top | item 46311950

(no title)

LunicLynx | 2 months ago

I think there is a point to this. I’m not saying I’m a fan. But the reality is that it is too simple to communicate secretly, and the government has an interest in protecting its citizens. This is true in many aspects. (Health, technology, electronics, traffic)

Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.

Want to have a private communication, I think offline is the right approach.

I agree that it sucks, but it’s probably not about you. It’s about nefarious people that use this as an uber advantage.

discuss

anonymous908213|2 months ago

   But the reality is that it is too simple to communicate secretly

This is a horrifying thought to be reading on this site of all places, and I can't help but feel that humanity is well and truly screwed if this mentality has seeped this far into the culture. *Communicating secretly is a human right*. A legal right under international law (ICCPR article 17, ECHR article 8), and a constitutional right in any country worth living in. There can not possibly be such a thing as "too simple to exercise your human right to privacy". It's like asserting that it is too simple to choose your line of work, or that it is too simple to live in the city of your choosing.

  and the government has an interest in protecting its citizens

The government has more than an interest, it has a legal obligation to protecting the human rights of its citizens.

nisegami|2 months ago

>Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.

If I use a third party CA this is correct. But what third party can read communications over HTTPS between a client and a server I control with a self signed SSL cert?

sgtrx|2 months ago

This isn't correct with 3rd party CA's with modern TLS either.

TLSv1.2 has Perfect Forward Secrecy with DHE and ECDHE key exchanges and in TLSv1.3 PFS is mandatory. A compromised root CA or even leaf certificate these days protects you from a man-in-the-middle and not a whole lot else - the certificate private key is never used for session key derivation and the keys themselves are ephemeral and never sent over the wire so even intercepting the key exchange doesn't allow decryption of the stream.

oasisaimlessly|2 months ago

Not even correct for a third party CA (unless they MITM you).

baq|2 months ago

the problem with current government protecting its citizens by collecting their private communications is the next government having access to this sensitive data.

miroljub|2 months ago

Yep, the next government may be evil tyranny, but it's beyond my comprehension why would I have to trust current or any government with the data I'm sure they'll abuse the moment they have it.

46996435797643|2 months ago

The regime is counting on people like you.