228 points

The US Govt 5 years ago: e2e encryption is for terrorists. The govt should have backdoors.

The US Govt now: Oh fuck, our back door got breached, everyone quick use e2e encryption asap!

permalink
report
reply
78 points
*

The Australian government tried to straight up ban encryption some years ago.

permalink
report
parent
reply
46 points

I laughed so much at that. Encryption is literally just long complicated numbers combined with other long complicated numbers using mathematical formulae. You can’t ban maths.

If I remember correctly, there’s also a law in Australia where they can force tech companies to introduce backdoors in their systems and encryption algorithms, and the company must not tell anyone about it. AFAIK they haven’t tried to actually use that power yet, but it made the (already relatively stagnant) tech market in Australia even worse. Working in tech is the main reason I left Australia for the USA - there’s just so many more opportunities and significantly higher paying jobs for software developers in Silicon Valley.

permalink
report
parent
reply
14 points

You can’t ban maths.

tell me about it; it tried that against my teacher in middle school

permalink
report
parent
reply
4 points

You can try, and in the US, we have export restrictions on cryptography (ITAR restrictions), so certain products cannot be exported. But you can print out the algorithm and carry it on a plane though, so I’m not sure what the point is…

permalink
report
parent
reply
3 points

I laughed so much at that. Encryption is literally just long complicated numbers combined with other long complicated numbers using mathematical formulae. You can’t ban maths.

Now laugh at banning chemistry and physics (guns and explosives and narcotics). Take a laugh at banning murder too - how do you ban every action leading to someone’s death?

and the company must not tell anyone about it

Any “must not tell” law is crap. Unless you signed some NDA knowing full well what it is about.

Any kind of “national secret disclosure” punishment when you didn’t sign anything to get that national secret is the same.

It’s an order given to a free person, not a voluntarily taken obligation.

That said, you can’t fight force with words.

permalink
report
parent
reply
23 points

Different parts of the government. Both existed then and now. There has for a long time been a substantial portion of the government, especially defense and intelligence, that rely on encrypted comms and storage.

permalink
report
parent
reply
15 points

FBI has definitely always been anti-encryption

permalink
report
parent
reply
18 points

I have never understood why electronic communications are not protected as physical mail

permalink
report
parent
reply
14 points

More like 23 years ago when the Patriot Act was signed, and every time it has been re-authorized/renamed since. Every President since Bush Jr. is complicit, and I’m getting most of them in the previous 70-ish years (or more) wish they could’ve had that bill as well.

permalink
report
parent
reply
178 points

Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who’d have thunk it? 🤦

permalink
report
reply
6 points
*

They knew, they were putting backdoors when they needed them.

Now the new administration will take half of the blame in public opinion (that’s how this works) and also half of the profits, so they won’t investigate too strictly those who’ve done such things.

But also words don’t cost anything. They can afford to say the obvious after the deed has been done.

permalink
report
parent
reply
115 points

It’s probably also good practice to assume that not all encrypted apps are created equal, too. Google’s RCS messaging, for example, says “end-to-end encrypted”, which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.

Start assuming every corporation is evil. At worst you lose some time getting educated on options.

permalink
report
reply
34 points

End to end is end to end. Its either “the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them” or it’s not.

Signal is a more trustworthy org, but google isn’t going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.

permalink
report
parent
reply
51 points
*

google isn’t going to fuck around with this service to make money

Your honor, I would like to submit Exhibit A, Google Chrome “Enhanced Privacy”.

https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should

Google will absolutely fuck with anything that makes them money.

permalink
report
parent
reply
27 points

This. Distrust in corporations is healthy regardless of what they claim.

permalink
report
parent
reply
-1 points
*

Thats a different tech. End to end is cut and dry how it works. If you do anything to data mine it, it’s not end to end anymore.

Only the users involved in end to end can access the data in that chat. Everyone else sees encrypted data, i.e noise. If there are any backdoors or any methods to pull data out, you can’t bill it as end to end.

permalink
report
parent
reply
18 points
*

Signal doesn’t harvest, use, sell meta data, Google may do that.
E2E encryption doesn’t protect from that.
Signal is orders of magnitude more trustworthy than Google in that regard.

permalink
report
parent
reply
10 points

There’s also Session, a fork of Signal which claims that their decentralised protocol makes it impossible/very difficult for them to harvest metadata, even if they wanted to.Tho I personally can’t vouch for how accurate their claims are.

permalink
report
parent
reply
3 points

Agreed. That still doesnt mean google is not doing E2EE for its RCS service.

Im not arguing Google is trustworthy or better than Signal. I’m arguing that E2EE has a specific meaning that most people in this thread do not appear to understand.

permalink
report
parent
reply
17 points

It could be end to end encrypted and safe on the network, but if Google is in charge of the device, what’s to say they’re not reading the message after it’s unencrypted? To be fair this would compromise signal or any other app on Android as well

permalink
report
parent
reply
-4 points
*

That’s a different threat model that verges on “most astonishing corporate espinoage in human history and greatest threat to corporate personhood” possible for Google. It would require thousands if not tens of thousands of Google employees coordinating in utter secrecy to commit an unheard of crime that would be punishable by death in many circumstances.

If they have backdoored all android phones and are actively exploting them in nefarious ways not explained in their various TOS, then they are exposing themselves to ungodly amounts of legal and regulatory risks.

I expect no board of directors wants a trillion dollars of company worth to evaporate overnight, and would likely not be okay backdooring literally billions of phones from just a fiduciary standpoint.

permalink
report
parent
reply

End to end could still - especially with a company like Google - include data collection on the device. They could even “end to end” encrypt sending it to Google in the side channel. If you want to be generous, they would perform the aggregation in-device and don’t track the content verbatim, but the point stands: e2e is no guarantee of privacy. You have to also trust that the app itself isn’t recording metrics, and I absolutely do not trust Google to not do this.

They make so of their big money from profiling and ads. No way they’re not going to collect analytics. Heck, if you use the stock keyboard, that’s collecting analytics about the texts you’re typing into Signal, much less Google’s RCS.

permalink
report
parent
reply
6 points

end to end is meaningless when the app scans your content and does whatever with it

permalink
report
parent
reply
5 points

For example, WhatsApp and their almost-mandatory “backup” feature.

permalink
report
parent
reply
4 points
*

End to end matters, who has the key; you or the provider. And Google could still read your messages before they are encrypted.

permalink
report
parent
reply
2 points

You have the key, not the provider. They are explicit about this in the implementation.

They can only read the messages before encryption if they are backdooring all android phones in an act of global sabotage. Pretty high consequences for soke low stakes data.

permalink
report
parent
reply
2 points

Yup, they can read anything you can, and send whatever part they want through Google Play services. I don’t trust them, so I don’t use Messenger or Play services on my GrapheneOS device.

permalink
report
parent
reply
4 points

Note that it doesn’t mean metadata is encrypted. They may not know what you sent, but they may very well know you message your mum twice a day and who your close friends are that you message often, that kinda stuff. There’s a good bit you can do with metadata about messages combined with the data they gather through other services.

permalink
report
parent
reply
3 points

You may be right for that particular instance, but I’d still argue caution is safer.

permalink
report
parent
reply
2 points

Of course our app is end-to-end encrypted! The ends being your device and our server, that is.

permalink
report
parent
reply
5 points

It’s end to end to end encrypted!

permalink
report
parent
reply
3 points
*

That’s literally what zoom said early in the pandemic.

Then all the business in the world gave them truck loads of money, the industry called them out on it, and they hired teams of cryptographers to build an actual e2ee system

permalink
report
parent
reply
1 point

They do encrypt it and they likely dont send the messages unencrypted.

Likely what’s happening is they’re extracting keywords to determine what you’re talking about (namely what products you might buy) on the device itself, and then uploading those categories (again, encrypted) up to their servers for storing and selling.

This doesn’t invalidate their claim of e2ee and still lets them profit off of your data. If you want to avoid this, only install apps with open source clients.

permalink
report
parent
reply
0 points
*

E2EE means a 3rd party cant extract anything in the messages at all, by definition.

If they are doing the above, it’s not E2EE, and they are liable for massive legal damages.

permalink
report
parent
reply
5 points

If its not Open Source and Audited yearly, its compromised. Your best option for secure comms is Signal and Matrix.

permalink
report
parent
reply
4 points
*

Well yeah, to use RCS on Android, you need to use Google’s Messenger app, so they can absolutely still get your data. Source from GrapheneOS.

I don’t use RCS because I refuse to use Google’s Messenger app. Simple as.

permalink
report
parent
reply
3 points

RCS is an industry standard, not a Google thing.

permalink
report
parent
reply
1 point

End-to-end encryption matters if your device isn’t actively trying to sabotage your privacy.

If you run Android, Google is guilty of that.

If you run Windows in a non-enterprise environment Microsoft is guilty of that.

If you run iOS or MacOS, Apple is (very likely) guilty of that.

permalink
report
parent
reply
1 point

Yup, so I run GrapheneOS without Google at services. It probably doesn’t spy on me, which is nice.

permalink
report
parent
reply
85 points

Like Signal?

permalink
report
reply
23 points
*

Yes, like Signal!
Which does not only use end-to-end encryption for communication, but protects meta data as well:

Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.

Source: https://signal.org/blog/signal-is-expensive/

I haven’t verified that claim investigating the source code, but I’m positive others have.

permalink
report
parent
reply
7 points

Or alternatively, Molly

permalink
report
parent
reply
2 points

I read Molly is forked from Signal. Can I message Signal users from Molly, or do all parties need Molly?

permalink
report
parent
reply
4 points

Molly connects to Signal’s servers, so you can chat with your Signal contacts seamlessly.

permalink
report
parent
reply
3 points

From my experience parties are always better with Molly

permalink
report
parent
reply
-1 points

No, BPs are a risk. Better to avoid apps that require phone numbers

permalink
report
parent
reply
83 points
*

until the republicans ban them so they can find queer kids and pregnant people getting healthcare and people reading books

permalink
report
reply
17 points

A good advice: start learning how to self host, specially a matrix instance.

permalink
report
parent
reply
8 points

How does that help me hook up on Grindr?

permalink
report
parent
reply
7 points

There’s no fediverse replacement for Grindr yet? I’m honestly surprised.

There should at least be an OSS one though right? Like an OpenGrindr? Or a LibreGrindr?

permalink
report
parent
reply
6 points

It let you send videos to someone over the grindr limit.

Please don’t ask how I know that grindr only let you send 10 short videos per day.

permalink
report
parent
reply
4 points

I’m afraid you’re going to have to cruise irl

permalink
report
parent
reply
-35 points
*

All that happens under Dems, too. Stop giving them a pass.

Y’all keep hitting that downvote button. I’d like to know how many of you are ok with fascism when it’s a Dem at the helm.

permalink
report
parent
reply
44 points

Yup. The Apple-FBI encryption dispute started under Obama, as did the Snowden leak.

Neither party is particularly pro-encryption, because governments in general see encryption by the public a hurdle for their operations (i.e. you don’t need encryption if you have nothing to hide).

Encryption isn’t a partisan issue, and my understanding is that both major parties suck about equally on this issue.

permalink
report
parent
reply
17 points

It’s a wonder they’re not also trying to outlaw printing presses at this point. They openly believe that we are not entitled to private conversations.

permalink
report
parent
reply
16 points

The Snowden leaks came out when Obama was president. Obama was the one who said, “The only people who don’t want to disclose the truth are people with something to hide”. The republicans and democrats are the same fucking people.

permalink
report
parent
reply
15 points

Only if you look at it in the most general, limited, pov. Are they the same people on corporate greed? Not all, but mostly yes. Are they the same people on encryption? Yes. Are they the same on human rights? Absolutely fucking not. If the only thing important for you is encryption, voting isn’t going to change the government’s policy decisions. However, if things other than encryption and corporate greed are important, then voting for a Republican is voting against your interests. History is filled with people who can’t see past their own fucking biases and look out for the greater interest… So you have a lot of historical company.

permalink
report
parent
reply
1 point

The republicans and democrats are the same fucking people.

In many cases, literally. From Michael Bloomberg and Liz Cheney to Donald Trump and Joe Manchin, the number of cross-overs and turn-coats who end up getting into leadership in their opponent’s parties is absolutely crazy. The Nixonian Southern Strategy did one thing brilliantly. It completely crossed the wires of the partisan voter for three generations to the benefit of the corporate oligarchs who get to play both ends against the middle.

permalink
report
parent
reply
13 points
*

All that happens under Dems, too

Fucking what? Which democrats are banning books and putting together lists of trans children?

And no, I’m not a fan of the DNC, I’m just not a fucking dishonest piece of shit.

permalink
report
parent
reply
-10 points

Which Dems are stopping it?

permalink
report
parent
reply
2 points

Those downvoting need to learn about the PATRIOT act and FISA “courts”.

permalink
report
parent
reply
0 points
*

Those downvoting aren’t the type of people who enjoy challenging their worldview. They won’t look at shit.

permalink
report
parent
reply
2 points

As if most of the legal provisions for widespread surveillance were not done under Clinton administration.

permalink
report
parent
reply
0 points

Dumb people are down voting you despite the fact that you’re 1000000% correct.

Leftists need to stop defending the Democratic party so hard, it’s making them look like neo liberals

permalink
report
parent
reply
5 points
*

Wait what? You know that leftists dislike Democrats, right?

Are you really not aware they are two different things?

permalink
report
parent
reply
1 point

Leftists need to stop defending the Democratic party

The joke of it is you’re either with the Democratic Party or you’re a hyper-authoritarian anti-democratic Russia/China loving Tankie. You will eat your police state and you will like it, because otherwise the Bigger Fascists will win.

permalink
report
parent
reply
-1 points

It’s just treated like team sports for so many people. It doesn’t matter what the team does, it’s offensive to them to criticize it at all.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 15K

    Monthly active users

  • 6.7K

    Posts

  • 153K

    Comments