"Searching through email content in an end-to-end encrypted email provider is no easy feat. Because Skiff does not have access to any user emails, all search queries have to be performed client-side. To make this possible, we’ve developed innovative search indexing algorithms that work in the browser, in Skiff’s Windows and macOS apps, and in our iOS and Android native apps."
During the debate on the Online Safety Bill in the UK House of Lords, Lord Moylan laid out the dangers of the encryption-busting clause that threatens our privacy and security.
Take action to stop the spy clause as the Bill moves into its final stages.
The #OnlineSafetyBill conflates “the public’s legitimate concern about bad online behaviour with the security services’ agenda of breaking #e2ee. Gaining a backdoor to encrypted chat has been on spies’ wishlist almost since the internet was invented.”
The Bill will “allow intelligence agencies to spy on ordinary citizens via technology platforms.”
@JamesBaker of @openrightsgroup writes "At the eleventh hour of the Online Safety Bill’s passage through Parliament, the Government has found itself claiming to have both conceded that it won’t do anything stupid and that it may well press ahead if it wants to. It is in a total mess over its proposals to break end-to-end encryption and scan our private messages.." https://www.openrightsgroup.org/blog/omnishambles-over-encrypted-messages-continues/
Signal has long been a privacy Champion when it comes to instant messaging, the gold standard some might say except for one glaring problem, it required a phone #.
Well, that's about to change.
Signal is going to test usernames for account handling.
This will NOT be tested in the Beta version of the app, but on a completely separate version of the app that is hosted on completely separate servers.
The Platformer's recent article about Twitter claims that Twitter's encrypted DMs are not end-to-end encrypted:
"These messages are not encrypted end to end, making them vulnerable to so-called man-in-the-middle attacks."
This is wrong. Twitter's encrypted DMs truly are end-to-end encrypted. That is, no one other than the sender and recipient can decrypt the messages. However, Twitter does not provide a mechanism for users to verify the public key of other contacts. And this makes the design vulnerable to man-in-the-middle attacks.
... and in #GoodNews, the European Commission's attempt to gut chat encryption with "Chat Control" has been defeated by a cross-party consensus in the European Parliament;
Client-side scanning of private chat messages was top of the Today programme political debate this morning with @Mer__edith and Ciaran Martin, former Head of the National Cyber Security Centre.
Client-side scanning is a technology that intercepts and checks chat messages on mobile phones before being encrypted.
@Mer__edith: these are mass surveillance measures that operate at scale. The government has used sleight of hand to put them in.
Prof Alan Woodward, a cyber-security expert at University of Surrey, who has worked in posts at GCHQ, said:
"So many of us have signed letters, given formal evidence to committees, directly offered to advise - either the government doesn't understand or doesn't want to listen.
Każda osoba na #PolSocial ma konto na matrix. Wystarczy pobrać apkę Element, wskazać serwer pol.social i „Logowanie z Pol.social” czyli nawet konta nie trzeba zakładać i wpisywać user / password.
🔴 Over 80 international civil society organisations, academics and cyber-experts warn the UK government that the Online Safety Bill threatens the security and privacy of billions of people who use apps like WhatsApp and Signal.
Encrypted messaging protects people’s security online. But powers to scan private messages in the Online Safety Bill will expose people to hacking and abuses of private information.
In the new #surveillance economy, data is indeed the new currency. Choosing services that respect your privacy is the first step to fighting back. #ProtonMail's #e2ee ensures your data only belongs to you, not #BigTech, governments, or hackers.
#Chatkontrolle so eben wurde der Bericht des Berichterstatters vom #IMCO Ausschuss angenommen. Zum Kontext, der von Saliba vorgelegt Draft Report war bereits eine gute Grundlage, viele Punkte waren hart umkämpft.
Der Bericht ist nicht perfekt und deckt nicht alle unsere Bedenken ab. ABER: Er enthält wichtige Punkte im Hinblick auf #E2EE#AgeVerification generell die Anwendung von Technologie in diesem Zusammenhang. Es bleibt spannend was der #LIBE Ausschuss nach dieser Vorlage tut.
"We want child abuse and crime dealt with, but if the approach to communication is too draconian then freedom is lost and security weakened."
The cost of the 'haphazard and shambolic' #OnlineSafetyBill (UK) will be paid with our privacy and national security.
Client-side scanning remains in the Bill, despite warnings from experts and tech companies. Is the true intent of this legislation to be a trojan horse for mass surveillance?
I'm not clear who actually uses Google Messages, but this is good news for MLS adoption
"Google is adopting the Messaging Layer Security (MLS) protocol for its Messages app that aims to handle end-to-end encryption and support sending and receiving between supported messaging apps"
🇩🇪 Um #Chatkontrolle zu ermöglichen fordern 32 Europäische Polizeichefs (wohl auch das #BKA) Ende-zu-Ende-Verschlüsselungsstopp. Das ist ein grundrechtswidriger Angriff auf unsere Sicherheit und das digitale Briefgeheimnis! #E2EE