|
|
|
|
|
|
by TalkingCodeMonk
2 days ago
|
|
|
What if the CA certs are compromised, as was alluded to for GCP in the Snowden leaks? All server security measures are irrelevant if every client req/res is dragnet siphoned off to NSA servers in plaintext. It would also afford the corporation deniability even if they were aware or involved. This is why everything than can feasibly be E2EE (or performed locally) should be, unless the data is explicitly public. There are too many opportunities for compromise even when the provider has the best of intentions, and ruling class psychopaths aren't intentionally destroying democracy or implementing big brother. |
|
|
Are you suggesting that PCC specifically is sending things in plaintext, or that the security promises in the server and arch are false, or that a compromised CA means… IDK what?
I’m with you on the big principles, but are you implying more specific attack vectors or just kind of maybe everything could be compromised somehow?