WingNews logo WingNews
top | item 36872938

(no title)

simplyaccont | 2 years ago

As I wrote above, you can torture protocol. Wire did it: "Additionally, Wire offers a surveillance service for administrators to track and record messages for specific users who require monitoring, helping you protect your organization from legal proceedings, such as litigation, government investigations, or Freedom of Information Act requests.". But it stops to be E2EE. It somewhat "okay" when it's self hosted. It's less okay when it's SaaS.

discuss

order

walterbell|2 years ago

From the MLS protocol discussion posted elsewhere in this thread, https://securitycryptographywhatever.com/2023/04/22/mls/

  .. you have a cryptographic guarantee that everybody sees the same list of admins, sees the same list of, of non-admins and general members and whatnot.

  .. The server can absolutely not inject participants because the server is not a member. So, there is this add operation, that can only be performed by an existing member. However, there is also a way for a server, or let’s say generally an outside party to suggest, uh, other members.

  But that requires the outside party, you know, to have a well-defined credential and to sign that request. And then that can be honored and everybody will see that that was a suggestion from the server. And that’s a controlled way, how you can add people to a group, but you can never do that, you know, steathily.

simplyaccont|2 years ago

if i correctly understand what you are trying to say, then yes but no. None of the proper "enterprise" messaging systems will expose this kind of low level information. Moreover, enterprise messaging system will actively hide some of the information that is present in order to implement all the proper enterprise functionality.

How do you think otherwise "Wire offers a surveillance service for administrators to track and record messages for specific users " in order to "protect your organization from legal proceedings, such as litigation, government investigations, or Freedom of Information Act requests".

ThePowerOfFuet|2 years ago

This was incredibly painful to listen to because the host just wouldn't stop chuckling, giggling, and interrupting whoever was speaking.