René Mayrhofer :verified: 🇺🇦 🇹🇼<p>Sigh. We are, as a security community, making good progress on some old as well as some new topics. <a href="https://infosec.exchange/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a>, <a href="https://infosec.exchange/tags/Go" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Go</span></a>, and other memory safe systems languages are going well and having a real impact in reducing memory safety issues - which has been the most important security bug class for decades, and we are finally improving! Compartmentalization and isolation of processes and services have now become common knowledge and the minimum bar for new designs. Security and privacy by design are being honored in many new projects, and not just as lip service, but because the involved developers deeply believe in these principles nowadays. <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> is finally available to most end-users, both for messaging and backups.</p><p>And again and again, we are forced into having discussions (<a href="https://www.theregister.com/2025/04/03/eu_backdoor_encryption/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/03/eu_</span><span class="invisible">backdoor_encryption/</span></a>) about breaking all the progress.</p><p>Let me be clear for Nth time: <br>* We *cannot* build encryption systems that can only be broken by the "good guys". If they are not completely secure, foreign enemy states, organized crime, and intimate partners will break and abuse them as well. There is no halfway in this technology. Either it is secure or it isn't - for and against everybody.<br>* We *cannot* build safe, government-controlled censorship filters into our global messaging apps that are not totally broken under the assumption of (current or future) bad government policies and/or insider attacks at the technology providers (<a href="https://www.mayrhofer.eu.org/talk/insider-attack-resistance-in-the-android-ecosystem/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">mayrhofer.eu.org/talk/insider-</span><span class="invisible">attack-resistance-in-the-android-ecosystem/</span></a>). Either one-to-one communication remains secure and private, or it doesn't (<a href="https://www.ins.jku.at/chatcontrol/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">ins.jku.at/chatcontrol/</span><span class="invisible"></span></a>).<br>* We *cannot* allow exploitation of open security vulnerabilities in smartphones or other devices for law enforcement. If they are not closed, they are exploitable by everybody. "Nobody but us" is an illusion, and makes everybody less secure.</p><p>My latest recorded public talk on the topic was <a href="https://www.mayrhofer.eu.org/talk/secure-messaging-and-attacks-against-it/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">mayrhofer.eu.org/talk/secure-m</span><span class="invisible">essaging-and-attacks-against-it/</span></a>, and nothing factual has changed since then. Policymakers keep asking for a different technological reality than the one we live in, and that sort of thing doesn't tend to produce good, sustainable outcomes.</p><p>(Edited to only fix a typo. No content changes.)</p><p>CC <span class="h-card" translate="no"><a href="https://chaos.social/@epicenter_works" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>epicenter_works</span></a></span> <span class="h-card" translate="no"><a href="https://eupolicy.social/@edri" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>edri</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@suka_hiroaki" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>suka_hiroaki</span></a></span> <span class="h-card" translate="no"><a href="https://social.heise.de/@heisec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>heisec</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@matthew_d_green" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>matthew_d_green</span></a></span> <span class="h-card" translate="no"><a href="https://eupolicy.social/@ilumium" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ilumium</span></a></span></p>
Recent searches
No recent searches
Search options
Only available when logged in.
beige.party is one of the many independent Mastodon servers you can use to participate in the fediverse.
A home to friendly weirdos. The Grey Gardens of the Fediverse (but beige). Occasionally graphically cacographic. Definitely probably not a cult (though you'll never be 100% sure). Beige-bless 🙏
Administered by:
Server stats:
445active users
beige.party: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#e2ee
24 posts · 17 participants · 0 posts today
Scimmia di Mare<p><span class="h-card" translate="no"><a href="https://livellosegreto.it/@kenobit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kenobit</span></a></span> ho letto e condivido tutto.<br>Solo una accortezza: <a href="https://mastodon.uno/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> non è cifrato <a href="https://mastodon.uno/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a>. Se posso fidarmi di te, non ho idea di chi sia il tuo host o, se lo tieni a casa, il tuo ISP.<br>Ed in ogni caso, a queste condizioni, compromettere un nodo significa esporre molta gente a rischio.</p>
PrivacyDigest<p><a href="https://mas.to/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> Effort To Keep <a href="https://mas.to/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://mas.to/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> Fight <a href="https://mas.to/tags/Secret" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Secret</span></a> Is Blocked - Slashdot <br><a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> </p><p><a href="https://apple.slashdot.org/story/25/04/07/1444256/uk-effort-to-keep-apple-encryption-fight-secret-is-blocked?utm_source=rss1.0mainlinkanon&utm_medium=feed" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apple.slashdot.org/story/25/04</span><span class="invisible">/07/1444256/uk-effort-to-keep-apple-encryption-fight-secret-is-blocked?utm_source=rss1.0mainlinkanon&utm_medium=feed</span></a></p>
Open Rights Group<p>ORG has joined 237 civil society groups, companies and cybersecurity experts in an open letter to members of the Swedish Riksdag.</p><p>We call on them to reject legislation that would force companies to undermine the encryption of their services.</p><p>Read more ⬇️</p><p><a href="https://www.globalencryption.org/2025/04/joint-letter-on-swedish-data-storage-and-access-to-electronic-information-legislation/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">globalencryption.org/2025/04/j</span><span class="invisible">oint-letter-on-swedish-data-storage-and-access-to-electronic-information-legislation/</span></a></p><p><a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Ian Brown 👨🏻💻<p>Love this, as I hate bloody voice notes! <a href="https://eupolicy.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> and on-device. Question: are they are used anyway to train WA model? 🧐 <a href="https://eupolicy.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatsApp</span></a> <a href="https://eupolicy.social/tags/VoiceNote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceNote</span></a> <a href="https://eupolicy.social/tags/transcripts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transcripts</span></a></p>
ilias :thepiratebay:<p>well the whole thing just gets more interesting :blobcatpopcornnom: </p><p><a href="https://www.bbc.co.uk/news/articles/cvgn1lz3v4no" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bbc.co.uk/news/articles/cvgn1l</span><span class="invisible">z3v4no</span></a></p><p><a href="https://mstdn.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://mstdn.social/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://mstdn.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://mstdn.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://mstdn.social/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedKingdom</span></a> <a href="https://mstdn.social/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a></p>
Open Rights Group<p>There is now the opportunity for some public scrutiny of the UK government’s decisions to attack technologies that keep us safe online.</p><p>We must stand against the attack on encryption.</p><p>Sign and share our petition to keep Apple data encrypted ⬇️</p><p><a href="https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">you.38degrees.org.uk/petitions</span><span class="invisible">/keep-our-apple-data-encrypted</span></a></p><p><a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apple</span></a> <a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpolitics</span></a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpol</span></a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Open Rights Group<p>"This is bigger than the UK and Apple.</p><p>The Court’s judgment will have implications for the privacy and security of millions of people around the world.</p><p>Such an important decision cannot be made behind closed doors and we welcome the IPT’s decision to bring parts of the hearing into the open."</p><p>🗣️ <span class="h-card" translate="no"><a href="https://social.openrightsgroup.org/@jim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jim</span></a></span> – ORG Executive Director.</p><p><a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apple</span></a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpol</span></a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpol</span></a></p>
Open Rights Group<p>Earlier this year, the UK government ordered Apple to grant it access to encrypted data stored by Apple users worldwide in its cloud service.</p><p>The secret order was made under the Investigatory Powers Act and the government has tried to keep the public in the dark ever since. Even when Apple appealed the order.</p><p>Now there will be some level of transparency with today's decision.</p><p><a href="https://www.reuters.com/technology/apple-appealing-against-uk-governments-back-door-order-tribunal-confirms-2025-04-07/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reuters.com/technology/apple-a</span><span class="invisible">ppealing-against-uk-governments-back-door-order-tribunal-confirms-2025-04-07/</span></a></p><p><a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apple</span></a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpolitics</span></a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpol</span></a></p>
Open Rights Group<p>BREAKING: The UK government's attempt to hold the Apple encryption case entirely in secret has been REJECTED.</p><p>ORG, Big Brother Watch and Index on Censorship made a submission to the court arguing for open justice.</p><p>In a win for privacy rights, the court agrees.</p><p>It said it didn't accept “that the revelation of the bare details of the case would be damaging to the public interest or prejudicial to national security”.</p><p><a href="https://www.openrightsgroup.org/press-releases/ipt-supports-orgs-call-for-open-hearing-in-apple-encryption-case-uk/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">openrightsgroup.org/press-rele</span><span class="invisible">ases/ipt-supports-orgs-call-for-open-hearing-in-apple-encryption-case-uk/</span></a></p><p><a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apple</span></a> <a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpolitics</span></a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ukpol</span></a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>
Jim Killock<p>BREAKING: VICTORY for <span class="h-card" translate="no"><a href="https://social.openrightsgroup.org/@openrightsgroup" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>openrightsgroup</span></a></span> BBW and <span class="h-card" translate="no"><a href="https://mastodon.xyz/@privacyint" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>privacyint</span></a></span> and others</p><p>The <a href="https://social.openrightsgroup.org/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> IPT case will be held in open, including the bare details of the case, so that the principles of the issue can be discussed! <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>
Ian Brown 👨🏻💻<p>BOOOOM! UK Investigatory Powers Tribunal dismisses with extreme prejudice (§43) the UK <a class="hashtag" href="https://bsky.app/search?q=%23HomeOffice" rel="nofollow noopener noreferrer" target="_blank">#HomeOffice</a> attempt to cover up the case brought by <a class="hashtag" href="https://bsky.app/search?q=%23Apple" rel="nofollow noopener noreferrer" target="_blank">#Apple</a> against the global snooping order from the Home Office against Advanced Data Protection 🚀 h/t <a class="mention" href="https://bsky.app/profile/kind.ac" rel="nofollow noopener noreferrer" target="_blank">@kind.ac</a> <a class="hashtag" href="https://bsky.app/search?q=%23IPT" rel="nofollow noopener noreferrer" target="_blank">#IPT</a> <a class="hashtag" href="https://bsky.app/search?q=%23ADP" rel="nofollow noopener noreferrer" target="_blank">#ADP</a> <a class="hashtag" href="https://bsky.app/search?q=%23E2EE" rel="nofollow noopener noreferrer" target="_blank">#E2EE</a> <a href="https://www.judiciary.uk/wp-content/uploads/2025/04/Apple-v-Secretary-of-State-for-the-Home-Department.pdf" rel="nofollow noopener noreferrer" target="_blank">www.judiciary.uk/wp-content/u...</a><br><br><a href="https://www.judiciary.uk/wp-content/uploads/2025/04/Apple-v-Secretary-of-State-for-the-Home-Department.pdf" rel="nofollow noopener noreferrer" target="_blank">judiciary.uk/wp-content/upl...</a></p>
Hache☕<p>Si usas <a href="https://masto.es/tags/GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GMail</span></a> y te has enterado de su última afirmación de introducir un verdadero <a href="https://masto.es/tags/cifrado" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cifrado</span></a> de extremo a extremo: es mentira.</p><p>Google tiene el control y/o no puedes hacer nada en contra de que Google tome el control en cualquier momento. </p><p>El <a href="https://masto.es/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> real funciona de otra manera: sólo el emisor y el receptor pueden acceder al contenido protegido. </p><p><a href="https://arstechnica.com/security/2025/04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/</span></a></p><p><a href="https://michal.sapka.pl/2025/gmail-e2e-is-as-terrible-as-expected/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">michal.sapka.pl/2025/gmail-e2e</span><span class="invisible">-is-as-terrible-as-expected/</span></a></p><p><a href="https://masto.es/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meta</span></a> también definió el E2EE de tal manera que el mensaje se cifra desde el emisor hasta ellos, se procesa en texto claro y se vuelve a cifrar para la transmisión al receptor.</p><p>No dejes que te engañen con afirmaciones falsas y definiciones erróneas.</p><p><span class="h-card" translate="no"><a href="https://graz.social/@publicvoit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>publicvoit</span></a></span> <a href="https://graz.social/@publicvoit/114295836158573196" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">graz.social/@publicvoit/114295</span><span class="invisible">836158573196</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@phreaknerd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>phreaknerd</span></a></span> <span class="h-card" translate="no"><a href="https://nrw.social/@melsdung" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>melsdung</span></a></span> <span class="h-card" translate="no"><a href="https://punk.cyber77.de/@nocci" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nocci</span></a></span> exakt deshalb rate ich zu <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> ( <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gajim</span></a></span> ) sowie <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME ( <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thunderbird</span></a></span> ), denn nur <a href="https://infosec.space/tags/dezentral" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dezentral</span></a> mit <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> aller <a href="https://infosec.space/tags/Keys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keys</span></a> besteht <em>echte <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a></em>!</p><ul><li>Außerdem funktionieren die einwandfrei via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> und damit auch noch <a href="https://infosec.space/tags/anonym" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>anonym</span></a>!</li></ul><p>Ich helfe gern <em>"<a href="https://infosec.space/tags/Normies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Normies</span></a>"</em> und <em>"<a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a>"</em> darauf umzustellen...</p>
mkj<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xF21D</span></a></span> The way I see it is that even if end-user device security is poor, proper E2EE such as that used by Signal still provides a significant benefit: It shifts the burden of an attacker from wholesale dragnet surveillance (which is easy to do in bulk) to focused attack targetting (very difficult to do in bulk, especially inconspiciously).</p><p>*Even if* device security sucks, which would equally impact other services as well, that *still* provides a privacy benefit.</p><p><a href="https://social.mkj.earth/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> <a href="https://social.mkj.earth/tags/opsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opsec</span></a> <a href="https://social.mkj.earth/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://social.mkj.earth/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a></p>
Debacle<p><span class="h-card" translate="no"><a href="https://social.screamingatmyscreen.com/@fallenhitokiri" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fallenhitokiri</span></a></span> </p><p>Most people seem to believe <a href="https://framapiaf.org/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> were just a misspelling of gmail anyway 🤷</p><p><a href="https://framapiaf.org/tags/mu4e" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mu4e</span></a> <a href="https://framapiaf.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://framapiaf.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://framapiaf.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a></p>
Muminpappa 🇪🇺<p>The government in <a href="https://mastodonsweden.se/tags/Sweden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sweden</span></a> is working on legislation that would force platforms to store and provide law enforcement with access to their users’ communications, including those that are end-to-end encrypted <a href="https://mastodonsweden.se/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> </p><p>The Internet Society is asking security experts, civil society organizations, private industry and trade organizations to sign a <br>"Joint Letter on the Swedish Data Storage and Access to Electronic Information Legislation". </p><p>Please sign before April 7 1 pm UTC.</p><p><a href="https://app.smartsheet.com/b/form/e3cf0c35c3a84837b0accdf21966a554" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.smartsheet.com/b/form/e3cf</span><span class="invisible">0c35c3a84837b0accdf21966a554</span></a></p>
Ian Brown 👨🏻💻<p>UPDATE: it’s the former. Google says: “When the recipient has S/MIME configured, Gmail sends an <a href="https://eupolicy.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> email via <a href="https://eupolicy.social/tags/SMIME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMIME</span></a> (just like it does today).” ✅ <a href="https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">workspace.google.com/blog/iden</span><span class="invisible">tity-and-security/gmail-easy-end-to-end-encryption-all-businesses</span></a></p>
Ian Brown 👨🏻💻<p>Obviously, <a href="https://eupolicy.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> (under order from the US government) could serve compromised “updates” at any time to individual users. </p><p>It would be technically possible to enable users to compare a “fingerprint” (hash) of security-critical plugins they are running, such as the one supporting Gmail’s <a href="https://eupolicy.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> capability. If I can see I’m getting a different plugin for my OS/CPU to 99% of other users on the same platform, that’s a big warning sign. But I haven’t seen such software widely deployed (yet) 🧐</p>
Ian Brown 👨🏻💻<p>Secondly, it’s not clear if <a href="https://eupolicy.social/tags/gmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gmail</span></a> is using this workaround just for message recipients who don’t have their own “digital <a href="https://eupolicy.social/tags/X509" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>X509</span></a> certificates” to enable message encryption yet (which would be justifiable) or not (which would be an improvement over the status quo, but not genuine <a href="https://eupolicy.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a>.)</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload