Thats the problem. Say, I’m offering you a cloud drive and tell you “your data is end to end encrypted”. You sync data from your PC to my server and from my server to your mobile phone. Would that mean
That everything between your devices is encrypted (=I can’t see what you’re saving, neither can “the state”, hackers,…)or
That your data is encrypted in transit, but is saved unencrypted on my server (which means everyone with access to my server can see your data) or
It’s encrypted in transit and also on my server, but the keys are also ony server, so that everyone with access to my server can in theory decrypt everything and access everything?
1 is what you want, 2 and 3 are often what you get…
It’s not that I disagree with you on principle, I think you’re just kinda mixing up scenarios here, and the purpose of E2EE. E2EE refers to in transit data specifically. #1 should never be where your mind goes because E2EE does not imply your data will be encrypted at rest at the destination, that’s not what it’s for. E2EE is a critical factor when the untrusted facilitator party is between you and your intended recipient, not the recipient themselves.
Like in your scenario of a “cloud drive”, E2EE would not be a selling point of that service. The term you’re looking for in that scenario is “zero access encryption”.
Like you’re correct that E2EE does not imply that data stored in the cloud is encrypted at rest, but that’s because it isn’t meant to. Like this isn’t a dirty marketing trick. E2EE just needs to do what it says on the tin.
The third paragraph contradicts your other point. You define E2EE in two wildly different ways.
The chat messages are most likely stored on an intermediary server, which would qualify for the same loophole you pointed out in the cloud storage example.
EncryptKeeper@lemmy.world 3 days ago
I mean TLS is also encryption in transit, it’s in the name.
elvith@feddit.org 2 days ago
Thats the problem. Say, I’m offering you a cloud drive and tell you “your data is end to end encrypted”. You sync data from your PC to my server and from my server to your mobile phone. Would that mean
1 is what you want, 2 and 3 are often what you get…
EncryptKeeper@lemmy.world 2 days ago
It’s not that I disagree with you on principle, I think you’re just kinda mixing up scenarios here, and the purpose of E2EE. E2EE refers to in transit data specifically. #1 should never be where your mind goes because E2EE does not imply your data will be encrypted at rest at the destination, that’s not what it’s for. E2EE is a critical factor when the untrusted facilitator party is between you and your intended recipient, not the recipient themselves.
Like in your scenario of a “cloud drive”, E2EE would not be a selling point of that service. The term you’re looking for in that scenario is “zero access encryption”.
Like you’re correct that E2EE does not imply that data stored in the cloud is encrypted at rest, but that’s because it isn’t meant to. Like this isn’t a dirty marketing trick. E2EE just needs to do what it says on the tin.
Lifter@discuss.tchncs.de 2 days ago
The third paragraph contradicts your other point. You define E2EE in two wildly different ways.
The chat messages are most likely stored on an intermediary server, which would qualify for the same loophole you pointed out in the cloud storage example.