End to end encryption under threat
- Thread starter Mynight
- Start date
Fair enough - my information might well be outdated as I don't deal with physical security in my day job. I'd be interested to know why master keys aren't required for cylinder locks but I guess I won't find out
It's really ok to just admit you don't understand the technology well enough, I don't think anyone would think less of you for doing so.
It's a lot better than trying to argue from a point of view as if you do.
As I mentioned earlier in this thread, please don't assume that open source means there's no backdoor. It just means that it can be found if you possess the ability to look for it.
There's also the other huge potential problem with not knowing that what you're getting off the Google Play store has been compiled from the publicly available source code, or that malware inserted on your device hasn't installed a certificate that will show a download from the store to be the actual file uploaded to it by the app developer, and you aren't being MITMd.
True, but it's much better than alternatives such as whatsapp where nobody knows if there implementation of textsecure is safe at all.
I feel much more comfortable using signal than any other app for messaging.
And I am not going to compile every version myself because I don't have the motivation to.
Incidentally, speaking of Whatsapp, anyone see that it got banned in Brazil for failing to comply with court orders to aid local law enforcement. Corporations are not more powerful than governments - only weak governments who let themselves be walked all over.
Thing is though - while a gross generalisation bad people who are using stuff like whatsapp to communicate are likely going to be sloppy enough to be caught by good old detective work and putting a bit of effort and resources into gathering intel, etc. those that are really hiding behind encryption are going to be doing things like using proprietary algorithms and piggybacking other services to communicate i.e. using a gaming platform that syncs saves/settings and embedding encrypted strings into the game variables or other ingame features and then using the platform's syncing service to send and receive messages - no amount of backdooring or weakening encryption will help there - spending the money and putting in the efforts to gather intel, etc. is still required.
Ah but the libertardians can and do when they think it furthers their argument
Other than veiled insults and a demonstration of a lack of understanding of the topic at hand, what are you bringing to this discussion? It seems to be progressing quite nicely, if you have an opinion then feel free to present it and defend your points.
http://dspace.mit.edu/handle/1721.1/97690. It's an interesting read if you've the time.
"means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws." - its something I don't think most people comprehend the implications of including unfortunately many of those in a position to enforce or push for changes - until inevitably those problems are exploited by bad people - in this case though the implications could be catastrophic.
let's ban people meeting closed doors and whispering to each other because terrorism.
government full of words I cannot repeat here.
Uk and most, if not all the west alarmingly authoritarian already, plus Australia and canada now proto police states, and what has it achieved.. FA.
Responding to "Nothing to hide, Nothing to fear"
https://www.openrightsgroup.org/blog/2015/responding-to-nothing-to-hide-nothing-to-fear
tldr: meaning if you have something to hide (you wish to remain private) you have something (authoritarian government) to fear.
slippery slope with the sort of people in charge I would not trust to baby sit a small child or walk a dog. Utterly out of touch power mad %^%$$!
government full of words I cannot repeat here.
Uk and most, if not all the west alarmingly authoritarian already, plus Australia and canada now proto police states, and what has it achieved.. FA.
Responding to "Nothing to hide, Nothing to fear"
https://www.openrightsgroup.org/blog/2015/responding-to-nothing-to-hide-nothing-to-fear
tldr: meaning if you have something to hide (you wish to remain private) you have something (authoritarian government) to fear.
slippery slope with the sort of people in charge I would not trust to baby sit a small child or walk a dog. Utterly out of touch power mad %^%$$!
I believe there is - any British Standard lock manufacturer will make master keys available to privileged people. I don't exactly know how the system works (for obvious reasons people don't like talking about it) but it's what I've been led to believe.
Lockpicking ain't like in computer games - from what I understand if you lose your keys the main reason for calling a locksmith is so that he can put a new lock in after he's broken the original one
no its not like computer games (and if a master key system was in place it would be very common knowledge as there is quite a lock picking community and it would be a national news story, master keyed locks are quite obvious from the internals) but if you've lost a key its safer and quicker to drill and replace a lock cause you know you're key is out there somewhere...
no they aren't, having a master key option costs more because of the increased complexity of the design to prevent it making it less secure.
i think the Paris terrorists just used cheap mobile phones and normal SMS text. no encryption whatsoever.
Utterly retarded idea from an idiotic government. All of the recent terrorist attacks were committed by people already known to intelligence services. We need to give them more resources to follow up on these things, not more powers to infringe on everyone else's privacy.
Funny thinking about that. Governments has plenty to hide and plenty to fear.
The issue I have with trying to ban encryption is that methods that generate unbreakable perfect forward secrecy (for example OTPs) are absolutely not complex enough to require computational power. That means that the only losers are people who rely on encryption to help prevent theft/fraud - online banking and so on.
Mathematical weaknesses (including deliberate backdoors) in ciphers are a problem because once they are discovered by someone in the public domain, the encryption scheme becomes essentially useless. Trust in the cipher is everything and deliberate backdoors undermine that trust from day 1.
Mathematical weaknesses (including deliberate backdoors) in ciphers are a problem because once they are discovered by someone in the public domain, the encryption scheme becomes essentially useless. Trust in the cipher is everything and deliberate backdoors undermine that trust from day 1.
I found this particularly relevant to this discussion:
https://theintercept.com/2015/12/23/juniper-firewalls-successfully-targeted-by-nsa-and-gchq/
I quite simply do not trust government not to abuse their power if given access via a backdoor. The argument that use of such a backdoor would be controlled by laws is completely irrelevant when the various agencies have demonstrated that they don't seem to care about laws.
https://theintercept.com/2015/12/23/juniper-firewalls-successfully-targeted-by-nsa-and-gchq/
I quite simply do not trust government not to abuse their power if given access via a backdoor. The argument that use of such a backdoor would be controlled by laws is completely irrelevant when the various agencies have demonstrated that they don't seem to care about laws.
http://www.breitbart.com/london/201...computers-and-other-electronic-devices-legal/
Turns out that GCHQ have been operating within the law all along. Now perhaps we can stop criticising them and let them get on with their jobs of trying to protect us all?
Turns out that GCHQ have been operating within the law all along. Now perhaps we can stop criticising them and let them get on with their jobs of trying to protect us all?