Comment by KronisLV
4 months ago
> Of course I recognize that we're talking past each other at that point. Your concern seems to be users not realizing an escrow agent is present. To the extent they might have been deceived about the implementation I'd point out that "snuck in an escrow agent" is just the tip of the security iceberg. They could also have been deceived about the implementation itself. And even if they weren't deceived initially, a binary or web app could be intentionally updated with a malicious version. Does it count as "truly private" if you didn't compile it yourself?
All of these are good points, thanks for taking the time to respond! I think that to a certain degree this means that, for the average layperson and someone with more skills and knowledge, there are still a bunch of challenges and attack vectors to contend with.
It probably involves more of something in the category of OpenPGP (or just Signal, I guess) where you yourselves are in control of the keys, and less of counting on various web apps to do right by the users. That said, E2EE with escrow is still helpful against certain risks and is a net positive, even if I've seen a lot of that misunderstanding about what it actually does.
No problem! The more people conscious of this stuff the better off we all are in the long run.
Anything that you can either audit or compile yourself is generally a good bet. You might add Matrix, XMPP with OMEMO, Briar, and Cwtch to your list.
Proprietary stuff isn't an entirely bad deal though. If you assume they aren't blatantly fraudulent then presumably your data is better protected than it would have been without even an attempt at E2EE.
Same for key escrow schemes. Even if the agent was literally the NSA you'd still most likely be better off than the much more vulnerable alternative. The fewer entities with access and the more deliberate that access is the better.