this post was submitted on 10 Jun 2025
471 points (99.4% liked)

Technology

71585 readers
3389 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
471
An analysis of X(Twitter)'s new XChat features shows that X can probably decrypt users' messages, as it holds users' private keys on its servers (blog.cryptographyengineering.com)
submitted 1 week ago by Pro@programming.dev to c/technology@lemmy.world
42 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Lifter@discuss.tchncs.de 0 points 1 week ago (5 children)

You probably didn't understand me. I'm saying that a company can just arbitrarily decide (like you did) that the server is the "end" recipient (which I disagree with). That can be done for chat messages too.

You send the message "E2EE" to the server, to be stored there (like a file, unencrypted), so that the recipient(s) can - sometime in the future - fetch the message, which would be encrypted again, only during transport. This fully fits your definition for the cloud storage example.

By changing the recipient "end", we can arbitrarily decode the message then.

I would argue that the cloud provider is not the recipient of files uploaded there. In the same way a chat message meant for someone else is not meant for the server to read, even if it happens to be stored there.

[–] Lifter@discuss.tchncs.de 0 points 1 week ago (3 children)

Alternatively, we need to stop saying E2EE is safe at all, for any type of data, because or the arbitrary usage.

[–] EncryptKeeper@lemmy.world 0 points 6 days ago (2 children)

We don’t need to stop saying E2EE is safe, because it is. There is no arbitrary usage. Either it’s E2EE. If a company lies to you and tells you it’s E2EE and it’s not E2EE that’s not arbitrary usage, it’s just a lie.

[–] Lifter@discuss.tchncs.de 0 points 6 days ago (1 children)

You are obviously not interested in listening to a word I'm saying. Goodbye.

[–] EncryptKeeper@lemmy.world 0 points 5 days ago

You’re talking about things that you don’t understand on a fundamental level. Maybe stick things you do understand?

load more comments (1 replies)