← Back to context

Comment by sylware

1 day ago

And your REALLY think E2E is going to "protect" you?

If the "services" want to watch, don't worry they will, "they don't need your password". But I guess they "do" that only for the very baddies, aka child exploitation, human trafficking, terrorists, killers, drug dealers, etc.

We all know here that "information system security" does not exist, this is a fantasy: there is only some "best effort" with a wide spectrum of compromises. If somebody talks to you about "deliverable security", that guy wants to sell you something.

E2E will protect you only against John Doh, "hacker only on Sundays". And we better keep that in mind.

What are you talking about. You think service providers can backdoor aes-gcm? There will always be technology that they cannot get around. The only way to backdoor is to explicitly change the encryption.

  • Are you misunderstanding on purpose?

    This is not specific to 'backdooring aes-gcm implementations' at all. Read again what I wrote, namely this is the general status quo on 'information system security': they don't need your password or aes-gcm key to watch if they really want to. You would be a fool to presume anything else.