|
|
|
|
|
|
by throwawaymath
2708 days ago
|
|
|
End-to-end encryption is about decomposing trusted parties and compartmentalizing untrusted infrastructure. There are meaningful differences between end-to-end encryption and server-side encryption. These differences are entirely orthogonal to the question of whether or not you can verify the client or the server. This is what I was getting at in my other comment. If you’re going to reject end-to-end encryption because you can’t verify the client, you’re looking at a very different set of criteria to establish the confidentiality and authenticity assurances you want. In particular, you are at a point where it’s difficult to establish a secure channel unless you’re using a fully decentralized, federated protocol with a server you stood up yourself. |
|
|
The parent poster is not rejecting end-to-end crypto itself, but how it's typically done. (on a locked phone you don't really control in an autoupdating app you don't control at all) Web based end to end encryption is even more ridiculous (say mega.nz for example), because then it's even more trivial to distribute different code to differnet users.