Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Bender 7 hours ago

It is technically impossible for a large platform to implement E2EE without having a way to target one person to bypass it. True E2EE will always have to be a program external to the chat platform that handles keys out of band like OTR.

Legally it will never truly happen. Any platform saying they have E2EE is outright lying. Lavabit was an example of what happens when a large platform makes lawful intercept impossible. People keep telling me that Proton and Signal are E2EE and I will always offer them a tropical island for sale on the dark side of the moon, heavily discounted. Moxie of all people should know better.

palata 5 hours ago | parent [-]

> It is technically impossible for a large platform to implement E2EE without having a way to target one person to bypass it.

You'd have to explain what you mean here. If you mean that it's impossible to have encryption that is resistant to someone putting a gun on your face and asking for the password, then... well duh.

Bender 5 hours ago | parent [-]

If someone or something else is managing keys for you, even the javascript in your client, then it can be altered by the server just for you. It's really just that simple. If you are creating and managing key trusts outside of the application then they can not tamper with them or add their own keys.

palata 4 hours ago | parent [-]

I still don't understand what you are saying. You claim that Signal is not E2EE. Please explain.

Signal is an open source mobile app that I can audit and compile myself. How is it "obviously not E2EE"?

Bender 4 hours ago | parent [-]

Open source chat and open source AI just mean that the code you are looking at does not have an obvious back door. That has no bearing on run-time use and monkey-patching. As for Signal not being E2EE I already explained. I don't play the contrarian game so you will have to do your own research.

palata 3 hours ago | parent [-]

> As for Signal not being E2EE I already explained.

Either you have not, or it was wrong. It's not clear because there were a bunch of mixed up things (JavaScript has nothing to do with Signal, so I assume you were talking about the Proton web pages, and I would agree there).

> I don't play the contrarian game so you will have to do your own research.

That's not how it works: you say Signal is not E2EE, you prove it. I am convinced that it is, so from my point of view, you don't understand how it works. The only way I can help you understand is if you explain what you believe is wrong there. Google won't tell me that.