Occasionally I worry that one day the credibility of end-to-end encryption will be
harmed, because it will turn out that one of the big players has built in back doors or
is changing public keys for targeted intercept. And then we (the 'experts') will say, ah
ha! In fact, we never claimed these systems were secure against such attacks. And all the
general public will hear is, "you said tech firms couldn't read our messages and you
were wrong".
The restrictions WhatsApp put on forwarding messages might be an early sign of
what's to come.
https://slate.com/technology/2020/04/whatsapp-message-forwarding-disinformation-coronavirus.html
Cryptographically, the double ratchet/AES/Noise/etc are all designed to stop a MITM
detecting if the same message is being sent twice. This is a core algorithmic property
that cryptographers stress over. In the real world, when Facebook decided they had a
moral obligation to fight "rumours" they just modified the software to stop
people forwarding messages. When the MITM controls the endpoints it's unclear what
meaning cryptography actually has, beyond time limited legal arguments.
That day you worry about has already past... for those that missed it, this
story broke last week:
https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez
"Facebook worked with a third-party company to develop the exploit and did not
directly hand the exploit to the FBI; it is unclear whether the FBI even knew that
Facebook was involved in developing the exploit. According to sources within the
company, this is the first and only time Facebook has ever helped law enforcement
hack a target.
This previously unreported case of collaboration between a Silicon Valley tech giant
and the FBI highlights the technical capabilities of Facebook, a third-party hacking
firm it worked with, and law enforcement, and raises difficult ethical questions
about when—if ever—it is appropriate for private companies to assist in the hacking
of their users. The FBI and Facebook used a so-called zero-day exploit in the
privacy-focused operating system Tails, which automatically routes all of a user's
internet traffic through the Tor anonymity network, to unmask Hernandez's real IP
address, which ultimately led to his arrest."
Wonderful. Yet another example of news that is attached to worrying
about existing privacy/security tech, while details show that tech
wasn't easy to breach. I have a question.
Should we ask a less technical question. Why there are these global
giant platforms, where it is easy for a social predator to find victims?
Here is verge from 2017:
https://www.theverge.com/2017/8/6/16104280/kik-messenger-app-child-predators-report
Spot the similarity. In a mean time I will scream into void: "Why signal
tells everyone in my address book that I have signal app installed?"
_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging
