Auteur: Simon Hobson Date: À: dng Anciens-sujets: Re: [DNG] Zoom? Rather not... Sujet: Re: [DNG] End-end encryption (was: Zoom? Rather not...)
marcxdv@??? wrote:
> Some people are going to say "not possible, the call is
> end-to-end encrypted". Actually no. Illustrative example: The
> intercept reported that zoom claimed end-to-end encryption,
> but instead had one shared key, and used ECB (a really poor
> way of using a cypher). That is why it works so well, as a
> single lost packet doesn't garble the rest of the stream. More
> importantly, unlike Balsamic Vinegar or Zero Percent Fat,
> there is little enforcement of what these terms mean, and
> governments are keen to weaken encryption further.
In Zoom's case, I believe it did in fact refer to "encrypted from user to data centre, then encrypted from data centre to other user" with an unencrypted bit in the middle. You could still argue semantics and say that it is encrypted at both ends ...
Now for WhatsApp, things are a little trickier. From what I read it is genuinely encrypted from one user end all the way to the other user - good right ? But at each end everything is stored unencrypted. But that's no problem, both IOS and Android enforce sandboxed storage on Apps so the unencrypted chats etc are safe ?
Well what Faceborg did was to subtly change things so that both WhatsApp and Facebook clients use the same sandboxed storage - meaning that the Faceborg client has free access to your WhatsApp chats - and therefore Faceborg itself has free access should it choose to take a peek.
And of course, we all trust Faceborg to to abuse such access don't we, after all they have no track record whatsoever of dodgy dealing or ignoring the law do they ?