrypted messaging protocols. Note: Apple engineers created their own “Levels” and magically theirs is the highest. ;) But regardless, this is obviously strong encryption.
"Support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases.”
iMessage quantum security arrives with iOS 17.4 - @9to5Mac
This would have been the perfect article to remind people that all of this E2EE doesn’t matter if you backup your iMessages in iCloud, where they will be backed up clear-text to Apple/NSA, unless both parties turn on Advanced Data Protection
It seems appropriate that the spark was stolen from humanity by corporations to give to their "AI" instead.
The worst thing about the current "AI" leap is probably not even that it will be, is already being used to build the near total coverage constant surveillance, a scaffolding ready for any totalitarian to construct their oppression system on, as well as disabling the mischievousness that is essential to healthy mental development by social exploration and cutting the bonds enabling adulthood independence from parents.
It is instead probably that with live "AI"-generated fake video indistinguishable from reality, we will not be able to trust any evidence of anything having happened, as the watermarks promised as solution can easily be removed or not applied.
No person will be able to trust anything they're told by any other person that it happened and no one person can personally witness every important event in the world.
This breaks humankind's ability to cooperate over long social distances and our networks of trust, the sparks that has been keeping our "survival of the fittest" of ability to wide ranging adaptation to habitats aflame.
Reassigning the sparks emoji to mean "AI" generated content was appropriate, probably more so than Samsung or whomever committed the theft realized.
@b9AcE #e2ee messages from verified contacts seem to replicate the process.
Apps like @briar and @simplex are good for this because they require you to use some form of handshake outside the app in order to set up a chat with a known person.
I also think we need an information version of banking's Know Your Customer #KYC protocols.
Backdoors that let cops decrypt messages violate human rights, EU court says
One of comments about the title:
"Contrary to what the headline says, the European Court of Human Rights in Strasbourg, France, is not an EU court. It is part of the Council of Europe, which is older than the EU and has more members, and is mainly concerned with human rights related issues.
The EU has its own Court, the Court of Justice of the European Union (CJEU) in Luxembourg.
Edit: just to add, the article gets all the nuances right and refers to the Council of Europe and even to possible endorsement by the CJEU, so the problem is only with the headline."
@cwtch is by far my most favorite #secure#messenger. it's #serverless, and end to end encryption (#e2ee) is built in with #tor onion services. no setting up any infrastructure required, it's built on the back of the distributed @torproject operator network. no phone number is necessary, and you can have isolated IDs (profiles) for everyone you talk to
"...begründete seine Entscheidung damit, dass #E2EE eine wichtige Rolle beim Schutz der Bürger und Unternehmen vor Cyberkriminalität und unbefugter Datenweitergabe spielt.
«Ende-zu-Ende-Verschlüsselung (E2EE) durch Urteil EU-weit geschützt»
– @tarnkappeinfo
Mal eine positive Nachricht was die #EU und #IT angeht. Die #E2EE ist geschützt und eingesehen das #Privatsphare wichtig ist. Jetzt müssen nur noch die Firmen und Behörden die #Verschlusselung ihrer #Kommunikation, wie zB #EMail mit #GPG, noch konsequent umsetzen. Ich hoffe, die #Schweiz zieht dem nach.