|
|
|
|
|
|
by camgunz
805 days ago
|
|
|
> But I agree server side feels better for this. OTOH that means it is not really e2e as there is some machine with your unencrypted data on it ready to be hacked. It's true this is a step up from "non-encrypted at rest", which has been pretty troublesome. But the whole point of E2EE is to defend against a hostile server. I can't understand the point of releasing an encryption toolkit, labeling it as "implements E2EE", but then ruling out the very thing E2EE is supposed to address from your threat model. The only reasonable thing to conclude is that this isn't E2EE. I'm not saying it's dangerous, or even that it's worthless, just that it's mislabeled. |
|
|