@stshank No E2EE in 1.0 because they want to get it out quickly, because some significant subset of users realllly want it… and then they're gonna think about doing this properly in the protocol later
#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"
Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform isEVERcompletely, and totally secure.
That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.
Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"
My experience is that state actors won't even try to decrypt your communications. That's old school - and a horribly inefficient use of resources. They'll come after you with a keylogger or manufactured legal nightmares or torture - to either or both sides of the communication; depending on the perceived value of your secret.
It all comes down to 4 fundamental questions:
What is the value of your secret to you
What resources do you have available to protect it
What is the perceived value of your secret to your adversary
What resources do they have available to divulge it
You have to analyse every Apple announcement through the lens of how it will use it to maintain its market power and attack regulation. So, will Apple’s promised Rich Communication Services (RCS) support make iMessage fully interoperable at least with Google’s Messages? What would the most grudging compliance with Chinese 5G regulations look like?
Google apparently makes RCS support ubiquitous regardless of carrier support (via IP), as well as using a specific telco gateway. Will Apple do the same, or push individual telcos to enable RCS support on their networks? (Many already do.)
Apple won’t support Google’s end-to-end encryption extension but instead work to standardise it in RCS. How long will that take?
Trade body GSMA is responsible for the RCS standard. Telcos in the past, unlike Internet developers, have been most open to developing backdoored encryption standards for mobile communications. Will Google and Apple be able to override this here?
I haven’t tried digging out a good translation of the relevant Chinese 5G regulations, but they are allegedly the source of Apple’s change of mind on RCS support. Supporting it within a single country of course does not mean support anywhere else in the world. Many (most?) of the DMA gatekeepers are trying to limit DMA benefits to their EU users (and in Apple’s case withdrawing them once a user leaves the EU for 30 days!)
"Discord wyłącza boty „szpiegowskie”, które zbierały i sprzedawały wiadomości użytkowników.
Po tym, jak w zeszłym tygodniu 404 Media poinformowało o usłudze, Discord zamknął teraz wiele kont typu scraping i twierdzi, że rozważa podjęcie kroków prawnych."
"While the UK government adopted powers that could allow the private messages of everyone in the UK to be scanned, it did concede that this could not be put into practice without jeopardizing people’s security and privacy.
ORG has called for Ofcom to publish regulations that make clear that there is no available technology that can allow for scanning of user data to co-exist with strong #encryption and #privacy.“
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
@protonprivacy@blueghost (can be) true, buuut, theres one thing wich mess people up - many takes writing from/to proton mail users as something wich will be encrypted "by default" without any knowledge of how pgp keys works + it just about trust that proton does not read messages when storing secret key themselves...
@iuvi@blueghost Note that Proton Mail servers don't hold your private master key directly — it is always stored encrypted with your account password. And we don't have access to your account password.
@afterdawn Sota-ajalla olen tästä eri mieltä. Voi olla aika haitallista, että vihollinen voi viestitellä meidän omalla infralla ilman että omilla joukoilla on mitään mahdollisuutta päästä väliin.
@vegai@afterdawn Juuri sota-ajan keskellä on tärkeää säilyttää salauskyky tavallisilla kansalaisilla, koska muuten ne joutuvat myös vieraiden valtioiden kohteeksi.
Ich sehe dies nicht so und könnte sogar die #Wirtschaft extrem schaden aber erst dann wird verspätet zugesagt und wir alle haben ein #Privatsphare-Recht.
»#Europol sieht Ende-zu-Ende-Verschlüsselung (#E2EE) kritisch, #EU soll handeln:
Europäische #Polizei'chefs fordern Industrie und Regierungen auf, Maßnahmen gegen die Einführung von Ende-zu-Ende-#Verschlusselung zu ergreifen - demnach gehen den Behörden die Maßnahmen zu weit, mit denen Nutzerdaten geschützt werden.«
🇬🇧 To enable #ChatControl mass surveillance, 32 European police chiefs call for halting end-to-end encryption #E2EE. This is an attack on our security and digital privacy in violation of fundamental rights!
🇩🇪 Um #Chatkontrolle zu ermöglichen fordern 32 Europäische Polizeichefs (wohl auch das #BKA) Ende-zu-Ende-Verschlüsselungsstopp. Das ist ein grundrechtswidriger Angriff auf unsere Sicherheit und das digitale Briefgeheimnis! #E2EE
@echo_pbreyer die Menschheit ist erst dann Reif für "die Digitalisierung", wenn sich all unsere Befürchtungen bewahrheitet und so als berechtigt herausgestellt haben.
In diesem Sinne möchte ich den Lauf der Geschichte fast gerne beschleunigen, damit die sich die Erkenntnis endlich großflächig durchsetzt. Leider sind die Kollateralschäden erheblich.