undefined | Better HN

0 pointslxgr3y ago0 comments

> Pretty much no one does any sort of identity verification anyway on any E2EE messaging system. So that means that the people running the servers can MITM if they feel like it to get the content.

The fact that anybody can verify keys raises the stakes of attempting a MITM attack significantly and thus protects the majority that doesn't verify keys themselves.

0 comments

upofadown3y ago

Sure it is a good feature to have, but this sort of attack is going to be targeted. You don't do it to everyone. In the unlikely event you do get caught then you can act dumb in almost all cases. Blame Pegasus or whatever...

lxgrOP3y ago

I have no illusions about being able to keep a nation state attacker off my devices, but not having all of my correspondence shared with all kinds of third parties by default sure feels nice.

vinay_ys3y ago

Don't forget anonymity with temporary/throwaway devices and handles combined with E2EE PFS protocols can be very powerful to thwart such surveillance.

gruez3y ago

Except that if your target finds out, it would undoubtedly increase their paranoia level, making future attacks against him harder and compromising future operations. There's a reason why law enforcement keeps wiretap warrants sealed.

j / k navigate · click thread line to collapse