Return to Level1Techs.com

Don’t Break strong encryption, Back door the app

#1

So private messaging apps and services have been able to defend our privacy by denying spies request for encryption keys they don’t have.
Looks like some bright sparks might work around the “Issue” by forcing the services/apps to forward all the messages before they are sent/encrypted.
I’m hoping I’m reading this wrong, but if they get their way, could mean trouble for all of us…
Though I have to admit, if I heard about it back in 2018, I must have blocked it out of my mind… :frowning:

0 Likes

#2

6 Likes

#3

Soon enough we’ll have to go to deep web just to use a safe messenger

0 Likes

#4

Or just use Librem stuff.

Their messaging service is E2E and there’s no way in hell they’ll comply with any of this.

1 Like

#5

Or just use Librem stuff.

Any sufficiently large third-party service will be a target of this, if passed.

It’s impossible to collect a large cache of user data and not eventually become a target for surveillance.

When faced with a court order, they’ll either comply or stop offering the service to users in that jurisdiction.

Geo-arbitrage helps here a little bit, but I’m not personally confident that’s enough. The FBI wants the same damned thing, and governments have a tendency to share Really Bad Ideas™.

0 Likes

#6

I figured it the same way.
I don’t want to say I have nothing to hide, so nothing to fear, because that is selfish, and only lasts as long as my government isn’t too corrupt or too overbearing.
If I wait till that is not the case, it’s too late.
Also other places/people are not in the same boat…

0 Likes

#7

Do companies still do warrant canaries?
I.e. a new one saying “We do not currently copy your data/share it with anyone other than the contacts you directly send it to” or similar?

1 Like

#8

Do companies still do warrant canaries?

Some still do. Usually smaller companies. Purism included.

Larger companies wrap it into their Transparency Reports. The secret courts don’t let them say exactly how many requests for user data they get, so most use ranges these days.

“We have received 0 requests for user data.”

or

“We have recieved between 1 and 150 requests for user data.”


Some examples:

Microsoft - https://www.microsoft.com/en-us/corporate-responsibility/lerr/
Google - https://transparencyreport.google.com/user-data/overview
Amazon is notable for not providing very good transparency reports.
Facebook - https://transparency.facebook.com/government-data-requests

1 Like