Remix.run Logo
d1sxeyes 3 days ago

> A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

So once you’ve solved this problem, you’ll need to ensure there’s no software running which can capture the screen and/or keyboard inputs.

Then make sure that every peripheral is running firmware which you know isn’t compromised.

Then make sure the hardware itself is not compromised.

Then make sure the user’s screen is not being recorded. Or visible on any CCTV camera.

There’s a line between utility and perfection. Everything in the real world lives somewhere to the left of “perfection”.

The article is not wrong that there’s a threat model that makes our current ways of doing E2EE less than perfect, but it doesn’t impugn the actual E2EE implementation at all, and is not much different to saying “your data is still not secure because someone could take screenshots!”