|
|
|
|
|
|
by mbenjaminsmith
3746 days ago
|
|
|
I think it's surprising / disturbing that the discussion here is centered on the importance of open sourced apps. What security does an open source encryption app offer when it's running inside a closed hardware / software platform that has direct access to your messages in the clear before they're encrypted and after they're decrypted. If Apple (not picking on them I'm just an iPhone user) wants to or is compelled to monitor what you're doing on your phone they can. Period. End of discussion. As a thought experiment I think it's valuable to consider what secure messaging over an iPhone would look like. It's actually very simple, just very inconvenient. You encrypt your messages on another, air-gapped computer with known and trusted hardware (a Raspberry Pi works). From there you deliver your encypted text over the phone via whatever channel is convenient -- SMS, Facebook, Twitter, etc. On the receiving end you do the reverse. If you're not doing that then your communication is theoretically and practically insecure. Discussion of the security of encypted messaging apps is not only worthless it's actually dangerous. It's security theater and takes the focus away from the actual issues -- at best, at worst it convinces people that insecure channels are secure. I can't figure out if this is lost on most people, they're in denial or if there is actually a concerted effort to mislead. Smartphones -- and most computers -- are insecure by definition. People need to understand that and act accordingly if privacy is important to them. |
|
|
What we have to fight first is the dragnet. Government just sucking up all communication. This can be archived by end to end encryption even if the computer used are not secure. This forces government to compromise every individual enduser device, such action is impossible on the scale that they do now.
This means the have to limit the amount of people they attack. Once we have archived that, we need to massively improve on end user device security. Secure elements and separate smart cards are decently the future.
Having a trusted Smart card for your encryption needs is decently the future. I already use a Yubikey over NFC when sending email.
You need to stop thinking about absolute security and start thinking about the cost of mass surveillance.