Ⓜ3️⃣3️⃣ 🌌

m33@theprancingpony.in

💻 Unix - Infosec - OSS enthusiast

🏍️ 2 wheels and should be enough for everyone

☔ Something wrong with me ? feel offended ? that was probably not on purpose: Please turn Internet off then on again...

Network Posts

Bree

Meriador (Middle-earth)

@m33:nitro.chat

Ⓜ3️⃣3️⃣ 🌌

3 months ago •

Ⓜ3️⃣3️⃣ 🌌
3 months ago •

Gov backdoor in encrypted services, UK, France, Sweden...

What a world to live in because
1. we may (?) actually need that because of bad guys
2. good guys goes bad breaking privacy and service integrity with backdoors
3. bad guys will be bad guys and use backdoors too

theregister.com/2025/02/26/sig…

#privacy #e2ee #cybersecurity #sweden #signal

Signal will withdraw from Sweden if encryption-busting laws take effect

Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect

^{Connor Jones (The Register)}

in reply to Ⓜ3️⃣3️⃣ 🌌

David Chisnall (Now with 50% more sarcasm!)

in reply to Ⓜ3️⃣3️⃣ 🌌 • 3 months ago • •

I feel like this fundamentally misses the point.

It's not just that backdoors are intrinsically targets for bad actors, it's that they don't help. Encryption isn't some magic that only big companies can produce. With off the shelf libraries, it takes a really small amount of code to write something that encrypts and decrypts messages. If Signal has a back door, then a bad person can still use it as a transport for messages that they're encrypting with keys that they're distributing via some other mechanism.

If you do this, then the messages seen via the backdoor will be gibberish. At that point, law enforcement can say 'aha, you're using additional encryption, you're either a criminal or paranoid', but that doesn't really help them much.

GitHub - davidchisnall/banning-e2ee-is-stupid: Do you think banning end-to-end encryption is plausible? Think again.

Do you think banning end-to-end encryption is plausible? Think again. - davidchisnall/banning-e2ee-is-stupid

^GitHub

in reply to David Chisnall (*Now with 50% more sarcasm!*)

Ⓜ3️⃣3️⃣ 🌌

in reply to David Chisnall (*Now with 50% more sarcasm!*) • 3 months ago •

Yes of course, thanks for this complement. Anything above the transport will add another layer of obfuscation, and essentially give you more time before a breach.

With that said, it may be such an inconvenience regarding the primary use of instant messaging that I doubt actual bad guys would still use it like that.

Plus symmetrical encryption is good enough for a proof of concept, managing a key infrastructure is out of reach from many.

Anyway that’s a good point you’ve made on your GitHub publication 👍

⇧