← Back to context

Comment by Bender

12 hours ago

Email encryption for most people is sufficient even if the metadata is exposed. One can simply state in their email encryption "Bing Bing Bong" or "Why did you not put the trash out?" which might mean to the recipient :: "check the second SFTP server" or "let the cat outside" or "Jump on my private Mumble chat server" or "Get on my private self hosted IRC server". The email message need not be encrypted for that matter.

The intended payload can be in an header-less encrypted file on a throw-away SFTP server in the tmpfs ram disk.

5 comments

Bender

Reply
tuwtuwtuwtuw  7 hours ago

So it's end to end encrypted except that third parties can see who you communicated with and when? Sure.

  • unethical_ban  6 hours ago

    I have never considered metadata a part of the term E2EE. It has always been about the message contents.

    I understand that metadata is valuable information for spies/governments and that encrypting or hiding it is valuable for privacy. But if you use that definition, there are almost no E2EE protocols on the planet in use.

    First and foremost, any protocol that uses Apple or Google push notifications is giving metadata to those organizations. Even Whatsapp, iMessage, Signal, Telegram private messages, all of that leaks metadata but the contents of messages are hidden from the provider.

beeflet  7 hours ago

yeah bro genius, that sounds like a totally actionable thing people will do all the time with email. Be sure to drink your ovaltine

  • Bender  6 hours ago

    yeah bro genius

    I know, right? I admit that is mostly for people on Linux desktops. People on smart phones are 100% monitored regardless of encryption or fake E2EE that platforms pinky promise is really E2EE like Signal. Shame on Moxie, he knows better.

    Ovaltine has a crapload of sugar. Don't drink that horse piss.