Mastodawn

Penguin Rebellion

It is useful to keep in mind there can never be any kind of actual end-to-end encryption (#E2EE).

Your understanding of "end" is probably deliberately ignorant.

While you understandably so wish to believe the "end" was in the respective minds of the conversation partners, it is factually and technically located in the hardware and software of the devices used.

Which opens up a myriad of surveillance options, from sinister keyloggers; to simply glancing at your screens; to "AI" "assistants" "summarizing" what you're receiving, and allegedly just "fleshing out" what you're sending.

Even if conversation data was transmitted, "end-to-end encrypted", between brain implants, the producers or vendors of such implants would still happily provide backdoors for "law enforcement".

Wolfgang Müller (DE:er/EN:he)1d ago

@penguinrebellion The solution to this is open hardware. But how can you have *really* open hardware that a human, completely trustworthy, organisation can understand?

Penguin Rebellion 1d ago

Good question. Maybe having a walk in the forest is easier to arrange for, and "implement".

Wolfgang Müller (DE:er/EN:he)1d ago

@penguinrebellion Yes, but not remotely. So being without said open hardware is quite a disadvantage in setting up clandestine information exchange.

Wolfgang Müller (DE:er/EN:he)1d ago

@penguinrebellion The interesting bit would be: How to set up written communication under the assumption that networking devices are not trustworthy but that you may be able to build things whose output you can verify and that do not fly into your face.

rAIner Agentic Quantum Rehak 1d ago

@penguinrebellion Yes, this is how technology works.

Penguin Rebellion 1d ago

That sober and banale insight still isn't as widespread as it should be.

Marcos Dione 1d ago

@penguinrebellion we should probably learn an obscure language (sorrily obscure in this example):

https://en.wikipedia.org/wiki/Code_talker

Code talker - Wikipedia

Penguin Rebellion 1d ago

Might also help preserve some endangered languages!

Even a face-to-face conversation during a forest walk might already keep the content of the conversation less readily available than a digitized one.

@penguinrebellion The "end" has always been the app where you type your message into, or view the messages you receive.

And that's why it's important that operating systems do not break the integrity of such features. OSs have always provided privacy options for apps, where apps would ask the OS to not show the app's contents outside of the app itself.

The OS has always been a man-in-the-middle. In the past, it was just a trustworthy one.

Penguin Rebellion 1d ago

Some of them were, yes.

@penguinrebellion even Windows was somewhat trustworthy in that regard a decade ago and earlier. Obviously not as well reviewed independently as FLOSS OSs, but there it had some reputation, and, to my knowledge, there haven’t been any cases (or even the possibility) of secret services remotely accessing data or something, or the OS uploading data without asking.

Penguin Rebellion 1d ago

Not really, though red flags rarely made headlines, and one could never be sure what was "enabled".

And with MS Windows being closed-source, it has never been easy to develop trust in it.

Dual_EC_DRBG Added to Windows Vista - Schneier on Security

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor. It’s not enabled by default, and my advice is to never enable it. Ever. EDITED TO ADD (12/18): I should make this clear that the algorithm is available as a program call. It is not something that the user can enable or disable.

Schneier on Security

@penguinrebellion Still, Microsoft was not collecting their customer's data beforehand, so that the authorities could just request the data from Microsoft. Also, they were not directly reading the contents of application windows / RAM.

Also, in your example, apps would still have been able to use a implement their own random number generator.

@penguinrebellion I absolutely agree that things were not good even back then. Just that they still were a lot better than what OS vendors are doing nowadays.

endolexi 1d ago

@penguinrebellion If only the average user understood this as as the helpful advice that every measure makes it harder and less likely, but never *impossible* for someone to read your stuff or listen in. Sadly, many people read such things however and go "well, then there's no point in trying anyway, I'll just stay with Windows + Google then and let them do what they want".