| ▲ | unyttigfjelltol a day ago |
| TL;DR: An EU health data firm run by ex-military cryptographers offers a web portal for encrypting documents, which inherently exposes unencrypted documents to the company and US national security laws. The media outlet incidentally also doubts the trustworthiness of military veterans from Israel. Even following the "if there's smoke there's fire" model, unclear there's a strong scent of "smoke" here. One could write a similar guilt-by-historical-association article concerning anyone, in the same position, really. Obviously if you're uploading a file to a 3d party website, the vendor has some technical access, this should be warned. |
|
| ▲ | pareidolia a day ago | parent | next [-] |
| The bigger problem is that this model is inherently flawed. Even if end-to-end encryption with browser crypto were implemented, there is never any security since the code in the browser can simply be swapped with compromised code that diverts the plaintext somewhere. I've been forced to use this service, by way of healthcare professionals just disclosing correspondence to this service without asking for my consent. Smeerlappen. |
| |
| ▲ | tucnak a day ago | parent | next [-] | | > there is never any security since the code in the browser can simply be swapped with compromised code that diverts the plaintext somewhere. This is not the case in the land of DICE-like key derivation; see TKey protocol for example. You can download and run an actual rv32 program on actual FPGA over WebUSB without having to worry about its provenance. If the program is modified, firmware will derive a completely different key. | | |
| ▲ | pareidolia a day ago | parent [-] | | Zivver is a web application. The javascript that comes with the webpage can change at any time for any reason, as Zivver sees fit. | | |
| ▲ | tucnak a day ago | parent [-] | | I'm simply pointing out that web standards allow for secure end-to-end communication, and more, in fact they happen to allow arbitrary cryptographic constructions—as long as the program itself never changes. | | |
| ▲ | pareidolia a day ago | parent [-] | | But this requires special hardware right? | | |
| ▲ | tucnak a day ago | parent [-] | | Not necessarily. You can run TKey in qemu :-) etc. The hardware aspect is what makes it easy to use, with WebUSB and all. The derivation algorithm is key. And it takes program binary as parameter to Blake2 hash function. |
|
|
|
| |
| ▲ | _el1s7 a day ago | parent | prev [-] | | Security is an illusion. | | |
| ▲ | pareidolia a day ago | parent [-] | | Then reply with your passwords. | | |
| ▲ | sallveburrpi a day ago | parent [-] | | ****** Luckily HN automatically detects when you post your password and obfuscates it with * - try it out yourself! | | |
|
|
|
|
| ▲ | Fnoord a day ago | parent | prev | next [-] |
| [flagged] |
| |
| ▲ | techsystems a day ago | parent [-] | | I used this in NL with the government. What can I do? | | |
| ▲ | nunobrito a day ago | parent [-] | | Not much, your data is already outside the EU being archived and processed by other countries. |
|
|
|
| ▲ | SilverElfin a day ago | parent | prev [-] |
| [flagged] |
| |
| ▲ | yonixw a day ago | parent [-] | | LOL Next one: Cloudflare has an edge in Israel. And has workers who were in Unit8200 before 1991 (per linkedin) and ISRALIES. Who uses Cloudflare? MANY MEDICAL ORGS. Also, Cloudflare is just like MITM (CDN SSL termination). So does ISRAEL SPIES read all your MEDICAL data? > "To think otherwise is completely naïve" (real qoute from the article btw = no proof) What a sham article. Trump's TruthSocial level. But hey, most upvoted today (440+ points). And no point on reporting to mods also, I just get copy paste reply. |
|
