(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Question: “What do you mean by ‘standalone end-to-end encryption’ and what does [Frances Haugen] mean?”

2021-10-27 18:40:48+00:00

A journalist meant “what do [I] mean by ‘standalone’ end-to-end encryption”:

Here’s my response:

What is Standalone End-to-End Encryption? What are the alternatives?

Some products [e.g. apps] aim to do one thing, and one thing well. They are unifunctional, and it’s easy to see where end-to-end-secure-message-passing plays its role. Signal is one: there are people, presumably (but not really) the people are the “ends”, and the messages pass between them.

And then you get a product like – to swap to something other than Facebook for a change – “The Entire Apple Ecosystem”

There, Apple have defined “end = customer” (and all their enrolled devices, see also the thing I glossed over in the Signal description) and then they build a kind of “fabric” of E2E-secure privacy amongst all those devices on behalf of the user — AS WELL AS using the E2E fabric for sending messages between human beings, THEY ALSO use that same fabric to share (say) Bookmarks amongst all your Safari Browser instances.

Stuff that Apple use customer End-to-End Encryption to replicate/share. Link above.

So what is Frances Haugen saying?

You already know what the Crypto Wars are, and that Governments have strong opinions about them not-having-access-to-encrypted-data?

Yet FH is literally saying “Facebook are building this encrypted messenger and [we do/she does] not know what it looks like yet, so we need Government to regulate FB to assure that it is *real* end-to-end-encryption” – and there are multiple issues with this:

it would be “putting the fox in charge of the henhouse” from a cryptowars perspective there is no extant measurable definition of end-to-end encryption; I know because I am drafting one who says that regulators should have a say in what and how Facebook deploy E2EE – would the usage be like Signal, or like Apple? Why should a regulator be involved? Who regulated the Apple one?

And all that ignores the other stuff she says, where she is essentially channeling AgeVerification propaganda, along the lines of “Facebook need to work out how to stop children being so damn creative and clever in creating alternative Instagram accounts, in order to keep them safe and secure from others like them.”
[END]

[1] URL: https://alecmuffett.com/article/15121
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

BoingBoing via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.