Privacy

1189 readers

720 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be nice, civil and no bigotry/prejudice.
No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
Stay on topic.
Don't promote big-tech software.
No reposting of news that was already posted. Even from different sources.
No crypto, blockchain, etc.
No Xitter links. (only allowed when can't fact check any other way, use xcancel)

Related communities:

founded 3 months ago

MODERATORS

[email protected]

101

Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps (go.theregister.com)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

19 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 1 week ago (1 children)

Eh, just doing it for the good PR I guess. UK is still going to get access to everyone's files through the NSA-to-UK pipeline.

[–] [email protected] 3 points 1 week ago (1 children)

I wouldn't be completely sure.

The NSA doesn't just do whatever is the worst thing for everyone at every given time. There's no particular guarantee that the NSA will share any given communication with any given UK agency that wants it at the drop of a hat, although for major problems (like climate activists! those awful people /s) they may share pretty freely. E2EE is still a significant obstacle even if the NSA has it broken completely.
There's no guarantee that the NSA has broken it completely. Edward Snowden's leaks about how the NSA had HTTPS broken are a fascinating and rare window into what the reality of their secret capabilities actually are. TL;DR, they either couldn't or didn't want to spend the resources to break the core encryption, so instead they arranged to smuggle subtly insecure master keys into vital places in the supply chain, so that they could exploit the flaws in those keys and read a significant fraction but not all HTTPS traffic (the fraction that was derived from those insecure keys). Of course their capabilities have improved since then, but so have the standards of encryption. I think the assumption "they can read some but not all encrypted traffic" is probably a good ballpark to use for their present-day capabilities, after however many years of both sides of the arms race continuing to evolve in tandem from that point.

[+] bokherif -6 points 1 week ago (2 children)

Wrong
Wronger

[–] [email protected] 3 points 1 week ago (1 children)

Lemmy conversational interchange in a nutshell lol

[–] bokherif -2 points 1 week ago (2 children)

Lol I mean honestly if you believe that the governments allow people to use tech that they don’t have a backdoor in, I believe that’s good for your mental health. Just a bit naive is all.

[–] [email protected] 5 points 1 week ago* (last edited 1 week ago)

Not everything that happens in every single software company, university, and so on, all across the land, is because the government has "allowed" it. For one thing, a lot of cryptography research and software development happens outside of "the" country, far from anywhere that "the" governments would be able to allow it or not.

Actually, the US government in the 90s actually did make a really substantial effort to make it illegal to use cryptography that they couldn't crack. Their efforts did not meet with universal success even before they abandoned them. That was the whole impetus behind T-shirts with the PGP source code (And tattoos! Seriously, one of my friends met somebody with a PGP source code tattoo, back when it was questionably legal to have one.) There are quotes by many many people about the limits of what the government is able to dictate to people that they are and are not able to do, even in very strict totalitarian societies.

You seem very confident in your opinion so I won't try to dissuade you from it any further. Just taking a little time to try to shed some light. There actually are ways you can find out about how this stuff works in reality, though, to at least a little bit of an extent. Like I said, the Snowden leaks are a really good and fascinating way.

Best of luck! Starting from a standpoint of total skepticism and suspicion of everything online-related and government-related probably isn't a bad place to start from, all things considered.

[–] [email protected] 2 points 1 week ago

The governments doesn't control enough of the world's programmers to pull that off

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago)

Ask any competent cryptographer who read the docs and they'll tell you otherwise

(small sidenote: what the docs implied about cryptographic capabilities made it sound like they exploited weak reused Diffie-Hellman finite field primes - the description of advances in capabilities matched this outcome nearly exactly)

Feel free to visit [email protected] if you want to discuss details