Comment by lxgr
1 year ago
Yes: End-to-end encryption is technically quite difficult, but politically and legally feasible (at least currently, at least in most countries).
Simply not cooperating with law enforcement is technically moderately difficult, but politically and legally impossible.
Between a difficult and an impossible option, the rational decision is to pick the difficult one.
Indeed. Even being charitable and assuming that they're not lying (they say elsewhere that they've shared zero bytes with law enforcement, despite this being demonstrably false), in reality if say, they were to arrest the founder in an EU country (France, perhaps), all they need to do is threaten him with twenty years in prison and I'm sure he'll gladly give up the keys from all the different locations they supposedly have.
Is there a nice solution for multiparty (n >= 3) end-to-end encryption?
Arguably WhatsApp's protocol scales reasonably well (nice description in this survey paper: [1]), at least well enough for maximum WhatsApp group sizes (times up to four devices per participant).
[1] https://eprint.iacr.org/2017/713.pdf
MLS scales best for large n, but WhatsApp/Signal or Matrix do pretty well for < 1k people
https://en.wikipedia.org/wiki/Messaging_Layer_Security
https://github.com/facebookresearch/asynchronousratchetingtr...
A possible implementation using existing infrastructure where at least the client is open: modify the messaging client so that when it receives multiple pvt connections it routes every incoming message to all connected members. Now if you have say 10 users that want group encrypted chats, have one of them run the modded client too so that any user connecting to a pvt chat with that client will essentially enter a room with other users. Of course this requires trust between members, and adding another encryption layer on all clients might turn out necessary so that you don't need to worry about the carrier telling the truth (all p2p connections encrypted, etc)..
Have the room owner create an AES 256 key, send it to all Party members via 1:1 e2ee, encrypt room messages with that AES key.
This kills the forward secrecy.
IIRC Signal just has each group member send each group message to each recipient with the standard pair-wise encryption keys. It's the message's headers that lets the recipient know it's intended for the group and not the 1:1 group.
this is pretty much what Matrix does, if I understand correctly.
Additionally the key is regularly updated to provide some degree of perfect forward secrecy and avoid encrypting for people who left the group chat
2 replies →
simplex.chat
The entire platform is a joke. It pretends to have no identifiers and heavily markets queues (a programming technique) as a solution to privacy problem.
You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills.
They're lying by omission about their security, and misleading about what constitutes as a permanent identifier.
4 replies →