That’s not what “private” means. If they have both keys, the wording “might be able to” is at best extremely misleading.
I mean, no yes man would enforce the fascist technocrat’ order of reading all those messages. You know, the same technocrat who bought Twitter with Saudi money to cripple resistance movements and steer the public toward the alt right. The one with a thing for eugenics.
No way. Impossible. Of course convenience never has a price tag.
/s for typical users of today’s Web
Which effectively means the messages aren’t encrypted. Cool.
It also effectively means they are reading those messages.
I mean they’re encrypted in transit. They’re just not end to end encrypted.
If anyone except you has the private key, then your private messages are not private.
To extend this, that includes YOU giving your key to another application to decrypt those messages.
For example if you use an app or browser extension, that app or browser extension has access to that key. Additionally the browser itself or operating system had access to the key.
Now they may be fully audited. They may have a great reputation. You may trust them. But they are part of the decryption (and if sending encryption) process.
It’s a chain of trust, you have to trust the whole chain.
It’s a chain of trust, you have to trust the whole chain.
Including the entire other side of the conversation. E2EE in a group chat still exposes the group chat if one participant shares their own key (or the chats themselves) with something insecure. Obviously any participant can copy and paste things, archive/log/screenshot things. It can all be automated, too.
Take, for example, iMessage. We have pretty good confidence that Apple can’t read your chats when you have configured it correctly: E2EE, no iCloud archiving of the chats, no backups of the keys. But do you trust that the other side of the conversation has done the exact same thing correctly?
Or take for example the stupid case of senior American military officials accidentally adding a prominent journalist to their war plans signal chat. It’s not a technical failure of signal’s encryption, but a mistake by one of the participants inviting the wrong person, who then published the chat to the world.
Are you so sure Apple doesn’t have your keys? How are they migrating the keys to your new device? It’s all closed source
The actual key management and encryption protocols are published. Each new device generates a new key and reports their public key to an Apple-maintained directory. When a client wants to send a message, it checks the directory to know which unique devices it should send the message to, and the public key for each device.
Any newly added device doesn’t have the ability to retrieve old messages. But history can be transferred from old devices if they’re still working and online.
Basically, if you’ve configured things for maximum security, you will lose your message history if you lose or break your only logged-in device.
There’s no real way to audit whether Apple’s implementation follows the protocols they’ve published, but we’ve seen no indicators that they aren’t doing what they say.
That’s good to know, thanks.
deleted by creator
Stop using fascist things.
Stores, websites, apps, cars, hosting, operating systems, and all other providers of goods/services should be audited by you. You should then ask yourself if you want to give them your money and/or your trust.
I’m trying, but they keep forcing it into devices I already own and even with turning it off in the settings sometimes it gets turned back on during updates. At least avoiding the X/shitter bot is easy enough, but the rest are just as invasive.
Out of curiosity what devices are giving you these issues? I may know of some alternatives depending.
Anything with a web browser. Work computers. Phone. Have to turn off the AI crap on all of those manually after they were added in updates.
Don’t really believe turning off the settings keeps them from farming data either, since they constantly lie about what data they collect and use for training.
For web browser’s, check librewolf or brave, I would lean further towards librewolf just because it’s oss which is something I value.
For search engines, we’re in a weird spot right now because Microsoft is restricting the use of Bing’s search API, but duck duck go is good, and ecosia as well, but they both may be in a rough spot soon.
Work computer you can’t do much other than ask your supervisor to ask about moving away from ai stuff, all you can do directly is limit your personal information on your work station.
For phones, If you have apple, sorry, if not, you could look into changing the operating system on it to something like e/os or graphene os, they are both operating systems that are focused on privacy and security.
If you need anymore information about my recommendations, I am happy to help.
On my desktop (windiws) I use Libre wolf for most things, but Firefox for YouTube because I’m signed in with my Google account for subs and stuff. I use FF for only youtube on the PC though, and yeah open source few.
I use Firefox on my phone as I don’t think Librewolf has a mobile version.
I use duck duck on all the browsers, but it is going downhill.
At some point I will switch desktop to Linux, just haven’t come up with a plan for backing up data to do a smooth transition. Keep putting it off when life stuff come up.
Xchat is an irc client though.
This is the first thing that came to mind. I used that for ao many years, then went on to Hexchat.
The one true XChat
inb4 the logo looks like this:
Nostalgia intensifies
I’m surprised nobody posted the surprised_pikachu.gif yet.
They control all the endpoints/clients so even if they didnt, they could change it at any moment as the code isnt open…
And yet people still keep using Twatter like it’s the only thing that has ever existed since the dawn of the internet. At this point, you deserve to get wrecked for still using this platform.
Yes and? Do people who use X really care about privacy. Everyone who even remotely cared already jumped ship and moved on to matrix, signal, Simplex etc.
And im not even mentioning the fact X is owned by a psychopath. But hey let’s pretend they care about your privacy.
deleted by creator
If a corporate entity made it and hosts it, and it isn’t foss, don’t chat on it.
There is another layer here. If you or the person you’re talking to are using an entirely unmodified android or apple phone, you don’t have any privacy even if you’re on TOR connected to an encrypted xmpp chat. Your entire existence is backdoored. The entire OS speaks back to its maker, especially that keyboard.
Enshittification continues
