Michael Santaly
3 hours ago

Anyone on the Fedi aware of a good #e2ee #reminder app for #iphone ?

Kote Isaev
4 hours ago

@sbug I remember, you already explained that.
I was thinking about making a proto of #E2EE with #ActivityPub and while it was conceptually not so difficult, real problems started about risk models (XSS, evil extensions, other attacks replacing builtin APIs like window.crypto to intercept locally generated keys, and so on.
But I was not able to sort out some important aspects, and later I thought that creating yet another new/incompatible software is bad idea.

18 hours ago


Maybe I would just use a #Jabber app, such as #Conversations by @daniel or one of its forks — and a private #XMPP server with #Slidge by @nicoco as bridge to Matrix and many other protocols:

But probably it does not support #E2EE...

🚨 It's NOT "For The Children".

🏦 💸 Greed Appears To Fuel Ashton Kutcher's Thorn: Client-Side Scanning For Profit From Corporate Interests Using NGO Fronts

#News #AshtonKutcher #encryption #LawEnforcement #crypto #e2ee #Thorn #security #infosec #cybersecurity #privacy #HumanRights #NGO #greed #corporatism #fascism

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #38/2023 is out! It includes the following and much more:

➝ 🔓 ❌ TransUnion Denies #Breach After Hacker Publishes Allegedly Stolen Data
➝ 🔓 ⚖️ Hackers breached International Criminal Court’s systems last week
➝ 🔓 🤖 #Microsoft #AI researchers accidentally exposed terabytes of internal sensitive data
➝ 🦠 💸 #BlackCat #ransomware hits #Azure Storage with #Sphynx encryptor
➝ 🇮🇷 🇮🇱 Iranian Nation-State Actor OilRig Targets Israeli Organizations
➝ 🇮🇳 #India's biggest tech centers named as #cybercrime hotspots
➝ 🇫🇮 💊 Finnish Authorities Dismantle Notorious #PIILOPUOTI Dark Web Drug Marketplace
➝ 🇨🇦 🇷🇺 Canadian Government Targeted With #DDoS Attacks by Pro-#Russia Group
➝ 🇨🇳 🇺🇸 #China Accuses U.S. of Decade-Long #Cyberespionage Campaign Against #Huawei Servers
➝ 🇺🇸 🇨🇳 China's Malicious Cyber Activity Informing War Preparations, #Pentagon Says
➝ 🇨🇳 🦠 New #SprySOCKS Linux #malware used in cyber espionage attacks
➝ 🇬🇧 🔐 UK Minister Warns #Meta Over End-to-End Encryption
➝ 🇺🇸 🇷🇺 One of the #FBI’s most wanted hackers is trolling the U.S. government
➝ 🦠 🥸 Fake #WinRAR proof-of-concept exploit drops #VenomRAT malware
➝ 🦠 📈 #P2PInfect botnet activity surges 600x with stealthier malware variants
➝ 🦠 📡 Hackers backdoor #telecom providers with new HTTPSnoop malware
➝ 🦠 🐝 #Bumblebee malware returns in new attacks abusing #WebDAV folders
➝ 🔐 #GitHub launches #passkey support into general availability
➝ ☑️ 🐧 Free Download Manager releases script to check for #Linux malware
➝ 💬 🔐 #Signal adds quantum-resistant encryption to its #E2EE messaging protocol
➝ 🍏 🔐 #iOS 17 includes these new security and #privacy features
➝ 🩹 High-Severity Flaws Uncovered in #Atlassian Products and ISC BIND Server
➝ 🩹 😡 Incomplete disclosures by #Apple and #Google create “huge blindspot” for 0-day hunters
➝ 🍏 🩹 Apple emergency updates fix 3 new zero-days exploited in attacks
➝ 🩹 #TrendMicro fixes #endpoint protection zero-day used in attacks
➝ 🩹 #Fortinet Patches High-Severity #Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
➝ 🔓 Nearly 12,000 #Juniper #Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

📚 This week's recommended reading is: "Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It" by Marc Goodman

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

Kote Isaev
2 days ago

@sbug Oops... I was not aware with your sponsoring effort...
The veilid protocol described as mobile-centric thing and it sorta makes me sad as desktop-centric user.
Every time I read any page on requirements for #E2EE (risk models) I fear that it is not doable to make "really safe" E2EE solution, and going offline and no-tech/low-tech is single way to go.
This is really about basic stuff, like avoiding MITM and other common attacks, and keeping shared secrets in sync properly or safely store .

Kote Isaev
2 days ago

@sbug May be instead spreading effort to yet another new software, it is better to help improve and sponsor development of existing solution?
I asking it because I had an urge to make own #e2ee solution but seeing how even #Matrix project struggle to keep self sustainable, due to lack of funding, I feel that creating new solution is mistake as it will create yet another tech split among users & communities.
Helping existing project especially matters even more with possible time constrains.

2 days ago

So many years in the making and still so much problem with Matrix.

"Unable to decrypt" when chatting using E2EE, missing media, unconsistency in rooms between servers, slow joining big rooms, etc.

I would love to see another decentralized alternative.
Something using veilid maybe.

And hopfully before Chat Control becomes law.

#Matrix #Veilid #E2EE #Encryption #Chat #Decentralized #ChatControl

Annemarie Bridy
3 days ago

Good for Signal! If a willfully misguided government regulation fundamentally breaks your product in a way that compromises user safety, it doesn’t make much sense to continue offering it in the affected market. #E2EE #ForeverCryptoWars #CryptoMeansCryptography

Meredith Whittaker Reaffirms That Signal Would Leave UK If Forced By Privacy Bill - Slashdot

4 days ago

I looked into #Usenet and found it to be a very expensive and convoluted way of #FileSharing. It has some pros, sure, but overall it seems to be worse than #Torrenting. I hope one day someone designs something that is like torrenting but #E2EE and no port forwarding. Looking at you #GnuNet.

#P2P #Piracy #DistributedWeb

@asei_sano @aruiz #Fact: #Bitcoin :bitcoin: just like #Ethereum are indefensible and both #EnvoirmentalCrimes and can only be meaningfully used for Capital Flight by rich oligarchs that don't have easier tools for #MoneyLaundering!

That's why #Monero :monero: is superior in every metric you can throw at it!

And no, your comparison is bad as #eMail doesn't have to suck - not even with proper* #E2EE (like #OpenPGP)!

* which necessitates self-custody of keys.

Kote Isaev
4 days ago

The official web cryptography features are so limited, and "professional" risks models for web app is so scary, that if you want to create some #e2ee application, that according to these models, essentially, web is not suitable for this kind of apps.

Joaquim Homrighausen
4 days ago

"Isobel Hadley-Kamptz: Chatcontrol är galenskap – att Sverige stöder massövervakningen är en skandal"

🇪🇺 😑 🇸🇪

#chatcontrol #privacy #dataskydd #e2ee #encryption #kryptering #EU #eupol #svpol #faithnomore

5 days ago

#UK outlaws privacy protecting #E2EE.

Want to underline this advice: avoid #messengers that continue to operate in the UK. They are going to implement and or enable backdoors now.

Kote Isaev
5 days ago

@anthony This tendency is so scary that I tried to see where it goes about #e2ee and come to conclusion that next step is some law will be enforced (or with informal pressure from LE agencies) that will force all OSes and platforms first centralize all encryption stuff to be done via gov-approved chips which will do all encryption/decription using keys saved in hardware container and either will send all keys to gov or send copy of data to gov. Other encryption will be outlawed then.

Open Rights Group
5 days ago

“While the UK government has admitted it’s not possible to safely scan all of our private messages, it has granted Ofcom the powers to force tech companies to do so in the future.”

🗣 @JamesBaker, ORG Campaigns Manager.

#OnlineSafetyBill #e2ee #privacy #ukpolitics

Anthony Accioly
5 days ago

I'm not usually the activist type by any measure of the word, but the Online Safety Bill, whether enforceable or not (hint: It's not), is a terrible idea and a massive invasion of privacy. Many vulnerable people depend on End-to-End Encryption for their safety. As it stands, this bill is achieving the opposite of what it was meant to do. There are undoubtedly better ways to address this issue.

#OnlineSafetyBill #Privacy #E2EE

Joaquim Homrighausen
5 days ago

Chat Control: "Indiscriminate surveillance"

When even the experts thinks a proposal is damaging ... 🙄🇪🇺

#chatcontrol #e2ee #privacy #eu #surveillance #encryption #dataskydd #dataprotection

Joaquim Homrighausen
5 days ago

Ylva Johansson definierar "okunskap" 😔

Det här är så obegripligt dumt att det slår alla rekord.

#chatcontrol #EU #eupol #encryption #privacy #dataskydd #e2ee #dataprotection

6 days ago

Jak już piszę o komunikatorach z #E2EE (szyfrowanie) to Signala nie będę opisywał bo jest w każdym sklepie z apkami i wystarczy kliknąć by mieć.

1. Każda osoba na #PolSocial ma konto na matrix. Wystarczy pobrać apkę Element, wskazać serwer i „Logowanie z” czyli nawet konta nie trzeba zakładać i wpisywać user / password.

Osoby przeglądarkowe mogą wejść na i tak samo.

Dodaliśmy Wam matrix bo DM / Priv na #Mastodon jest słaby.

2. Ogólnodostępny polski serwer matrix jest na
Z ładnym opisem co i jak. Prowadzi go @didek

Serwery matrix się federują jak fedi. Nieważne gdzie masz konto, rozmawiasz z każdym na matrix.

A fajne „pokoje” do rozmów, taki nowoczesny irc, to dodatkowy plus.

Gorąco polecam nie dać się podsłuchiwać 🕵️

Uff, długie wyszło. Pytania? Piszcie na @pomoc albo z tagiem #MatrixPomoc

6 days ago

USA: „Czaty na Facebooku dostarczone przez firmę Meta doprowadziły kobietę do przyznania się do zarzutów związanych z aborcją / Oficer śledczy doręczył nakaz firmie Meta, która dostarczyła niezaszyfrowane sesje czatu pokazujące kobietę i jej córkę omawiające pigułki aborcyjne.”

Słuchajcie, pisanie na FB, TT czy G. to jak pisanie w komputerze min. Ziobry. Występują do BigTech o dane i dostają. Używajcie tylko komunikatorów z szyfrowaniem end to end #E2EE

#Matrix albo #Signal (przypisany do nr. telefonu)

Statystyki nie kłamią. Bigtechy mają oficjalne strony z info o przekazanych rządom danym.

Za TheVerge ->

Wykres z ilością danych przekazanych organom. Spory wzrost
Statystyki ilości danych przekazanych organom
Joaquim Homrighausen
6 days ago

Don't think Chat Control 2.0 is bad? Don't take my word for it. Just get involved and put an end to this insane proposal.

#chatcontrol #Privacy #eu #eupol #encryption #privacy #e2ee #faithnomore #privacynomore #noprivacy #yourprivacy

the magnificent rhys
6 days ago

The Home Office launching a PR campaign against Facebook for rolling out end-to-end encryption a day after the Online Safety Act passed is pretty surreally weird.

#meta #facebook #encryption #e2ee

6 days ago

I used to think one of the arguments against end-to-end encryption -- that e2ee helps child abusers avoid detection -- contained a grain of truth, but Suella Braverman reciting that argument on the Today programme on BBC Radio 4 and in today's Guardian, convinces me the argument is probably specious.

I'd like to take this opportunity to thank the Home Secretary for being so consistently unreasonable.


John-Mark Gurney
1 week ago

This is why you don't trust anything beyond your endpoint.

#E2EE for everything!

Bernard Tyers
1 week ago

Time for the VPN providers to start offering introduction prices for people living in the UK.

#OnlineSafetyBill #UKpolitics #privacy #freedomofexpression #e2ee

Open Rights Group
1 week ago

The fight to defend our digital rights in the UK has only just begun.

Powers in the Online Safety Bill, and how they are exercised, will have huge consequences for our rights to privacy and freedom of expression.

Join ORG today as we ready for the fight ahead.

#OnlineSafetyBill #privacy #e2ee #freedomofexpression #freespeech #censorship #ukpolitics

Open Rights Group
1 week ago

Perhaps the biggest failing with the Online Safety Bill (UK) is the lack of detail in how these extraordinary powers will be implemented.

It throws the ball over to Ofcom to sort this mess.

We call on the regulator to work with cyber experts, tech companies and civil society to reduce the harms to our fundamental rights.

#OnlineSafetyBill #privacy #e2ee #freedomofexpression #freespeech #censorship #ukpolitics

Open Rights Group
1 week ago

The #OnlineSafetyBill (UK) is an overblown legislative mess.

Powers to scan private messages remain, despite it being impossible to achieve without blowing a hole in our security.

"While the UK government has admitted it’s not possible to safely scan all of our private messages, it has just granted Ofcom the powers to force tech companies to do so in the future. These are powers more suited to an authoritarian regime not a democracy." – @JamesBaker for ORG.

#privacy #e2ee #ukpolitics

Open Rights Group
1 week ago

⚠️ The Online Safety Bill has been passed in the UK Parliament. ⚠️

The threat it poses to our right to privacy and freedom of expression will soon become law.

It'll make us less secure, including the children and young people that the law is supposed to protect.

Find out more here ⤵️

#OnlineSafetyBill #privacy #freedomofexpression #e2ee #ukpolitics

Kote Isaev
1 week ago

The #e2ee is not a spell that can transform anything into forest full of rainbow unicorns.
It is a feature that when implemented properly, really to full its strength, comes with some limitations.
Because in this case your decryption keys never touch servers, at least in its plain (unencrypted/wrapped form).
It assumes that if you lose access to all your devices where you signed in, and forget your password or its equivalent, you lose access to all data you previously uploaded to the servers.

Kote Isaev
1 week ago

The more I immerse myself into cryptography and all that #e2ee the deeper my these 2 feels:
* the #fediverse will never get #e2ee for mentioned-only messages (it is more proper name for these messages that are sent to only mentioned only, as these messages essentially are not private.
* i should follow for "don't" and "never try to implement this" advice that emanates from all these #e2ee and #cryptography related articles I see. Especially using browser built-in WebCrypto API's.

Evan Hahn
1 week ago

Password hashing is standard practice. It protects people's passwords from hackers, governments, and rogue employees.

But we don't typically protect people's data the same way; hackers could theoretically get access to your Dropbox files, a rogue Google employee could read your Gmail messages, Meta could hand over your messages to law enforcement.

Why isn't end-to-end encryption considered standard industry practice? Why is my password better protected than my data?

#encryption #e2ee

Talya (she/her)
1 week ago

In case you needed more reasons not to trust #Telegram, here's something to worry about:
Telegram claims they've never given away phone number and IP addresses. *This is an outright lie*.
Not only is there a report from last year showing they handed over data to the German police, but it was yesterday confirmed by a Freedom of Information request that the Dutch police was handed user data as well.

Don't use Telegram.

#Privacy #Security #E2EE

Dutch Police Can Access Hidden Telegram Numbers
Reza Rafati
September 18, 2023

Telegram, the messaging app that prides itself on user privacy, may not be as secure as it claims1. Recent documents released by the Dutch police reveal that they can swiftly request Telegram to disclose hidden phone numbers and IP addresses.
Telegram Reportedly Exposed User Data To Authorities
Telegram denies handing over user data, despite a longstanding appeal from German police forces.
Written by Isobel O'Sullivan
Published on June 7, 2022
from the Telegram privacy policy:

8.3. Law Enforcement Authorities

If Telegram receives a court order that confirms you're a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semiannual transparency report published at:
Kote Isaev
1 week ago

@thepracticaldev Thought-provoking for sure. Something like that happens across all software ecosystems, proprietary, open-source, free software..
It happens with all purposed ecosystems, e. g. social media, office apps, chats, messengers, etc.
E. g. if someone creates some "new revolutionary [product category]", it essentially just increase useless split. We already have TOO MUCH of non-interoperable software everywhere, i guess.
That is why I abandoned idea of creating a #E2ee messaging app.

1 week ago

Ja äh nun... so simpel ist es nicht und Messenger mit E2EE (Ende-Zu-Ende-Verschlüsselung) sind nicht perse mit allen Daten anonym & sicher beim Anbieter 🤷‍♂️

»WhatsApp wird für Telegram, Signal & Co geöffnet«


#smartphone #telegram #whatsapp #mobil #signal #messanger #apple #e2ee

Talya (she/her)
2 weeks ago

Reminder that #Telegram is not secure communication. Most chats aren't end-to-end-encrypted to begin with, and even those that are use a strange custom-built algorithm rather than actual cryptographically sound algorithm such as the double-ratchet.

If you want actual secure communication, use #Signal, #Matrix, or even #WhatsApp (which is shit and will turn you in to the police but is still better than what Telegram).

#Privacy #Security #E2EE

Screenshot from wikipedia:
Encryption scheme Edit
A simplified illustration of the MTProto encryption scheme

Telegram uses a custom build symmetric encryption scheme called MTProto. The protocol was developed by Nikolai Durov and other developers at Telegram and is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption and Diffie–Hellman key exchange.[87]
Patrick Breyer
2 weeks ago

🇬🇧 LEAK: The Spanish EU Presidency plans to line up a majority of EU governments for warrantless #ChatControl by the end of the month by paying lip service to #E2EE encryption.

Sharepic: On the right: Patrick Breyer looking to the left. On the left a quote by MEP Patrick Breyer "The lip service paid to end-to-end encryption is a mere smokescreen. Communication services like WhatsApp and Signal would still have to turn our smartphons into error-prone scannders and bugs."
Open Rights Group
2 weeks ago

We will continue to campaign for people’s privacy rights, access to end-to-end encrypted services and ensure OFCOM does not issue notices that would destroy these services and people’s access to them. #OnlineSafetyBill #E2EE #Privacy

Open Rights Group
2 weeks ago

If you want to have one last effort to persuade parliament not to make a huge mistake that would damage all our privacy, then contact your own MP asap before they vote in the commons later today. #onlinesafetybill #encryption #privacy #E2EE The amendment is published in this set of papers

Open Rights Group
2 weeks ago

David Davis & Caroline Lucas MPs are supporting an amendment to the Online Safety Bill that would seek to protect the end-to-end encrypted services. If you have time today, please contact your MP and ask them to support this amendment #onlinesafetybill #encryption #privacy #E2EE

2 weeks ago

Quiet - Private messaging. No servers.

Whether it's for an organization, a community, or a group chat with friends, Quiet lets you control all your data without running your own servers.


#noserver #chat #private #messenger #tor #opensource #app #groupchats #p2p #groups #e2ee #e2eencryption

2 weeks ago

Sounds good...

"Searching through email content in an end-to-end encrypted email provider is no easy feat. Because Skiff does not have access to any user emails, all search queries have to be performed client-side. To make this possible, we’ve developed innovative search indexing algorithms that work in the browser, in Skiff’s Windows and macOS apps, and in our iOS and Android native apps."

#Skiff, 2023

#email #E2EE #search

@lued @cryptoparty Wenn sich was findet, sag' Bescheid...

Ich bezweifle allerdings dass es etwas in der Richtung gibt.

Ich selbst nutze echte #E2EE mit Self-Custody der Keys [#GnuPG] also macht es wenig Sinn was anderes zu machen.

Zumal ich eh auf #Arbyte mein Zeug mit denselben Keys signiere...

2 weeks ago

Einfach nur Ende-zu-Ende-Verschlüsselung (E2EE) bei Chats zu nutzen reicht nicht, wenn die Randdaten wie Nutzername, Verbindung, Datum & Zeit etc. doch noch ausgelesen werden und NUR der Inhalt verschlüsselt ist. Das macht @signalapp von Anfang an richtig obwohl eines der ersteren Chat-App dieser Art ist.

«Warum Ende-zu-Ende-Verschlüsselung für den Schutz unserer Chats so wichtig ist»


#app #verschlusselung #signal #e2ee #chat #whatsapp #sicherheit #schutz

Kote Isaev
3 weeks ago

@JamesBaker I guess eventually this law against #e2ee will be adopted/signed, that will become a big cart blanche to all other governments to adopt same laws. It will end up that encryption routines at OS level will be forced to pre-scan the data, and it will be forbidden by laws to use other encryption code than embedded into OS, and usage of OS that does not include these state approved scanning into encryption/decryption routines, will be forbidden as well, even if it is an old version.

Open Rights Group
3 weeks ago

The government knows and has admitted it cannot scan messages without undermining or breaking encryption, but wants to pretend otherwise. It is playing us for fools. #onlinesafetybill #encryption #e2ee

James Baker
3 weeks ago

It’s been a confusing week for those of us trying to understand what the UK Government is doing with its plans to break end-to-end encryption. This article by @jim and I tried to make sense of the omnishambles #spyclause #e2ee #onlinesafetybill #privacy #encryption

3 weeks ago

Michelle Donelan, MP (with the Home Office in addition to DSIT) "said further work to develop the technology was needed but added that government-funded research had shown it was possible. This, incidentally is entirely untrue: their researchers were at pains to explain that the technology is unfit for purpose:"

#OnlineSafetyBill #E2EE #encryption

Join #OpenRightsGroup
FF @JamesBaker @openrightsgroup

Screenshot from article:
The independent evaluation concluded that although none of the tools propose to weaken or break the E2EE protocol, the confidentiality of the E2EE service users’ communications cannot be guaranteed when all content intended to be sent privately within the E2EE service is monitored pre-encryption.

The Home Secretary, Suella Braverman, writing in The Telegraph … noted that the programme had “demonstrated that it would be technically feasible to detect child sexual abuse in environments which utilise encryption.”

Awais Rashid, Professor of Cyber Security at the University of Bristol and Director of the REPHRAIN Centre, said: “The issue is that the technology being discussed is not fit as a solution.” Professor Rashid has worked on development of automated tools to detect child abuse material online as well as engineering privacy into software systems for 15 years.

“Our evaluation shows that the solutions under consideration will compromise privacy at large and have no built-in safeguards to stop repurposing of such technologies for monitoring any personal communications,” he said.

Rephrain researchers, UCL blog
3 weeks ago

Omnishambles continues. #OnlineSafetyBill #E2EE

@JamesBaker of @openrightsgroup writes "At the eleventh hour of the Online Safety Bill’s passage through Parliament, the Government has found itself claiming to have both conceded that it won’t do anything stupid and that it may well press ahead if it wants to. It is in a total mess over its proposals to break end-to-end encryption and scan our private messages.."

Matthias Kirschner
3 weeks ago

Before me asking others here in the #fediverse for recommendations about #Fdroid #apps , I did not know about #KryptEY

It is an #Android keyboard for secure #E2EE communication through the #signal protocol in any messenger.

3 weeks ago

The currently relevant argument against government moves to ban #e2ee would be to discuss what can be done to actually protect children **offline** (aka on the body/direct experience level) because that is what counts in the end. Unfortunately, the discourse is framed in terms of technology and technical feasibility instead of actually discussing what helps children in the real world: more social work and more financial support, more trained personell for schools etc.

3 weeks ago

Basically the big problem of US, EU, UK legislation trying to kill #e2ee encryption has always been **synchornization**: if just one of these power blocks illegalizes #e2ee then there would be an exodus of tech companies. It's an innovation to rather legislate all the legal instruments for banning e2ee but say "we won't use them until needed and possible". Watch out for the EU and the US trying to modify their ongoing e2ee banning legislation similarly. I hope i am wrong about this.

3 weeks ago

Sorry but i am afraid there is nothing to party about regarding UK's #OnlineSafeyBill #e2ee

The UK "not applying" the powers they ask to get is maybe worse compared to pushing through directly. Why?

Pushing through now would likely mean WA/Signal/iMessage pulling out of UK with a big public backlash. And then the equivalent EU "ChatControl" bill would have a hard time to pass. But now the UK can wait and sync with the EU, possibly the US, and then the threat of pulling out of UK is muted.

Open Rights Group
3 weeks ago

"The continued existence of the powers [in the Online Safety Bill] means encryption-breaking surveillance could still be introduced in the future"

If the government accepts that they can't scan messages without wrecking privacy and security, why not just remove the spy clause from the Bill?

#OnlineSafetyBill #privacy #surveillance #e2ee #ukpolitics

Jim Parsons
3 weeks ago

@glennf @gruber

UK is testing fences.
This isn’t over.


Open Rights Group
3 weeks ago

ORG, along with privacy activists, tech companies and security experts, have long warned that it isn't possible to scan messages that use end-to-end encryption without undermining privacy and security.

While this is a victory for all campaigners who've highlighted the dangers of the spy clause to be used for mass surveillance, the powers could still be used in the future.

✊ We continue to fight for the removal of the spy clause.

#OnlineSafetyBill #privacy #e2ee #surveillance #ukpolitics

Quote from James Baker, ORG Campaigns Manager: "While this is welcome news, these powers do remain on the statute books and a future government may attempt state-mandated surveillance of our private messages. It would be better if these powers had been completely removed from the Bill."
Open Rights Group
3 weeks ago

🚨 BREAKING: The UK government has confirmed it is rowing back on its plans to scan private messages.

They've finally back down with an announcement that Ofcom won't use powers in the spy clause contained in the Online Safety Bill until it's 'technically feasible' to do so.

They've conceded that no current technology exists that would protect privacy or avoid breaking encryption.

#OnlineSafetyBill #privacy #e2ee #surveillance #ukpolitics

Open Rights Group
3 weeks ago

This statement from Apple is clear. Scanning private messages is "a slippery slope of unintended consequences".

The UK's parliamentarians need to listen to this before they pass the Online Safety Bill and put all of our privacy and security at risk.

#e2ee #OnlineSafetyBill #privacy #ukpolitics

Open Rights Group
3 weeks ago

Without end-to-end encryption "the UK becomes more vulnerable to attacks which can expose personal information and, especially in the case of LGBTQ+ youth, lead to non-consensual outings with potentially disastrous consequences."

Secure messaging provides essential security both within the UK and to people living in oppressive regimes in other countries.

The spy clause in the Online Safety Bill threatens the #lgbtq community.

#OnlineSafetyBill #e2ee #lgbt #ukpolitics

Aral Balkan
3 weeks ago

@awaspnest Haha, glad you like it. (And thank you for the kind words.) :)

There’s more to do but the goal is to use it to enable people (including me) to build peer-to-peer Small Web sites.

Here’s a very simple example of what I mean:

:kitten: 💕

#Kitten #SmallWeb #peerToPeer #e2ee #web #personalWeb

Open Rights Group
3 weeks ago

"Private communication is a fundamental human right, and in the online world, the best tool we have to defend this right is end-to-end encryption."

The government is gambling with our privacy to introduce generalised suveillance. #OnlineSafetyBill #e2ee

Fabio Manganiello
3 weeks ago

Instead of blaming #E2EE encryption for all the evils in this world, and trying to dismantle it on a weekly basis, your government should pay its police forces to do what they're supposed to do: run investigations, get mandates, sneak into the channels used by criminals (and only those used by criminals), while leaving everybody else alone.

If your police forces are lazy, ineffective or don't even know where to start when it comes to investigating criminal rings, then you should find better people for that job rather than lowering the privacy bar for everyone else.

So far we have caught more drug traffickers by snooping into their Signal chats than by preaching for the end of E2EE for everyone else too.

Aral Balkan
4 weeks ago

Glad to hear Apple has killed its plans to implement privacy-destroying on-device scan and snitch into its devices (although it will make autocrats like Erdoğan unhappy to hear it because they likely had plans for it).

Here’s what I wrote about it at the time:

Remember that end-to-end encryption is moot if the ends are already compromised.

#apple #privacy #security #encryption #e2ee #humanRights

A quick reminder that Google hasn't updated its Authenticator app to support end-to-end encryption when syncing secrets with Google servers.
It has been 4 months since they promised to support e2ee

#infosec #cybersecurity #Google #2FA #E2EE

Open Rights Group
4 weeks ago

"We want child abuse and crime dealt with, but if the approach to communication is too draconian then freedom is lost and security weakened."

The cost of the 'haphazard and shambolic' #OnlineSafetyBill (UK) will be paid with our privacy and national security.

Client-side scanning remains in the Bill, despite warnings from experts and tech companies. Is the true intent of this legislation to be a trojan horse for mass surveillance?

#privacy #security #ukpolitics #e2ee

This system should be an open standard, so that all existing contact book apps could implement it. Kinda like an updated version of CardDAV (

And ideally, all of that would be end-to-end encrypted, so that only your friends get to see your personal data. The host where you store your profile and your friends hosts should not be able to read your contact info!

#CardDAV #openStandard #FederatedIdentity #FederatedContactApp #E2EE #E2EEncryption #encryption #privacy

Open Rights Group
1 month ago

The UK government plans have nothing to do with protecting our security. It's about allowing State intrusion into the lives of UK residents.

After the #OnlineSafetyBill and the #DPDIBill, it's another display of ignorance and bad faith by a government that's unfit to regulate the digital space.

#InvestigatoryPowers #e2ee #privacy #security #ukpolitics

Open Rights Group
1 month ago

People and businesses need quick roll outs of security updates and end-to-end encryption for safety.

Meanwhile criminals and authoritarian governments want to exploit vulnerabilities for nefarious purposes.

The UK government is taking a side in hindering important security measures that isn't in the public interest.

#InvestigatoryPowers #e2ee #privacy #security #ukpolitics

Open Rights Group
1 month ago

"An operator of a messaging service wishing to introduce an advanced security feature would now have to first let the Home Office [UK] know in advance."

Secure IT systems prevent fraud in commercial transactions and protect our private lives from undue intrusions.

If the UK government were concerned about national security, they’d want to encourage (rather than delay) security updates or end to end encryption.

#InvestigatoryPowers #e2ee #privacy #security #ukpolitics

Open Rights Group
1 month ago

People in the UK may be left in the wilderness without secure messaging services, if the #OnlineSafetyBill retains its encryption busting clause.

Forcing platforms to comply with client-side scanning is state-mandated private surveillance of the kind that we see in authoritarian regimes. Platforms will leave rather than compromise #security and #privacy.

It'll particularly harm journalists, campaigners and activists who rely on #e2ee to communicate safely. #ukpolitics