| ▲ | londons_explore 8 hours ago |
| Tiktok has private messaging, and it is used by hundreds of millions of people. IMO no consumer service should have private 1:1 messaging without e2e. Either only do public messaging (ie. Like a forum), or implement e2e. |
|
| ▲ | RobotToaster 7 hours ago | parent | next [-] |
| Tiktok has direct messages, they don't even call them private. It's better that they're honest about this, nobody should believe for a second that WhatsApp or FB messages are truly E2EE. DM on social media shouldn't be used for anything remotely private. It's a convenience feature, nothing more. |
| |
| ▲ | throw0101c 6 hours ago | parent | next [-] | | > Tiktok has direct messages, they don't even call them private. It may not be called that, but what are users expecting? Some folks may later be surprised when a warrant gets issued (e.g., from a divorce judge). | | |
| ▲ | giancarlostoro 6 hours ago | parent [-] | | If you are a grown adult and dont do research on “messaging apps” (which Tik Tok is not) then thats really on you. | | |
| ▲ | foobarchu 2 hours ago | parent | next [-] | | This viewpoint isn't a slippery slope, it's a runaway train. "You moved into a neighborhood with lead pipes? That's on you, should have done more research"
"Your vitamins contained undisclosed allergens? You're an adult, and it didn't say it DIDN'T contain those"
"Passwords stolen because your provider stored them in plaintext? They never claimed to store them securely, so it's really on you" | |
| ▲ | oarsinsync 6 hours ago | parent | prev | next [-] | | If you are a grown adult and don't do research on "<insert any topic that could have a material negative impact on your life, but that is not currently on your radar as being a topic that could have a material negative impact on your life>" then that's really on you. Unfortunately, this doesn't scale. | | | |
| ▲ | red-iron-pine an hour ago | parent | prev [-] | | 80% of the population does not and will never do that level of deep dive on apps same discussion for any form of technology be it TVs or changing their car's oil the deliberate app-store-ification of all things computer is also designed to keep people from asking those questions -- just download in and install, pleb. it's why the Zoomers can't email attachments or change file types: all of the computers they grew up with were designed so they never had to understand what happens under the hood. |
|
| |
| ▲ | throwaway290 6 hours ago | parent | prev [-] | | > nobody should believe for a second that WhatsApp or FB messages are truly E2EE That's interesting. You think all firms that audited WhatsApp and Signal protocol used by WhatsApp and all programmers who worked there for decades and can see a lie and leak if it was true are all crooks? valid opinion I guess, but I won't call it "no one should believe for a second (curious you didn't mention Telegram, it is actually marketed as secure and e2e and it has completely gimped "secret chats" that are off by default and used by like almost nobody.) | | |
| ▲ | max-privatevoid 4 minutes ago | parent | next [-] | | I'll believe it when it's FOSS | |
| ▲ | giancarlostoro 6 hours ago | parent | prev [-] | | I forget if its WhatsApp that technically lets you sync chats in unencrypted form to iCloud which is the “loophole” around this, though you can lockdown your iCloud even tighter, not sure it Apple can do much if you fully lock down your iCloud, not sure if this has been legally tested? Its not a very advertised feature its just a setting. | | |
| ▲ | oarsinsync 6 hours ago | parent | next [-] | | WhatsApp iPhone syncs to iCloud unencrypted by default[1]. iMessage also syncs to iCloud unencrypted by default[2]. [1] Depends on you paying for iCloud storage, so that you have space for a full phone backup to occur. [2] Might be "free" with "iMessage in iCloud", an option to enable separately. | | |
| ▲ | throwaway290 5 hours ago | parent [-] | | > WhatsApp iPhone syncs to iCloud unencrypted by default[1]. Not true. You must choose to enable it or not when you set up new phone. On mine it does not back up | | |
| ▲ | monooso 4 hours ago | parent [-] | | If you must "choose to enable" encryption, that implies it's off by default. If so, GP's statement is accurate. | | |
|
| |
| ▲ | gzread 6 hours ago | parent | prev | next [-] | | The Android version syncs all your chat logs to Google Drive without encryption by default. That's the backdoor. | |
| ▲ | throwaway290 6 hours ago | parent | prev [-] | | Right now it got a switch to enable e2e for backups, but yeah I think default backup is probably a workaround... |
|
|
|
|
| ▲ | trashb 7 hours ago | parent | prev | next [-] |
| In my experience most forums have private messaging. Additionally I think it is fine to say "we don't support e2ee". I prefer honesty to a bad (leaky) e2ee implementation, at least the user can make an informed choice. |
| |
| ▲ | Ekaros 7 hours ago | parent | next [-] | | I agree. At least take of "Yes messages are stored on our servers" is honest. And if they are accessed by anything else than limited subpoena is policy or legal issue. | |
| ▲ | cucumber3732842 5 hours ago | parent | prev [-] | | >In my experience most forums have private messaging. Yeah but it's kind of accepted that the forum owner could read it all if they so chose. Maybe this is a hold over from back in the old days when encryption was nowhere near default during which forums arose. |
|
|
| ▲ | Bender 3 hours ago | parent | prev | next [-] |
| Adding that private self hosted forums can permit uploads of encrypted files, encrypted with a pre-shared secret or a secret shared over a private self hosted Mumble voice chat server. |
|
| ▲ | tuwtuwtuwtuw 7 hours ago | parent | prev | next [-] |
| The email protocols would like to have a chat with you. |
| |
| ▲ | kgwxd 6 hours ago | parent [-] | | You can bring your own encryption to that, and bring your own client to automate it. | | |
| ▲ | em-bee 5 hours ago | parent [-] | | you can encrypt the content but not the metadata, not even the subject unless you use a customized client that encodes it (like deltachat which doesn't use a subject at all), but then you still have your email address exposed. for all intents and purposes email is not e2ee. | | |
| ▲ | Bender 3 hours ago | parent [-] | | Email encryption for most people is sufficient even if the metadata is exposed. One can simply state in their email encryption "Bing Bing Bong" or "Why did you not put the trash out?" which might mean to the recipient :: "check the second SFTP server" or "let the cat outside" or "Jump on my private Mumble chat server" or "Get on my private self hosted IRC server". The email message need not be encrypted for that matter. The intended payload can be in an header-less encrypted file on a throw-away SFTP server in the tmpfs ram disk. |
|
|
|
|
| ▲ | DoneWithAllThat 5 hours ago | parent | prev [-] |
| And yet virtually all consumer services with 1:1 messaging lacks e2e. This is a bit of a quixotic position to take. |
