>Any insights as to why the big players are implementing E2E while ignoring P2P? Is this a control issue or purely related to technical challenges?
Both. Certainly a lot of major players see messaging as an important strategic area, not much needs to be said about that. But remember, for actual secure communications one needs both encryption and authentication, and the latter is a much more challenging problem. Purely as a matter of tech there could be better ways to go about that, but in practice there isn't any great infra for that inter-system, which is both distributed or at least federated and easy/accessible for the overwhelming majority of the population. It's improving in fits and starts but still a mess. A lot of the natural places that might make sense to base authentication off of have insecure foundations with enormous legacy base that'd be hard to change (typical collective action problem), or are very slow moving for other reasons.
Centralized solutions just make authentication much easier, even if at obvious cost and SPOF-risk. Within any given platform the centralized provider can of course guarantee all participants about certain properties of whomever they're dealing with. Governments could perhaps require some sort of industry standardized public-key based interoperability of auth, but even assuming they didn't muck it up goverments themselves (as this article shows) have unfortunate perverse incentives there. Not many have internalized yet that the economic cost of poor authentication and security is very high because it's so distributed. There may be a bit of coming around on that but it's slow. A grim silver lining to all the ransomware attacks for example is that at least they're highly visible and painful, and at last have started to motivate minds a bit. But the addiction of many agencies to old models is strong.
In the US, people have meager upload bandwidth. I assume to deliver a comparable experience as serving from the cloud, P2P would require much more upload bandwidth for individuals.
This is true of any network architecture that guarantees delivery of a message between terminii.
The legal conflation you're actually homing in on is we conflate technical terminals with their human users. We've been doing it for years, and it shows no sign of slowing down.
I meant the other party that you are talking too. For example I initiate a conversation with you and now I know your IP address. This was a problem with Yahoo! Messenger which was P2P.
yes, let's route billions of people through Tor when we are already scraping by on bandwidth because exit nodes get shut down left and right. and no, the companies themselves shouldn't set up exit nodes to expand the network because then they would still know everyone's IP address and could give that info to the police. either the Tor network gets reinforced on a completely independent basis or nothing
Both. Certainly a lot of major players see messaging as an important strategic area, not much needs to be said about that. But remember, for actual secure communications one needs both encryption and authentication, and the latter is a much more challenging problem. Purely as a matter of tech there could be better ways to go about that, but in practice there isn't any great infra for that inter-system, which is both distributed or at least federated and easy/accessible for the overwhelming majority of the population. It's improving in fits and starts but still a mess. A lot of the natural places that might make sense to base authentication off of have insecure foundations with enormous legacy base that'd be hard to change (typical collective action problem), or are very slow moving for other reasons.
Centralized solutions just make authentication much easier, even if at obvious cost and SPOF-risk. Within any given platform the centralized provider can of course guarantee all participants about certain properties of whomever they're dealing with. Governments could perhaps require some sort of industry standardized public-key based interoperability of auth, but even assuming they didn't muck it up goverments themselves (as this article shows) have unfortunate perverse incentives there. Not many have internalized yet that the economic cost of poor authentication and security is very high because it's so distributed. There may be a bit of coming around on that but it's slow. A grim silver lining to all the ransomware attacks for example is that at least they're highly visible and painful, and at last have started to motivate minds a bit. But the addiction of many agencies to old models is strong.