WingNews logo WingNews
top | item 46129874

(no title)

geoduck14 | 2 months ago

This is exactly what E2EE means. I used to work at a bank, and our data was E2EE, and we had to certify that it was E2EE - from the person paying, through the networks, through the DNS and Load balancers, until it got to the servers. Only at the servers could it be unencrypted and a (authoried) human could look at it.

Of course, only authorized users could see the data, but that was a different compliance line item.

discuss

order

modeless|2 months ago

No, E2EE doesn't mean it's encrypted until the service provider decrypts it. E2EE means the service provider is unable to decrypt it. What you are describing is encryption in transit (and possibly at rest).

Bank data is never E2EE because the bank needs to see it. If banks call it E2EE they are misusing the term. E2EE for financial transactions would look like e.g. ZCash.

RHSeeger|2 months ago

I would argue it depends on context. E2EE means it's encrypted until the "target" receives it. For a messaging protocol, it's the intended recipient of the message. For what the person you're replying is discussing, the intended recipient IS the bank.

That being said, the person you're replying to seems to be saying that "the server" is always an "intended" end, which is wrong.

kstrauser|2 months ago

Nah. You have no reasonable expectation that the bank itself can’t access your financial records. Anyone reading Kohler’s lies would have every expectation that the Internet of Poopcam screenshots are theirs and theirs alone.

lukeschlather|2 months ago

Anyone reading that is misunderstanding what E2EE means. As the article says, that's client-side encryption. Kohler isn't lying, people are confusing two different security features.

pyuser583|2 months ago

It sounds like one term is being used for two very different things.

butvacuum|2 months ago

Yes, because people don't know the difference between "in transit" and e2ee.

hahn-kev|2 months ago

Doesn't that just mean HTTPS then?