undefined | Better HN

0 pointsdijit3y ago0 comments

Right, I'm tired of this.

E2EE doesn't mean anything if you have the same entity controlling the server as is controlling the endpoints.

If you control both ends of an E2EE communication and they are closed then you gain nothing over normal TLS encryption, you still trust the authority. (Whatsapp is obviously closed and yes, signal can be considered effectively closed as their client is not reliably or reproducably built from public sources and has hidden their agendas before[0]; and even depends on binary blobs from Google..)

I know your favourite closed/walled messenger platform is basically religion at this point: but for heavens sake; please understand that unless you're auditing your clients or you can run trustable third-party clients; then end-to-end doesn't mean anything at all.

It's just marketing buzzwords.

[0]: https://www.youtube.com/watch?v=tJoO2uWrX1M&t=880s

0 comments

throwaway2903y ago

If you say something ML thinks is wrong in Teams, you can be fired (at will).

If you say something to your colleague via Whatsapp, the only scenario it can be used against you is if you commit an actual crime with reasonable evidence, they subpoena the records, and FB will be willing to go on record to the entire world as lying about Whatsapp E2EE, all in the name of putting you behind bars.

(Also, maybe we can imagine that products actually do what they do and it is not normal to fear lies and nefarious agenda behind every offering?)

dijitOP3y ago

there were two points made:

1) Signal and whatsapp are not 100% trustworthy

Maybe the implication is that it will leak info to your employer, but I think this is more like a general statement; one that is likely an attempt to discuss why we still put our conversations into the hands of large companies with potentially unknown motives; and the questionable state of using "end-to-end" where one entity controls the network, access to the network and both ends of the exchange.

2) Why not use something you can host yourself

to which a reasonable reply is: network effects; I already have signal/whatsapp/telegram and I do not worry about them sending information to my employer.

Unless your employer is facebook, then I think that's a perfectly legitimate rebuttal, but one nobody is making.

In fact, people would rather argue that signal/whatsapp is the best privacy platform in the universe due to e2ee!

crummy3y ago

We're talking in the context about employers reading the plaintext of messages you send, right? Is Signal the same as Teams in this regard?

fartcannon3y ago

I don't really know who you're arguing against, because I'm with you on the points you address. Why I care that its open is so that when they eventually pull a Microsoft, or Facebook style anti-consumer move, we can fork off and continue on how we see fit. It's about control of our communication.

Using signal is the same as using WhatsApp. Eventually Facebook will buy it.

dijitOP3y ago

I'm agreeing with you and I'm frustrated that you got downvoted.

fartcannon3y ago

Ah I see. Well thank you for your concern. I'm pretty used to it by now. :)

Its weird how much people fight against their own interests though eh.

Thorrez3y ago

Other people can audit it. That gives you a fair amount more assurance than non-E2E.

In addition to the theoretical benefits of E2E, I get actual noticeable behavior benefits. I've sent links to a family member on Facebook Messenger that it decided to censor and my messages didn't get sent. This happens to others as well[1]. There are reports of similar things happening with SMS[2]. That doesn't happen with WhatsApp or Signal.

[1] https://news.ycombinator.com/item?id=28341737

[2] https://news.ycombinator.com/item?id=29744347

usrn3y ago

And we have cross platform signal style E2EE now in the form of OMEMO for XMPP. It's just that no one wants to use it.

j / k navigate · click thread line to collapse

0 pointsdijit3y ago0 comments

Right, I'm tired of this.

E2EE doesn't mean anything if you have the same entity controlling the server as is controlling the endpoints.

It's just marketing buzzwords.

[0]: https://www.youtube.com/watch?v=tJoO2uWrX1M&t=880s

0 comments

throwaway2903y ago

If you say something ML thinks is wrong in Teams, you can be fired (at will).

(Also, maybe we can imagine that products actually do what they do and it is not normal to fear lies and nefarious agenda behind every offering?)

dijitOP3y ago

there were two points made:

1) Signal and whatsapp are not 100% trustworthy

2) Why not use something you can host yourself

to which a reasonable reply is: network effects; I already have signal/whatsapp/telegram and I do not worry about them sending information to my employer.

Unless your employer is facebook, then I think that's a perfectly legitimate rebuttal, but one nobody is making.

In fact, people would rather argue that signal/whatsapp is the best privacy platform in the universe due to e2ee!

crummy3y ago

We're talking in the context about employers reading the plaintext of messages you send, right? Is Signal the same as Teams in this regard?

fartcannon3y ago

Using signal is the same as using WhatsApp. Eventually Facebook will buy it.

dijitOP3y ago

I'm agreeing with you and I'm frustrated that you got downvoted.

fartcannon3y ago

Ah I see. Well thank you for your concern. I'm pretty used to it by now. :)

Its weird how much people fight against their own interests though eh.

Thorrez3y ago

Other people can audit it. That gives you a fair amount more assurance than non-E2E.

[1] https://news.ycombinator.com/item?id=28341737

[2] https://news.ycombinator.com/item?id=29744347

usrn3y ago

And we have cross platform signal style E2EE now in the form of OMEMO for XMPP. It's just that no one wants to use it.

j / k navigate · click thread line to collapse