The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space.
Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used.
not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too.
It’s performative security, when an app still requires a phone number, can’t have your own server, and all these audits are meaningless as you might have memory injected spyware later, it is NOT secure, never was.
The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space.
Surprising that end-to-end encryption doesn't really matter when you get into one of the ends.
Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used.
not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too.
3 replies →
Certainly very hard to defend against that when the messenger you're using won't let you use a device you control.
>The message can't be intercepted in transit
Lol, so like ... all encryption schemes since the 70s?
They do have stronger schemes, which are called hash functions.
8 replies →
How is this related?
I see there's some room for ambiguity.
See, https://en.wikipedia.org/wiki/Moxie_Marlinspike
Apologies for being dense. Could you spell out how you went from Paragon Solutions to the Signal Protocol?
2 replies →
Cool, can you now show how the protocol has been broken? Lot of smart people would love to see your novel research.
Yea I knew which Moxie it was but that didn’t help at all haha
It’s performative security, when an app still requires a phone number, can’t have your own server, and all these audits are meaningless as you might have memory injected spyware later, it is NOT secure, never was.