lavander

@lavander@lemmy.dbzer0.com

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Consumer hardware is no longer a priority for manufacturers⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
ChromeOS was exactly mean for that
⁨Comment⁩ on ⁨Lawsuit Alleges That WhatsApp Has No End-to-End Encryption⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Yeah and I think it’s a pity. It’s the byproduct of “app culture” everything has to be easy. One button, plug and play…

Unfortunately like many things in life “saving” (time and effort n this case) has a cost
⁨Comment⁩ on ⁨Lawsuit Alleges That WhatsApp Has No End-to-End Encryption⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Unfortunately even the best intentioned and best audited project can be compromised. So that is not a guarantee (sure, much better than closed source but that is a given)

You may be forced by a rubber hose attack (or legal one) to insert vulnerabilities in your code… and you have the traffic… a single point to attack… signal/proton/etc

Is it possible with two different vendors? Sure it is but it is way more complicated
⁨Comment⁩ on ⁨Lawsuit Alleges That WhatsApp Has No End-to-End Encryption⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.

For example PGP/GPG on <any mail provider>… great! Proton? Not great

Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)