this post was submitted on 29 Jul 2023
1 points (100.0% liked)

privacy

0 readers
1 users here now

Rules (WIP)

  1. No ad hominem allowed
  2. Attack the idea, not the poster

founded 1 year ago
MODERATORS
 

The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.

Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.

Random thoughts...

Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:

  1. Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
  2. Alice prepares her plain text message locally: Alice.txt
  3. She does gpg -sea -r Bob -o ascii.txt Alice.txt
  4. Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
  5. So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
  6. gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
  7. He types his reply locally (not directly on the messenger): Bob.txt
  8. gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
  9. Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt

In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.

Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here