Hacker News new | ask | show | jobs
by Galanwe 112 days ago
I fail to see the link between private conversations/DM and E2EE.

To quote a comment I made some time ago:

- You can call your service e2e encrypted even if every client has the same key bundled into the binary, and rotate it from time to time when it's reversed.

- You can call your service e2e encrypted even if you have a server that stores and pushes client keys. That is how you could access your message history on multiple devices.

- You can call your service e2e encrypted and just retrieve or push client keys at will whenever you get a government request.

E2EE only prevents naive middlemen from reading your messages.
2 comments
Ekaros 112 days ago
Fundamentally actual E2EE is complicated problem. And probably not very user friendly. It is full of technical trade-offs. And mistakes are very common. Or they lead to situations that people do not want. Like if you lost your phone or it break how do you get history back... What if you also forgot password? Or it was stored in local manager...

It is phrase that sounds good. But actually doing it effectively in way that average user understand and can use system with it with minimal effort is very hard.

link
bstsb 112 days ago
no you couldn't. that wouldn't be considered end-to-end encrypted in any modern sense
link
Galanwe 112 days ago
What I described is essentially how the vast majority of E2EE messaging platforms work. And I say that having worked for one of them.
link