I just finished writing a code test which creates and queues for delivery an end-to-end encrypted email-like message in somewhere around 10-15 lines of #Kotlin code.
Think about it. It's starting getting real. SQUEEEE!!!
🚨 Important update from @signalapp 🚨
The latest update (v7 on Desktop):
✅ Keep your phone number hidden
✅ Choose to share a username instead
✅ Take control with new privacy settings - You decide who finds you by phone number.
Today, a district court in Nevada is hearing a case about whether Meta should have to comply with the state AG’s demand for a temporary restraining order to stop Meta from offering end-to-end #encryption (#E2EE) on Facebook’s Messenger for children in Nevada under the age of 18.
"This is a full-on attack on encryption. If Nevada succeeds here, then it’s opening up courts across the country to outlaw #encryption entirely. This is a massive, dangerous attack on security and deserves much more attention."
If you believe the good guys need to have a way to get around encryption, you either haven’t thought about it enough, or you’re not one of the good guys.
Fascinating ... Apple joins Signal to provide the most secure end-to-end encrypted messaging protocols. Note: Apple engineers created their own “Levels” and magically theirs is the highest. ;) But regardless, this is obviously strong encryption.
"Support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases.”
iMessage quantum security arrives with iOS 17.4 - @9to5Mac
This would have been the perfect article to remind people that all of this E2EE doesn’t matter if you backup your iMessages in iCloud, where they will be backed up clear-text to Apple/NSA, unless both parties turn on Advanced Data Protection
#Apple strengthens iMessage end-to-end encryption with post-quantum cryptography: PQ3.
"iMessage now meets this goal with a new cryptographic protocol that we call PQ3, offering the strongest protection against quantum attacks and becoming the only widely available messaging service to reach Level 3 security"
Backdoors that let cops decrypt messages violate human rights, EU court says
One of comments about the title:
"Contrary to what the headline says, the European Court of Human Rights in Strasbourg, France, is not an EU court. It is part of the Council of Europe, which is older than the EU and has more members, and is mainly concerned with human rights related issues.
The EU has its own Court, the Court of Justice of the European Union (CJEU) in Luxembourg.
Edit: just to add, the article gets all the nuances right and refers to the Council of Europe and even to possible endorsement by the CJEU, so the problem is only with the headline."
It seems appropriate that the spark was stolen from humanity by corporations to give to their "AI" instead.
The worst thing about the current "AI" leap is probably not even that it will be, is already being used to build the near total coverage constant surveillance, a scaffolding ready for any totalitarian to construct their oppression system on, as well as disabling the mischievousness that is essential to healthy mental development by social exploration and cutting the bonds enabling adulthood independence from parents.
It is instead probably that with live "AI"-generated fake video indistinguishable from reality, we will not be able to trust any evidence of anything having happened, as the watermarks promised as solution can easily be removed or not applied.
No person will be able to trust anything they're told by any other person that it happened and no one person can personally witness every important event in the world.
This breaks humankind's ability to cooperate over long social distances and our networks of trust, the sparks that has been keeping our "survival of the fittest" of ability to wide ranging adaptation to habitats aflame.
Reassigning the sparks emoji to mean "AI" generated content was appropriate, probably more so than Samsung or whomever committed the theft realized.
@b9AcE #e2ee messages from verified contacts seem to replicate the process.
Apps like @briar and @simplex are good for this because they require you to use some form of handshake outside the app in order to set up a chat with a known person.
I also think we need an information version of banking's Know Your Customer #KYC protocols.
@cwtch is by far my most favorite #secure#messenger. it's #serverless, and end to end encryption (#e2ee) is built in with #tor onion services. no setting up any infrastructure required, it's built on the back of the distributed @torproject operator network. no phone number is necessary, and you can have isolated IDs (profiles) for everyone you talk to
"...begründete seine Entscheidung damit, dass #E2EE eine wichtige Rolle beim Schutz der Bürger und Unternehmen vor Cyberkriminalität und unbefugter Datenweitergabe spielt.
«Ende-zu-Ende-Verschlüsselung (E2EE) durch Urteil EU-weit geschützt»
– @tarnkappeinfo
Mal eine positive Nachricht was die #EU und #IT angeht. Die #E2EE ist geschützt und eingesehen das #Privatsphare wichtig ist. Jetzt müssen nur noch die Firmen und Behörden die #Verschlusselung ihrer #Kommunikation, wie zB #EMail mit #GPG, noch konsequent umsetzen. Ich hoffe, die #Schweiz zieht dem nach.
🇬🇧 The judgement of the European Court of Human Rights on the right to #EndToEndEncryption#E2EE is a victory for civil liberties! EU governments must finally remove the proposed destruction of secure encryption from the #ChatControl 2.0 bill!
Inzwischen bereue ich, #Nuudel mit #Framadate aufgesetzt zu haben, obwohl es damals Croodle schon gab. Ich hatte einfach nicht gründlich genug recherchiert.
Give both a shot. Both are the only ones (I know of) having zero storage access as the only option; meaning #e2ee is enforced. You may have mailbox.org as a third one (E2EE must be enabled manually there).
I ended up with Proton as I experienced it far more feature rich, flexible and mature. And the Bridge is a must for my use case. In addition, it builds on PGP which can be used to have E2EE communication with people outside of Proton. (yes, I've tried Mailvelope with Tuta; that does not work at all. And doing it manually with copy/paste and PGP in an ordinary text esitor is a waste of time and also turned out error prone one the receiving end; Tuta mails gets mangled on the way).
But if you're a very lightweight mail user, Tuta might fit your need. I generally think of Tuta more like a messenger service with SMTP transport support.
Also beware, importing mails to Tuta is still not possible (unless that has changed the last months). And exporting mails are also a mess. I have migrated one user from Tuta to Proton, and I had to manually fix mail headers to get them imported. The mail export was quite poor, tbh. It took me longer than importing a handful of users from a Zimbra server to Proton - using the same Proton Mail Import/Export tool.
Finally, I just want to mention that Tuta is a company with less than 20-30 employees, serving something like 10 million users. Proton is probably closer to 500 employees these days, serving more than 100 million users. So these organisations are quite different. Which also means they have quite different approaches for developing services further and capabilities to handle sudden challenges.