Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
Last week we published our response to Ofcom's Online Safety Act (UK) consultation.
We've raised concerns about the threat to free expression in requirements to proactively screen users' social media content and measures that undermine end-to-end encryption.
Yet another reason why your private messages should be stored on a server you control or e2ee (ideally, both): it's likely the pseudonyms and accounts you use can be linked back to your IRL identity... and sold to anyone willing to pay
Last night we joined an effort to stop the State of Nevada from making it easier for children’s personal information to be obtained by child predators, criminal gangs, foreign nations, and others.
Together with the ACLU, @riana , @eff , @CenDemTech , @mozilla , @fight , and @signalapp , and Access Now, we filed an amicus brief asking the court to protect children by ensuring they can use the most secure communication possible!
To security experts: Do you use #VPN for services that are already end-to-end encrypted? Or, you add their apps in split-tunnelling mode?
Or, to rephrase it: is there any use in keeping end-to-end encrypted apps behind a VPN?
This is under the assumption that all things are equal (no ISP issues; no need to bypass any network set up; end-to-end encryption is enabled by default).
The Going Dark High-Level Group is suggesting that the EU should be more like China/Iran and block access to communications services which do not comply with (also suggested) EU law on lawful interception for all types of communications services ("level playing field"), including of course secure #E2EE OTT services.
I just finished writing a code test which creates and queues for delivery an end-to-end encrypted email-like message in somewhere around 10-15 lines of #Kotlin code.
Think about it. It's starting getting real. SQUEEEE!!!
🚨 Important update from @signalapp 🚨
The latest update (v7 on Desktop):
✅ Keep your phone number hidden
✅ Choose to share a username instead
✅ Take control with new privacy settings - You decide who finds you by phone number.
"This is a full-on attack on encryption. If Nevada succeeds here, then it’s opening up courts across the country to outlaw #encryption entirely. This is a massive, dangerous attack on security and deserves much more attention."
Today, a district court in Nevada is hearing a case about whether Meta should have to comply with the state AG’s demand for a temporary restraining order to stop Meta from offering end-to-end #encryption (#E2EE) on Facebook’s Messenger for children in Nevada under the age of 18.
Fascinating ... Apple joins Signal to provide the most secure end-to-end encrypted messaging protocols. Note: Apple engineers created their own “Levels” and magically theirs is the highest. ;) But regardless, this is obviously strong encryption.
"Support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases.”
#Apple strengthens iMessage end-to-end encryption with post-quantum cryptography: PQ3.
"iMessage now meets this goal with a new cryptographic protocol that we call PQ3, offering the strongest protection against quantum attacks and becoming the only widely available messaging service to reach Level 3 security"
iMessage quantum security arrives with iOS 17.4 - @9to5Mac
This would have been the perfect article to remind people that all of this E2EE doesn’t matter if you backup your iMessages in iCloud, where they will be backed up clear-text to Apple/NSA, unless both parties turn on Advanced Data Protection
Backdoors that let cops decrypt messages violate human rights, EU court says
One of comments about the title:
"Contrary to what the headline says, the European Court of Human Rights in Strasbourg, France, is not an EU court. It is part of the Council of Europe, which is older than the EU and has more members, and is mainly concerned with human rights related issues.
The EU has its own Court, the Court of Justice of the European Union (CJEU) in Luxembourg.
Edit: just to add, the article gets all the nuances right and refers to the Council of Europe and even to possible endorsement by the CJEU, so the problem is only with the headline."
@cwtch is by far my most favorite #secure#messenger. it's #serverless, and end to end encryption (#e2ee) is built in with #tor onion services. no setting up any infrastructure required, it's built on the back of the distributed @torproject operator network. no phone number is necessary, and you can have isolated IDs (profiles) for everyone you talk to