It’s not that I disagree with you on principle, I think you’re just kinda mixing up scenarios here, and the purpose of E2EE. E2EE refers to in transit data specifically. #1 should never be where your mind goes because E2EE does not imply your data will be encrypted at rest at the destination, that’s not what it’s for. E2EE is a critical factor when the untrusted facilitator party is between you and your intended recipient, not the recipient themselves.
Like in your scenario of a “cloud drive”, E2EE would not be a selling point of that service. The term you’re looking for in that scenario is “zero access encryption”.
Like you’re correct that E2EE does not imply that data stored in the cloud is encrypted at rest, but that’s because it isn’t meant to. Like this isn’t a dirty marketing trick. E2EE just needs to do what it says on the tin.
Lifter@discuss.tchncs.de 2 days ago
The third paragraph contradicts your other point. You define E2EE in two wildly different ways.
The chat messages are most likely stored on an intermediary server, which would qualify for the same loophole you pointed out in the cloud storage example.
EncryptKeeper@lemmy.world 2 days ago
No it doesn’t, and I defined E2EE exactly one way.
It doesn’t matter if they store a copy of your message on an intermediary server, the keyword there is intermediary. They are not the recipient, so they should not have the ability to decrypt the content of the message, only the recipient should. If they are able to decrypt your message, it’s not E2EE.
A cloud drive is an entirely different case because the cloud drive is not an intermediary. They are the second E in E2EE. A cloud drive can have the ability to decrypt your data and still be E2EE because they are the recipient.
Lifter@discuss.tchncs.de 1 day ago
You probably didn’t understand me. I’m saying that a company can just arbitrarily decide (like you did) that the server is the “end” recipient (which I disagree with). That can be done for chat messages too.
You send the message “E2EE” to the server, to be stored there (like a file, unencrypted), so that the recipient(s) can - sometime in the future - fetch the message, which would be encrypted again, only during transport. This fully fits your definition for the cloud storage example.
By changing the recipient “end”, we can arbitrarily decode the message then.
I would argue that the cloud provider is not the recipient of files uploaded there. In the same way a chat message meant for someone else is not meant for the server to read, even if it happens to be stored there.
EncryptKeeper@lemmy.world 1 day ago
They cannot. Thats not how E2EE works. If they can arbitrarily decide that, then it isn’t E2EE.
It cannot, if you’re using E2EE.
That’s not how E2EE works. What you are describing is encryption that is not end-to-end. E2EE was designed the solve the issue you’re describing.
It does not. Cloud storage is a product you’d use to store your data for your own use at your own discretion.
It is if you uploaded files to it, like on purpose.
You’re confusing E2EE and non E2EE encryption.
Lifter@discuss.tchncs.de 1 day ago
Alternatively, we need to stop saying E2EE is safe at all, for any type of data, because or the arbitrary usage.