Penguin Rebellion2d ago

It is useful to keep in mind there can never be any kind of actual end-to-end encryption (#E2EE).

Your understanding of "end" is probably deliberately ignorant.

While you understandably so wish to believe the "end" was in the respective minds of the conversation partners, it is factually and technically located in the hardware and software of the devices used.

Which opens up a myriad of surveillance options, from sinister keyloggers; to simply glancing at your screens; to "AI" "assistants" "summarizing" what you're receiving, and allegedly just "fleshing out" what you're sending.

Even if conversation data was transmitted, "end-to-end encrypted", between brain implants, the producers or vendors of such implants would still happily provide backdoors for "law enforcement".

Show threadlizbian1d ago

@penguinrebellion The "end" has always been the app where you type your message into, or view the messages you receive.

And that's why it's important that operating systems do not break the integrity of such features. OSs have always provided privacy options for apps, where apps would ask the OS to not show the app's contents outside of the app itself.

The OS has always been a man-in-the-middle. In the past, it was just a trustworthy one.

Show threadPenguin Rebellion

@lizbian

Some of them were, yes.

Apr 7 at 9:07amWeb
Show threadlizbian1d ago
@penguinrebellion even Windows was somewhat trustworthy in that regard a decade ago and earlier. Obviously not as well reviewed independently as FLOSS OSs, but there it had some reputation, and, to my knowledge, there haven’t been any cases (or even the possibility) of secret services remotely accessing data or something, or the OS uploading data without asking.
Show threadPenguin Rebellion1d ago

@lizbian

Not really, though red flags rarely made headlines, and one could never be sure what was "enabled".

And with MS Windows being closed-source, it has never been easy to develop trust in it.

Dual_EC_DRBG Added to Windows Vista - Schneier on Security

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor. It’s not enabled by default, and my advice is to never enable it. Ever. EDITED TO ADD (12/18): I should make this clear that the algorithm is available as a program call. It is not something that the user can enable or disable.

Schneier on Security
Show threadlizbian1d ago

@penguinrebellion Still, Microsoft was not collecting their customer's data beforehand, so that the authorities could just request the data from Microsoft. Also, they were not directly reading the contents of application windows / RAM.

Also, in your example, apps would still have been able to use a implement their own random number generator.

Show threadlizbian1d ago
@penguinrebellion I absolutely agree that things were not good even back then. Just that they still were a lot better than what OS vendors are doing nowadays.