U.K. orders Apple to let it spy on users’ encrypted accounts
-
Rip America
-
That shouldn't matter to the open source encrypted chat apps because their code can be audited by anyone. Just another reason to ONLY use fully open source software when dealing with anything cryptography related.
-
Same with us Aussies
-
I suspect it's the latter one. The book titled "The Hacker and the State" goes into detail about how it can be done (or may have been done in the past). A fascinating read for anyone interested in the subject.
-
I agree with using open source software, but the source code of said chat apps is just one part of the equation.
AFAIK cryptography implementation relies on the operating system / firmware the app is running on (they tend to be closed source). Most implementations rely on random generators provided be the operating system. Doesn't really matter how good the encryption implementation is in the chat app if the software it relies on is compromised - see book I recommended above (The hacker and the state).
-
The government could get google to remotely install a system app that reads your encryption keys.
But it’s not like they’d do that….Oh, what’s this? A new closed source app was just automatically installed on my phone.
“Android System Key Verifier”. Huh, I wonder what it does? -
Exactly. Also, there was a post a few days ago about google secretly installing an app on Android phones, something to do with automatically blurring nsfw images in messages. Who knows what else it is capable of, or if there's software on our phones that won't show up anywhere (list of apps, running processes, etc.).
Interesting times...
-
True that
-
Apparently so. It’s fucking wank.
-
For every dirty trick to obtain user data used by govs and companies, exist an dev which release an measure to show them the middle finger. It's so since more than 20 years.
-
No more secrets.
-
To think that thirty-so years ago it was jealousy that ired the West.
-
No more government secrets to right?
-
Always has been
-
no known precedent in major democracies
US already has laws that make it treason to leak any access given to US federal government, which may or may not share it with local police.
-
The phone companies store content for FBI backdoors in plaintext on their servers. Compromising Apple/Google servers would require attacker to also know encryption backdoor. RCS (Diffie Helman key exchange) can fake end to end encryption through man in the middle (ISP/Google/Apple). Database access to the party would have everything needed for plaintext retrieval, because fake keys would need to be stored along with users.
