WingNews logo WingNews
top | item 36873641

(no title)

simplyaccont | 2 years ago

if i correctly understand what you are trying to say, then yes but no. None of the proper "enterprise" messaging systems will expose this kind of low level information. Moreover, enterprise messaging system will actively hide some of the information that is present in order to implement all the proper enterprise functionality.

How do you think otherwise "Wire offers a surveillance service for administrators to track and record messages for specific users " in order to "protect your organization from legal proceedings, such as litigation, government investigations, or Freedom of Information Act requests".

discuss

order

walterbell|2 years ago

In regulated industries, surveillance is known to the communicating parties, so there's no need to hide the presence of the mirroring member. From the interview above:

  Raphael: .. the protocol itself is not enough to give you a completely private system because it’s really just one component, and to degree it is agnostic. Like, if you take double ratchet and X3DH, that’s when— you know it’s run inside of, of the Signal app, it’s super private. If you run that inside of WhatsApp, there’s two tons of metadata, but, it’s agnostic to the protocol as such. And the same is true for MLS.

  Thomas: .. MLS does makes it possible to design secure group membership protocols that don’t depend on a server making sane decisions about who’s in the group. 

  Raphael: .. the list of members is hashed and then fed into the key schedule. So that’s how you have agreement on who’s in the group and who’s not .. when you receive a message, you also know who the sender thought they were sending it to. 

  Deirdre: .. that’s the thing you don’t get in Signal groups: you don’t know, everyone else that this person was trying to send to, because it’s all pairwise .. That’s pretty cool .. you can have your own [MLS] client that does whatever it wants, that can detect or reject or whatever it wants.

simplyaccont|2 years ago

Yes. I know. And at this point for enterprise there is no reason to use MLS based solution for messaging. Or for software company to develop MLS based solution. Because it's just too complex for no obvious gain in security. Most of the enterprises/regulated industries/.govs simply do not need it. You can make much easier solutions.

It's still nice for security in personal instant messaging.