Hacker News new | ask | show | jobs
by rahrahrah 3461 days ago
PGP can be used to encrypt at the ends, in which case it is end-to-end encryption. So that's not a different feature.

Care to share what you mean by PGP leaks a lot of metadata? You might be right, I'm just not aware of such details.
3 comments
sliken 3461 days ago
If two users PGP email to each other, anyone who's monitoring either mail server or the network in between can tell A) when they are talking, B) who they are talking to, C) what the subject of the email is, and D) how big the email is.

With signal this is much harder, for instance google/apple do not know who you are chatting to. They also don't handle the encrypted message transport/delivery.

link
dublinben 3461 days ago
None of the email headers are protected in any way for a PGP-encrypted email. All the same metadata is that collected from plaintext email is still available on "encrypted" email. You literally can only protect the body of the email. In surveillance, that is often the least interesting or valuable piece of information.
link
sliken 3461 days ago
As mentioned signal doesn't hide contact discovery. But it does a pretty good job of hiding who you are chatting to from everyone but OWS.

OWS received a Grand jury subpoena and was only able to produce "the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service.".

Certainly a NSL might compel OWS to add additional logging (and not talk about it). With that they could tell who messaged who, when the message was sent, and how big the message was.

link
haffenloher 3461 days ago
> Certainly a NSL might compel OWS to add additional logging

NSLs cannot be used for that. They're a legal tool that can be used to extract certain types of information (such as subscriber information and maybe a little bit of transactional information) that a service provider already has stored on their servers [0]. However, they cannot be used to force a service provider to write and deploy code.

[0] NSLs are not magic - https://www.youtube.com/watch?v=YN_qVqgRlx4&t=20m16s

link
upofadown 3461 days ago
>As mentioned signal doesn't hide contact discovery. But it does a pretty good job of hiding who you are chatting to from everyone but OWS.

Anything that does TLS to connect to a single server can do that. Heck, if you do email to a single email server using secure IMAP and secure SMTP then PGP no longer leaks metadata.

link
rahrahrah 3461 days ago
> OWS received a Grand jury subpoena ( ... )

Link please

link
haffenloher 3461 days ago
https://whispersystems.org/bigbrother/eastern-virginia-grand...
link
qznc 3461 days ago
Signal does not solve the meta data problem either. Discovery is an open problem [0]. Signal messages leak the recipient, which is the most important meta data. You would have to use Tor/Onion routing, which is inefficient.

[0] https://whispersystems.org/blog/contact-discovery/

link
NoGravitas 3461 days ago
PGP encrypts the contents of the message, but not the headers.
link