The government knows and has admitted it cannot scan messages without undermining or breaking encryption, but wants to pretend otherwise. It is playing us for fools. #onlinesafetybill#encryption#e2ee
As end-to-end encryption becomes more popular (yay! :rainbowdance:),
Celebrate yes,
But also remain skeptical about how this word is used and if this claim warrants your trust.
Do not trust blindly.
End-to-end encryption is a wonderful protection when well implemented. But not all apps that use end-to-end encryption are equals.
Verify that:
The provider is trustworthy :blobcatthinkingglare:
Trustworthy third-parties have verified and confirmed the provider's claims 🔍
Metadata is also encrypted and/or that, ideally, its collection is minimized :blobcatpeekaboo:
Solid security measures protect the data as well (For example, if your data is end-to-end encrypted from your password but your password is vulnerable then your data is vulnerable as well) 🛡️
Encryption is truly end-to-end, meaning only the sender and the receiver can access the data and nobody else :ablobcatpeek:
Finally keep in mind that even if a service uses minimal encryption (for example one that still collects a lot of unencrypted metadata) it is still better than the same service using no content encryption at all,
BUT there are almost always much better services that offer truly complete and well implemented end-to-end encryption for their services.
How to send encrypted (at a cost) and ‘confidential’ emails on Gmail
Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.
If you do 1 thing today, use @signalapp and get your friends and family on it. Low barriers to entry.
For your second thing, sign up with an encrypted email service (@protonmail@skiff@Tutanota or something else) and forward your #gmail and #hotmail your your new inbox. Take back your inbox.
Last Boost: I really feel #E2EE needs to rapidly become ubiquitous, expected, and normalized before bills that seek to ban it find the right wording to survive media scrutiny.
That's why fan art is safe and fan games aren't, btw. Copyright wise, no difference. Fan art, esp selling it, is unquestionably not ok by most copyright standards.
Only the unspoken "it's always been like this" keeps it safe. Sometimes that's the most critical part. People hate change. Preemptive laws are v dangerous.
Yesterday we sent an open letter to the UK government from 80 experts and civil society groups.
It isn't possible to scan messages in a way that only gets the 'bad guys'. Client-side scanning turns everyone's chats into dangerous spaces for privacy and security.
Client-side scanning is like having a “government-supplied CCTV camera in every room of your house.” It puts faith in “an unknown algorithm to detect bad things, which get reported to a private moderation team provided by the people who built your house” - Matthew Hodgson, CEO of @element
Yet another reason why your private messages should be stored on a server you control or e2ee (ideally, both): it's likely the pseudonyms and accounts you use can be linked back to your IRL identity... and sold to anyone willing to pay
Reminder that #Telegram is not secure communication. Most chats aren't end-to-end-encrypted to begin with, and even those that are use a strange custom-built algorithm rather than actual cryptographically sound algorithm such as the double-ratchet.
If you want actual secure communication, use #Signal, #Matrix, or even #WhatsApp (which is shit and will turn you in to the police but is still better than what Telegram).
"Fedora Workstation includes systemd-cryptenroll by default which makes adding alternative methods for unlocking LUKS partitions fairly straight forward.
This article shows how to use either a TPM2 chip or a FIDO U2F security key as an alternative factor to the passphrase when unlocking your LUKS partitions." #Fedora#E2EE#security#privacy
Thank you for all the great replies and responses to this poll! It somehwat confirmed my belief that Signal is the goto for most for secure, end to end encrypted chat (which I have used on occasion). But I also learned about other options I had never known about before including many decentralized options. Check out the replies to my poll to see them. #Signal#Matrix#Element#WhatsApp#Telegram#Synapse#Wire#Threema#SecureChat#E2EE#Messaging
Chatkontrolle: Spanien plädiert für EU-Verbot von Ende-zu-Ende-Verschlüsselung
Die EU-Staaten diskutieren über die Pläne zur sogenannten Chatkontrolle. Ein geleaktes Dokument macht jetzt deutlich, wie extrem die Positionen teilweise sind.
The #UK#OnlineSafetyBill is a poorly written proposal which would have devastating effects for privacy and availability of online services in the UK, breaking end-to-end encryption. Please sign this petition and boost for visibility.
This week we hit the streets in London to send a message to the UK government: Don’t Scan Me! We’re calling on lawmakers to support Lord Clement-Jones’ amendment to the #OnlineSafetyBill that would remove private messaging platforms from the surveillance measures.
After iOS, Element X beta is now available on Android. Go rush it, break the app, report bugs, let's all get fun together! Oh, and it's extremely fast, don't be surprised.