This is a most excellent place for technology news and articles.
The US Govt 5 years ago: e2e encryption is for terrorists. The govt should have backdoors.
The US Govt now: Oh fuck, our back door got breached, everyone quick use e2e encryption asap!
The Australian government tried to straight up ban encryption some years ago.
I laughed so much at that. Encryption is literally just long complicated numbers combined with other long complicated numbers using mathematical formulae. You can't ban maths.
If I remember correctly, there's also a law in Australia where they can force tech companies to introduce backdoors in their systems and encryption algorithms, and the company must not tell anyone about it. AFAIK they haven't tried to actually use that power yet, but it made the (already relatively stagnant) tech market in Australia even worse. Working in tech is the main reason I left Australia for the USA - there's just so many more opportunities and significantly higher paying jobs for software developers in Silicon Valley.
You can try, and in the US, we have export restrictions on cryptography (ITAR restrictions), so certain products cannot be exported. But you can print out the algorithm and carry it on a plane though, so I'm not sure what the point is...
Different parts of the government. Both existed then and now. There has for a long time been a substantial portion of the government, especially defense and intelligence, that rely on encrypted comms and storage.
FBI has definitely always been anti-encryption
I have never understood why electronic communications are not protected as physical mail
Because the USA has been a broken fascist husk ever since the red scare and has been in slow decline ever since.
Lobbying as well as developmental issues I would assume. I'm no real developer just yet but I'd imagine creating robust security protocols is time-consuming and thinking of every possible vulnerability is not entirely worth it.
No, security is pretty easy and has been for decades. PGP has been a thing since 1991, and other encryption schemes were a thing long before. ProtonMail uses PGP and SMTP, the latter of which predates PGP by about a decade (though modern SMPT with extensions wasn't a thing until 1995).
So at least for email, there's little technical reason why we couldn't all use top of the line security. It's slightly more annoying because you need to trade keys, but email services could totally make it pretty easy (e.g. send the PGP key with the first email, and the email service sends it with an encrypted reply and stores them for later use).
The reason we don't is because servers wouldn't be able to read our email. The legitimate use case here is searching (Tuta solves this by searching on the client, ProtonMail stores unencrypted subject lines), and 20 years ago, that would've been a hardship with people moving to web services. Today, phones can store emails, so it's not an issue anymore, so it probably comes down to being able to sell your data.
Many to many encryption is more complicated (e.g. Lemmy or Discord), so I understand why chat took a while to be end to end encrypted (Matrix can do this, for example), but there are plenty of FOSS examples today, and pretty much every device has encryption acceleration in the CPU, so there's no technical reason why it's impractical today.
The reason it's not uniquitous today is because data is really valuable, both to police and advertisers.
Question for more tech savvy people: should I be worried about wiping old data, and if so for which apps? Just messaging apps, or also email and social media? Or can I just use the encrypted apps moving forward?
That depends on the privacy protections where you live and the policies of each service:
For the first two, I wouldn't bother. I personally poisoned my data with Reddit before leaving, because I've heard of then reversing deletions. For the third, deleting may make sense.
But in general, I'd keep your other accounts open until you fully transition to the new one.
Below is information when considering a replacement service.
Anything where data is stored on a server you don't directly control can be leaked or subpoenad from the org that owns that server. Any unencrypted communication can be intercepted, and any regular encryption (HTTPS) can be logged by that server (e.g. under court order without notifying the customer).
Even "secure" services can be ordered to keep logs. Here's an example from Proton mai, and here's one involving Tutanota.
So it depends on your threat model, or in other words, who you're trying to keep away from your data. Just think about how screwed you might be if:
The answers to the above should help you decide which to type of service you'd feel comfortable with, and what tradeoffs you're willing to make.
just wanted to add that deleting an app will not result in deletion of your data stored in the cloud (e.g. your emails)
Real encrypted apps, ...or just the ones their own government can use to spy on them?
In the voice of Nelson Muntz: "Nobody spies on our citizens but us!"
It's probably also good practice to assume that not all encrypted apps are created equal, too. Google's RCS messaging, for example, says "end-to-end encrypted", which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.
Start assuming every corporation is evil. At worst you lose some time getting educated on options.
RCS is an industry standard, not a Google thing.
If its not Open Source and Audited yearly, its compromised. Your best option for secure comms is Signal and Matrix.
Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who'd have thunk it? 🤦
