| ▲ | hexage1814 12 hours ago |
| It doesn't matter. Web-based cryptography is always snake oil https://web.archive.org/web/https://www.devever.net/~hl/webc... |
|
| ▲ | szmarczak 11 hours ago | parent | next [-] |
| > if the server operator was malicious, they could just push different client-side JavaScript Same as with OS updates, browser updates, dependencies used by the OS, dependencies used by the browser. Also you can run malicious software such as keyloggers and you're compromised. That argument doesn't mean E2E (even web based) is snake oil. Browsers just give you more points of failure. |
| |
| ▲ | mr_mitm 8 hours ago | parent [-] | | The difference is: in web based cryptography, you get the cipher text and the code to decrypt it from the same source. Hijacking OS updates is arguably much harder than hijacking one particular web server, and there is pretty much no effective defense against malicious OS updates. | | |
|
|
| ▲ | afiori 11 hours ago | parent | prev | next [-] |
| Agree, but a significant point missed in the article is that of data vulnerability. with E2EE the company db is useless to an external attacker. For some companies (eg facebook, google, tiktok) i would be mostly worried about the company itself being untrustworthy. For others I would be mostly worried about the company being vulnerable. |
| |
| ▲ | trashb 8 hours ago | parent [-] | | > with E2EE the company db is useless to an external attacker. Depends on who is defined as the other end, it may be that the company db is the other end. |
|
|
| ▲ | 11 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | tuxracer 11 hours ago | parent | prev [-] |
| It's a native app what are you talking about |
| |
| ▲ | ftigis 10 hours ago | parent | next [-] | | > It is worth noting that this law also applies to non-web applications where the service provider supposedly being secured against is also the client software distributor; thus, the “end-to-end encryption” offered by Whatsapp and Signal, amongst other proprietary services, is equally bogus. (Both Whatsapp and Signal ban use of third party clients, and enforce this policy.) | |
| ▲ | bougainvilley 6 hours ago | parent | prev [-] | | the specificity of between web apps that is highlighted by the article is that you receive a bundled code of software every time you open or use the app, as opposed to say, the operating system or desktop apps, which are less frequently updated. (Native) mobile apps are like web apps in that they release updates almost every day. |
|
