undefined | Better HN

0 pointsAndrew_nenakhov5y ago0 comments

When you control your own server you kinda don't really need end to end encryption. It only enhances security when you don't trust the entity delivering your messages. It also degrades UX considerably: if the server does not know the contents of your message, it can't do server side archive search, you can't sync devices easily, etc.

0 comments

6 comments · 2 top-level

mynameisvlad5y ago· 2 in thread

> It only enhances security when you don't trust the entity delivering your messages

Which is kind of the point of all these services.

> you can't sync devices easily

Apple seems to handle this pretty easily with great UX.

I switched to a S20 this year. iMessage is one of the only things that I truly miss about my old iPhone.

Andrew_nenakhovOP5y ago

> Apple seems to handle this pretty easily with great UX.

Sigh. This again. Ok.

If have end-to-end encryption, you can't read messages on newly connected devices, unless you somehow pass encryption keys to your new device.

If you do not pass keys between devices, and can still read messages sent from other devices, you do not have end-to-end encryption.

If the only thing you put into device when connecting is your login/password, then even if Apple does retrieve keys from your device and passes it to new device, it can pass it to themselves and gain access to your super confidential messages.

So, no, Apple does not handle this pretty easily.

Source: our product has _real_ end-to-end encryption, and it gives the users a rather big amount of discomfort. If you are told you have really secure messenger, but you do not enter anything but your login/password, well, I've got bad news for you.

> Which is kind of the point of all these services.

If your point is privacy, and you really care about it, just run your own communication server for $2/month. You have all the niceties of server side search and device sync, and none of the pain in the ass that is brought by E2EE. And if your privacy isn't worth $2/month, then you probably don't need E2EE either.

ricardobeat5y ago

According to docs and endless reporting on iMessage, the messages are end-to-end encrypted in transit. In addition to that, they are stored (optional) in your iCloud account, using a separate key, itself stored in iCloud Keychain (protected by 2FA), and this is how you recover them on a separate device. If you opt-out from iCloud backup the messages are not recoverable, can also set them to be erased after 30 days.

> it can pass it to themselves and gain access to your super confidential messages

They can also send your PIN, private keys, all logins and passwords to their own servers, or simply log chats from the system keyboard and UI or any of the OS layers they control. The same is true for any app running on iOS/Android. If you don't trust the OS there is no working around it in software.

1 more reply

filoleg5y ago· 2 in thread

>It only enhances security when you don't trust the entity delivering your messages

Trust in entities is fleeting. You trust an entity today, you might not trust it tomorrow. End-to-end encryption, in contrast, is not fleeting, as long as you trust math.

Andrew_nenakhovOP5y ago

I was actually talking about running your own server. If someone is _really_ caring about his privacy, he can allow himself to spend $2/month on it.

And if someone's trust for his own service is fleeting... uh-oh.

jychang5y ago

> And if someone's trust for his own service is fleeting... uh-oh.

I definitely won't trust my own code to keep me alive, if that's what's preventing a government from killing me or something.

There's a very good chance my homemade server config or encryption code has a big side channel vulnerability or something.

1 more reply

j / k navigate · click thread line to collapse

0 comments

6 comments · 2 top-level

mynameisvlad5y ago· 2 in thread

> It only enhances security when you don't trust the entity delivering your messages

Which is kind of the point of all these services.

> you can't sync devices easily

Apple seems to handle this pretty easily with great UX.

I switched to a S20 this year. iMessage is one of the only things that I truly miss about my old iPhone.

Andrew_nenakhovOP5y ago

> Apple seems to handle this pretty easily with great UX.

Sigh. This again. Ok.

If have end-to-end encryption, you can't read messages on newly connected devices, unless you somehow pass encryption keys to your new device.

If you do not pass keys between devices, and can still read messages sent from other devices, you do not have end-to-end encryption.

So, no, Apple does not handle this pretty easily.

> Which is kind of the point of all these services.

ricardobeat5y ago

> it can pass it to themselves and gain access to your super confidential messages

1 more reply

filoleg5y ago· 2 in thread

>It only enhances security when you don't trust the entity delivering your messages

Trust in entities is fleeting. You trust an entity today, you might not trust it tomorrow. End-to-end encryption, in contrast, is not fleeting, as long as you trust math.

Andrew_nenakhovOP5y ago

I was actually talking about running your own server. If someone is _really_ caring about his privacy, he can allow himself to spend $2/month on it.

And if someone's trust for his own service is fleeting... uh-oh.

jychang5y ago

> And if someone's trust for his own service is fleeting... uh-oh.

I definitely won't trust my own code to keep me alive, if that's what's preventing a government from killing me or something.

There's a very good chance my homemade server config or encryption code has a big side channel vulnerability or something.

1 more reply

j / k navigate · click thread line to collapse