Comment by ridaj
5 years ago
What are your plans for when your app is found to host content such as terrorist executions, child porn, etc.? (This isn't trolling, it's something that eventually happens with every product, and I've been wanting a non-Google version myself but wondering how that kind of abuse would be dealt with.)
Since it‘s a paid service with user accounts. You would be able to ban users that have been reported to use this service for illegal means. The same question can be asked to WhatsApp / iMessage / Signal / etc.
the answer is right here https://ente.io/transparency
It does not say how often it is updated. Wouldn't it be better to say "as of 8/29/2021, we have received no such requests and we are updating this page monthly".
Yes, this is a good first step towards a true warrant canary, but you need to date it and provide a cryptographic hash of the content.
I don't think they would be able to do anything about it, since (from what I could infer from reading) it is zero-knowledge, so no one from the company can access the pictures. I might be wrong, though
Well, depending on legislation, they could be ordered to change the code to send the user password to them on next login for that account and then decrypt everything…
The architecture of Ente (https://ente.io/architecture) prevents your unencrypted master key from being exposed to the server. The password authentication appears to be client-side, which means that the data could not be compromised solely by a malicious server-side change.
Now, Ente could still change its web application to somehow leak the master key and not disclose the changes in the source repo. One solution for this vulnerability is to package the entire web client as a browser extension, which is what Mega is doing:
https://github.com/meganz/web-extension
1 reply →
Yes, and that is a problem.
What is the problem/why is there a problem?
3 replies →
The answer to this question is why the only solution in the long run is local storage.
Just imagined a distopian future where storing data locally would be illegal, for the society good of course /s
Not when you have government-mandated software checking your local files against hashes. Not today, but someday.
It is not possible to prove this, because the photos are encrypted.
Encrypted content can be decrypted.
Links and data tranfers can be traced.
Warrants and suponeas can make such traces / actions legal.
something that only showed up in mainstream media 10 years after smart phones got launched. gawd.