Various lawmakers in different countries are proposing to require messaging services to provide a mechanism for law enforcement to decrypt end-to-end encrypted messages. This kind of legislation fundamentally misunderstands how easy it is for bad people to build their own end-to-end encryption layers on top of other messaging systems.[...]This repository contains a trivial demonstration of this. It builds a simple tool that allows sending end-to-end encrypted messages over any messaging service, including plain old SMS (though message-length limits may cause problems there). It is 186 lines of code (and depends on a load of off-the-shelf open-source libraries) and took about an hour to write.[...]Frequently asked questions
- Isn't this too complex for end users to use? It requires using a command line and stuff.
- What happens if someone intercepts the key-exchange messages?
- What happens if an attacker uses the attack from XKCD 538?
- Where do all of these words come from?
pull down to refresh
related posts
64 sats \ 1 reply \ @ek 23 Apr freebie
The unfortunate (or fortunate?) reality is that the big fish will do whatever it takes to not spend their life in prison while everyone else will be under constant surveillance without E2EE but with all implications of that.
I think the answer in the link is about intercepting encrypted messages but not about the key exchange. If you're able to intercept the key exchange (man-in-the-middle attack), the scheme is fucked. You need to be absolutely sure you're using the correct public key. That's why the phone call is mentioned: use a second channel for multi-factor authentication (MFA).
You're fucked but this attack doesn't work on scale so hopefully you're not among the biggest big fishes.
reply
0 sats \ 0 replies \ @jgbtc 23 Apr
I never thought about it before but that XKCD comic is pretty stupid. it pokes fun at an extremely specific and unlikely scenario where good encryption is useless. Yes sure, but the other 99% of the time it's very good to have.
reply
29 sats \ 0 replies \ @DEADBEEF 23 Apr
There’s no way to put the genie back in the bottle. E2E encryption is here to stay. Even if it is banned for law abiding citizens, criminals will continue to use it to break the law.
reply
16 sats \ 0 replies \ @beorange 23 Apr
In theory, it is possible, lawmakers just have to write a "law". In practice, it is another story.
reply
16 sats \ 0 replies \ @Coinsreporter 23 Apr
Now, after reading from the link. I learned that this whole narrative of End to End encryption is plausible and can very well be adopted by those who have a lot to hide.
I'm not so technical so I only can view its impact on our behaviour but this doesn't seem to me a real problem solved.
reply
16 sats \ 0 replies \ @Hamstr 23 Apr freebie
I don't think EE2E is plausible. And even if it were. anon dev could just spring about. And if they don't- people could self host.
ALSO, if they ban this-- CAN WE BAN MILLIONAIRE and BILLIONAIRE codes???
reply
0 sats \ 2 replies \ @Coinsreporter 23 Apr
-
It's surely difficult and complex.
-
I don't know.
-
What is XKCD 538?
-
They come from children's homework diary? Lol.
reply
0 sats \ 1 reply \ @0xbitcoiner OP 23 Apr
The answers are on the website :)
reply
0 sats \ 0 replies \ @Coinsreporter 23 Apr
I'm reading it now, though got intrigued to reply because of the meme. That's seriously funny.
reply