top | item 45210669

(no title)

kebman | 5 months ago

Is this a good time to plug the creation of chat protocols running over distributed hash tables (DHT) (essentially a decentralized way of creating mini message servers) and with forward security and end-to-end encryption? I made a POF in Rust but I don't have time to dev this right now. (Unless angel investors to help me shift priorities lol...)

discuss

IlikeKitties|5 months ago

Here's whats coming: Devices will be locked down by remote attestation and hardware secure models by the vendors like google, apple and microsoft. Only registered devs will be allowed to make software for those devices. They simply won't run unless the software is backed by a google/Apple/MS signed certificate. They'll make chat software that doesn't run chat control illegal. If you make it, you'll lose your signing certificate and no one will be able to run it. Sure there will be nerds running modified devices with no check but it's about compliance for > 99% of the people. No one you care for will use that software because they won't be able to run any banking software, other chat software, social media apps etc. on their phone if they jailbreak it.

spwa4|5 months ago

... which then enables Apple/MS/Google to either forbid real encryption, or allow for silently replacing the app on your phone with one that breaks your encryption.

_aavaa_|5 months ago

It’s not. This is a political problem, not a technical one.

kebman|5 months ago

I beg to differ. As long as we have gentlemen like Pavel Durov getting arrested at French airports, it's definitively at technical question. A decentralized and distributed chat protocol with distributed devs and owners would make it impossible to arrest any one individual, and it would make it exceedingly hard to censor such a platform. But you are perhaps a fed? xD

cherryteastain|5 months ago

People keep repeating this defeatist drivel but it's just not true. It's still up in the air whether you can defeat a law using technical measures, but it is a thoroughly settled matter that you cannot legislate away mathematics.

We saw how laws completely failed to make encryption illegal in the 90s as open source encryption code spread rapidly on the internet. "Exporting" encryption software was illegal in many countries like USA and France but it became impossible to enforce those laws. A technical measure defeated the law.

Encryption is just maths. It is the law being unreasonable here, and it will be the law which will ultimately have to concede defeat. UK is the perfect example here - Online Safety Act's anti-E2EE clauses have been basically declared by Ofcom to be impossible to implement and they are not even trying anymore.

const_cast|5 months ago

Its both, ultimately politics is not all-knowing and you can't stamp out all technical solutions.

Like, breaking encryption is just not possible if the encryption is set using a proper algorithm. Governments try, and they try to pass laws, but it's literally impossible. No amount of political will can change that. Ultimately I can write an encryption algorithm or use GPG or something and nobody on Earth, no matter how motivated or how rich, can read what I encrypted, provided I do not let out the key. If I just keep the password in my head, it's impossible.

So, until we invent technology to extract secrets from a human brain, you cannot universally break encryption. Its just not possible. Doesn't matter if 7 billion people worldwide vote for that. Doesn't matter if Elon Musk wants it. Doesn't matter if the FBI, CIA, and the NSA all work together.

ori_b|5 months ago

No, it's a good time to start lobbying for positive privacy legislation.

raxxorraxor|5 months ago

Absolutely true that we need sensible legislation not based in diffuse fears that endagers data security everywhere.

That said, I think doing both is sensible. Always good to have a fallback and feasibility of such surveillance attempts is part of the political discussion. Fait accompli through pervasive encryption, which some politicians might read as perverse encryption.

That said, chat control isn't the only problem. Removing anonymity through age or general ID checks is the other.

woah|5 months ago

If they put a chip in every phone that grabs messages out of memory on their way to be rendered in the UI, it doesn't matter how fancy your backend encryption technology is