Encrypt-Keeper @ EncryptKeeper @lemmy.world

Posts

4

Comments

1,429

Joined

2 yr. ago

I'm saying that a company can just arbitrarily decide (like you did) that the server is the "end" recipient (which I disagree with).

They cannot. Thats not how E2EE works. If they can arbitrarily decide that, then it isn’t E2EE.

That can be done for chat messages too.

It cannot, if you’re using E2EE.

You send the message "E2EE" to the server, to be stored there (like a file, unencrypted), so that the recipient(s) can - sometime in the future - fetch the message, which would be encrypted again, only during transport.

That’s not how E2EE works. What you are describing is encryption that is not end-to-end. E2EE was designed the solve the issue you’re describing.

This fully fits your definition for the cloud storage example.

It does not. Cloud storage is a product you’d use to store your data for your own use at your own discretion.

I would argue that the cloud provider is not the recipient of files uploaded there

It is if you uploaded files to it, like on purpose.

You’re confusing E2EE and non E2EE encryption.

No it doesn’t, and I defined E2EE exactly one way. E2EE stands for “End to end encryption”, which means it’s encrypted at one end, decrypted at the other end, and not in the middle.

It doesn’t matter if they store a copy of your message on an intermediary server, the keyword there is intermediary. They are not the recipient, so they should not have the ability to decrypt the content of the message, only the recipient should. If they are able to decrypt your message, despite not being the recipient, it’s not E2EE.

A cloud drive is an entirely different case because the cloud drive is not an intermediary. They literally are the second E in E2EE. A cloud drive can have the ability to decrypt your data and still be E2EE because they are the recipient. You both seem to be under the impression that a cloud drive is an “intermediary” between your devices but it’s not. It’s a destination.

To explain it a bit simpler, imagine we’re in elementary school sitting at our desks and you’re sitting two desks away from me with one person between us:

E2EE = I encrypt my note with a simple cipher that I shared with you and only you before class. I pass my note to the kid between us to pass to you. He can’t read the note, and if he writes down a copy of my note before passing it to you it doesn’t matter because he still won’t be able to read it because he’s doesn’t have the cipher because he’s not the recipient, you are. He passes you the note and you can do whatever you want with it, including decrypting it, because you know the cipher. All the E2EE has done is ensured the kid in the middle can’t read the note. It has nothing to do with whether or not you can read the note.

Zero Access Encryption = I encrypt my note with a cipher that only I know. The kid in the middle can’t read this note, and neither can you. Then I use E2EE to encrypt that with a different cipher, the one that you do know, and hand the note to the kid in the middle to hand to you. The kid in the middle can’t read the note, and neither can you.

It’s not that I disagree with you on principle, I think you’re just kinda mixing up scenarios here, and the purpose of E2EE. E2EE refers to in transit data specifically. #1 should never be where your mind goes because E2EE does not imply your data will be encrypted at rest at the destination, that’s not what it’s for. E2EE is a critical factor when the untrusted facilitator party is between you and your intended recipient, not the recipient themselves.

Like in your scenario of a “cloud drive”, E2EE would not be a selling point of that service. The term you’re looking for in that scenario is “zero access encryption”.

Like you’re correct that E2EE does not imply that data stored in the cloud is encrypted at rest, but that’s because it isn’t meant to. Like this isn’t a dirty marketing trick. E2EE just needs to do what it says on the tin, which this X chat does not because they in order for it to be E2EE, it needs to be the case that only the recipient can decrypt it.

I mean TLS is also encryption in transit, it’s in the name. And it would sorta be end to end if you’re terminating TLS at the end you’re trying to talk to.

I mean they’re encrypted in transit. They’re just not end to end encrypted.

Yeah it definitely does not work in this case. Spent many hours online looking through threads of people with the same problems, but no real solution. I think it has something to do with Unraids MFS implementation. Might be a little older. Only way to get it to work is have a script run every 10 minutes to check for the drive and if it’s not mounted, mount it. Works well enough.

I’m using UnRAID for storage and getting another Linux machine to mount a share on boot has been an exercise in futility so I get it.

Not if you use a vpn. Being that this is Selfhosted, the best idea is to just host your own Recursive DNS server.

Yeah the excitement comes from the fact that they’re thinking of replacing themselves and keeping the money. They don’t get to “Step 2” in theirs heads lmao.

TBH idk how people can convince themselves otherwise.

They don’t convince themselves. They’re convinced by the multi billion dollar corporations pouring unholy amounts of money into not only the development of AI, but its marketing. Marketing designed to not only convince them that AI is something it’s not, but also that that anyone who says otherwise (like you) are just luddites who are going to be “left behind”.

Is the different from the last co-op mode with Stone and Knight?

Airport security was nationalized as the TSA. Aside from that no.

I am pretty rabidly anti-AI in most cases, but the use case for AI that I don’t think is a big negative is the distillation of information for simplification purposes. I am still somewhat against this in the sense that at the end of the day their summarization AI could hallucinate, and since they’ve admitted this is a solution to a problem of scale, then it’s not sensible to assume humans will be able to babysit it.

However… there is some inherent value to the idea that people will end up using AI to summarize Wikipedia using models of dubious quality with an unknown quantity of intentionally pre-trained bias, and therefore there is some inherent value to training your own model to present the information on your site in a way that is the “most free” of slop and bias.

There are tons of apps that you use that are just well packaged PWAs, packaged as an app store app

So… native apps, that interface with a PWA using a web view or something.

There’s the kicker.

Half of the equation is that those making the PWA need to make it well. The other half is that the platform you install it on has to support it well. And Google and Apple have decided to support PWAs as little as possible (in some cases removing support for them altogether. See Apple removing the ability to use them entirely in the EU). And since those two companies make the two most commonly used mobile OS’… well it’s better to just go with a native app.

The #1 biggest problem with PWAs on iOS for example is the lack of push notification support, which for a lot of apps is a nonstarter. Is that the PWA makers fault? No. Does it make that PWA suck anyway? Yes.

I’m well aware of why they’re terrible, (Safari as well). However the unfortunate result is that they are terrible.

Because PWAs are terrible unfortunately.

Because this is the selfhosted community, not the FOSS community. There is some overlap, but they are different. There are many reasons to not use Plex, it not being free and open source are not among them.

I feel like I should give this game a try but the awful name “Lies of P” is so bad it turns me off the game so hard lol.

It’s also the game they’re giving away with purchases of the 50 series Nvidia cards.