Author Topic: The last days of secure end-to-end encryption?  (Read 810 times)

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 14693
  • Karma: 1862
  • Trained Attack Sheepdog/Troll hunter
    • Website Maintenance and Online Presence Management by Mr. Bill
The last days of secure end-to-end encryption?
« on: July 28, 2019, 07:20:35 PM »
"Secure" end-to-end encryption with a convenient backdoor, invented by Facebook under pressure from most of the world's governments:

Quote
...Facebook announced earlier this year preliminary results from its efforts to move a global mass surveillance infrastructure directly onto users’ devices where it can bypass the protections of end-to-end encryption.

In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.

The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.

Facebook’s model entirely bypasses the encryption debate by globalizing the current practice of compromising devices by building those encryption bypasses directly into the communications clients themselves and deploying what amounts to machine-based wiretaps to billions of users at once. ...

More here:
Forbes: The Encryption Debate Is Over - Dead At The Hands Of Facebook

The issues that we worried about in the 1990s are becoming reality via routes we didn't anticipate.  But gosh, it's so convenient to have Google and Facebook and Amazon monitoring everything we do.

I think there's one spot where the author's forecast is a decade too early:

Quote
...While some phone manufacturers could distinguish themselves by offering bespoke phones with custom operating systems that do not include such scanning... Over time, it is likely that many governments will simply pass laws banning the possession and use of such devices...

Not yet.  We've still got Linux, and we've got increasingly small and convenient devices to run it on.  It's not possible to ban Linux because the whole Internet would die, and it's not feasible to ban personal devices that can run Linux because a ten-year-old laptop from the back of your closet is still adequate.

Other than that, I think he's pretty close.  The general public will lose access to secure encrypted communications.  But most of them don't use it now, don't see why they'd want it, and won't notice the difference.

Offline fritz_monroe

  • The Defenestrator
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8369
  • Karma: 151
    • The Homestead Fritz
Re: The last days of secure end-to-end encryption?
« Reply #1 on: July 29, 2019, 03:17:32 PM »
Unfortunately my kids generation don't care a bit about privacy.  Many of them will post anything they do without any concern of who is seeing it.

There are a few Linux phone OSes around.  But I don't know of anyone that's made use of them.  I also think they are too early in their development to use on my main phone.  If I were to install a Linux phone OS, it would be on a spare phone as an experiment.

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 14693
  • Karma: 1862
  • Trained Attack Sheepdog/Troll hunter
    • Website Maintenance and Online Presence Management by Mr. Bill
Re: The last days of secure end-to-end encryption?
« Reply #2 on: July 29, 2019, 03:56:50 PM »
There are a few Linux phone OSes around.

There's also Termux.  I've been playing around with it a little.  It's basically a Linux operating system running under Android; no rooting required.  Most Linux command-line software, and apparently some GUI-based software, will run on it.  Until Google makes it impossible to install this, or implements operating-system-level spying on what it's doing, it gives you a bit of independence.

I've been lusting after this toy -- Gemini PDA -- but I can't justify the price tag at present.

Another option would be to use a Linux laptop or pocket-size computer, and merely use your cellphone as the computer's Internet access (or use Wi-Fi).  Not so convenient for most people to carry two devices, but on the other hand using the tiny screen and lack-of-keyboard on a smartphone is darned inconvenient too.

Offline fritz_monroe

  • The Defenestrator
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8369
  • Karma: 151
    • The Homestead Fritz
Re: The last days of secure end-to-end encryption?
« Reply #3 on: July 29, 2019, 05:56:50 PM »
Until Google makes it impossible to install this, or implements operating-system-level spying on what it's doing, it gives you a bit of independence.
According to ZDNet, all future Chromebooks will be Linux compatible.  linky linky  Part of the problem with Linux on a phone is lack of hardware compatibility.

I've been lusting after this toy -- Gemini PDA -- but I can't justify the price tag at present.
Very nice looking toy.  But wow, you're talking $600-$750.  I'm a big fan of PDAs.  I had a Palm Pilot when they first came out.  I'm not a big fan of any all-in-one solution.  I use my smartphone all the time, but I sure would prefer to have a PDA and a separate phone.

Offline iam4liberty

  • Survival Demonstrator
  • *******
  • Posts: 3786
  • Karma: 304
  • New TSP Forum member
Re: The last days of secure end-to-end encryption?
« Reply #4 on: July 29, 2019, 09:51:12 PM »
I've been lusting after this toy -- Gemini PDA -- but I can't justify the price tag at present..

Oh, you got to get one with a Dvorak keyboard!  That is serious cred!

Offline FreeLancer

  • Global Moderator
  • Survival Veteran
  • ******
  • Posts: 6119
  • Karma: 772
Re: The last days of secure end-to-end encryption?
« Reply #5 on: July 29, 2019, 10:09:27 PM »
I've been on the fence for a few months about trying a Purism laptop.  They're expected to release a smartphone later this year.  It all sounds good, in theory, but I have my doubts about real-world usability.

Quote
Our products are designed from the hardware on up to respect you and your digital life, they come with physical hardware kill switches for your camera and microphone, with all known hardware backdoors completely neutralized and disabled (Intel Management Engine), running a curated freedom-respecting operating system and software applications, for maximum protection. We put your security at the forefront, and our laptops and smartphones will never invade your privacy.


The problem with end-to-end encryption is that I can't ever find anyone on the other end who's up for it.  PGP and ProtonMail are effective products, but not when everyone else uses Gmail.

Offline Docwatmo

  • May Ignite Spontaneously
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8706
  • Karma: 259
  • The Prepper Rising from the Ashes
Re: The last days of secure end-to-end encryption?
« Reply #6 on: July 30, 2019, 08:13:52 AM »
I've been on the fence for a few months about trying a Purism


The problem with end-to-end encryption is that I can't ever find anyone on the other end who's up for it.  PGP and ProtonMail are effective products, but not when everyone else uses Gmail.

This is why I haven't adopted it.  I tried several times for years, but could never find enough end users in my list to make use of it.

Doc

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 14693
  • Karma: 1862
  • Trained Attack Sheepdog/Troll hunter
    • Website Maintenance and Online Presence Management by Mr. Bill
Re: The last days of secure end-to-end encryption?
« Reply #7 on: July 30, 2019, 02:58:24 PM »
Reuters, 7/30/19: 'Five Eyes' security alliance calls for access to encrypted material

Quote
...After a two-day summit in London, senior ministers from the group comprising the United States and allies Britain, Canada, Australia and New Zealand, said encryption should not come at the expense of the public’s safety.

“We are concerned where companies deliberately design their systems in a way that precludes any form of access to content, even in cases of the most serious crimes,” the group said in a statement following the conference.

“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.”...

“Encryption presents a unique challenge. We must ensure that we do not stand by as advances in technology create spaces where criminal activity of the most heinous kind can go undetected and unpunished,” [US Attorney General] Barr said after the security summit.

Britain’s Home Office said that the tech industry, which took part in a roundtable with ministers, agreed to collaborate with the Five Eyes on a set of voluntary principles, which will be drawn up by the end of the September, on steps to combat child sex abuse, including the growing threat of livestreaming.

Emphasis added.  I'm not sure which members of "the tech industry" made this agreement, but I can guess who was included and who was omitted.

As for "advances in technology", public key cryptography was proposed in 1874(!) and was developed into practical tools between 1973-1978.  The first version of PGP was released in 1991.  So Barr is complaining about "advances" that were literally made over 40 years ago.

Offline fritz_monroe

  • The Defenestrator
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8369
  • Karma: 151
    • The Homestead Fritz
Re: The last days of secure end-to-end encryption?
« Reply #8 on: July 30, 2019, 05:47:57 PM »
I've been on the fence for a few months about trying a Purism laptop.  They're expected to release a smartphone later this year.  It all sounds good, in theory, but I have my doubts about real-world usability.
Looks like good stuff, but I can't justify $699 for a phone that I don't know will receive support in the future.

Offline FreeLancer

  • Global Moderator
  • Survival Veteran
  • ******
  • Posts: 6119
  • Karma: 772
Re: The last days of secure end-to-end encryption?
« Reply #9 on: July 30, 2019, 06:32:36 PM »
Looks like good stuff, but I can't justify $699 for a phone that I don't know will receive support in the future.


That's the problem with online security and privacy being a niche market.

Offline fritz_monroe

  • The Defenestrator
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8369
  • Karma: 151
    • The Homestead Fritz
Re: The last days of secure end-to-end encryption?
« Reply #10 on: July 30, 2019, 07:48:38 PM »

That's the problem with online security and privacy being a niche market.
Yep, there's quite a cost to it.  If I didn't have a kid in school and another one starting in 2 years, maybe I'd go for that. But I use Tracfone, so I buy unlocked phones and try to keep them under $200-ish.

Offline Bradbn4

  • Dedicated Contributor
  • ******
  • Posts: 1278
  • Karma: 38
Re: The last days of secure end-to-end encryption?
« Reply #11 on: August 01, 2019, 04:54:25 PM »
For phones it is possible to slide load a new OS that was built by you to include various secure options.  At least that was possible a few years back when I looked at that subject.  So you can limit what is installed; where it is installed, etc.    I buy cell phones for use that are not locked so I have the ability to use what Cell network I chose (assuming the my hardware is compatible with their network).   My current phone is a google Pixel 3a, the low cost google phone.  For support for hacking the phone to get it to do what I want I would head over to https://forum.xda-developers.com/pixel-3a

For phones that don't want to just use cell phones for communication and their 10 year old laptop is pushing up daisies, a Raspberry Pi 4b might be worth looking at.
 
I have been testing a new version of the Raspberry PI 4B and have found that the new hardware upgrade performs fantastic...for a sub 40 dollar pico computer.  There is one known problem with compatibility with USB Type-C cables.  Also the device can be a bit of a power hog compared to older versions.  So the right power supply is needed.

The other problem is that the device dose run hot in the approved RP4B case.  No real worries for danger to hardware, the RBP4 will slow down during heat management.  A small fan / heat sink can be added to let the RB4B run longer at turbo speed.  So if you are looking for a computer than can do some simple word processing, surf the web; and watch you tube videos in low res, this might be an option.

So what has this to do with secure communications?  With a bit of work it is possible to tie two Raspberry PI computers over a normal network and secure your data transfers.  This hardware solution does not offer anything unique over running Linux on a laptop. Other than the fact that the hardware is dirt cheap and very small.   

The hardware small enough to use double sided tape to stick it to the back of your current monitor for use.   Versions of the RBP4 differ by the amount of ram that is installed.  (1, 2, and 4 gig models can be found, with the 4 gig models in short supply)

My current project is to see if I can use the RBP4B along with an old LCD display to provide access / control over 2 video security cameras.  In the past I have used various older Raspberry PI computers for NAS (network attached storage), print server, media server.    As a print server it worked fine, the old RBPi 2 was too slow to be used as a NAS controller, but it did work.   As a media server once the channel was locked in the quality of the output was fine.   ROKU and other dedicated devices have a better user interface and work better on streaming data sources.

ecuritysay ancay ebay oneday inyay anymay ifferentday aysway . otnay ustjay ithway ardwarehay .

"Security can be done in many different ways. Not just with hardware."