Make our voice heard at the Apple encryption hearing!
On the sly, the UK government tried to force a backdoor into the firewall that protects your privacy. We made the hearing public.
Now we need to win in court ✊
Donate now to fund legal representation ⬇️
https://action.openrightsgroup.org/make-our-voice-heard-apple%E2%80%99s-encryption-hearing
#e2ee #apple #encryption #privacy #cybersecurity #ukpolitics #ukpol #crowdfunder #surveillance #security
New #Disintermedia blog post, on the challenges of keeping communications private in networked software;
https://disintermedia.substack.com/p/get-a-room
As I say at the outset, I am not a security professional, and this is not security advice. I’m just an old school Direct Action activist and indymediatista, with some information to add to the mix. Add a grain of salt and stir well.
I mean, these ain't like in the old days where a few Megabytes got you #Pidgin and other Multi-Protocol Clients of the old days where everyone had to implement bespoke, custom and incompatible and *often completely undocumented, proprietary * protocols like #ICQ, #AIM, #SIPE, etc.
Does anyone know of any #FreeSoftware implementations of the #RCS encrypted messaging protocol? There is the nine year old
https://github.com/android-rcs/rcsjta I wonder if that is usable?
Hey @matrix, given recent events around the world, I think it would be really helpful to have a regularly reviewed security status page on your website, summarising all known information affecting the security of the Matrix protocol. Threat models, security audits, disclosed vulnerabilities and mitigations, etc.
If such a thing already exists, please link me!
Oh and @element, same for you and the software you steward.
"This article charts the privacy–public safety debate with a focus on its relevance to a sound philosophical, legal and ethical position on E2EE for Aotearoa New Zealand’s legal system ... Ultimately, Aotearoa New Zealand should adopt a technologically and legally defensible position rather than enacting emotionally clouded emergency legislation in the wake of a crisis exacerbated by E2EE."
#BejaminChristy, Public Interest Law Journal of New Zealand, 2022
https://www.auckland.ac.nz/en/law/our-research/research-publications/piljnz/past-issues.html
Magical backdoor only for "the good guys" is a complete fantasy 🔑✨
Let's say the strategy is akin to creating a MagicalKey that unlocks every door (a magical key because thinking encryption backdoors would only be used by "the good guys" is a great example of magical thinking).
Imagine only 1000 police officers have MagicalKeys.
Overtime, let's say only 1% of the police officers accidentally lose their MagicalKey. Now 10 MagicalKeys are lost in the wild and could be used by anyone else, for any purposes, including crime.
Then, let's say only 0.1% of police officers get corrupted by a crime gang. That's just one right? This corrupted "good guy" lets the gang create a double of the MagicalKey. Which crime gang wouldn't want a key that can magically open any door?
Now, the gang creates doubles of the MagicalKey they have. They use it subtly at first to avoid detection. They make sure they never leave traces behind, so victims have no idea their door got unlocked.
During this time, they steal your data, they sell it, they use it to impersonate you, they use it to harm you and your loved ones.
Then, another criminal figures out on their own how to emulate a MagicalKey without even having access to one.
The criminal creates a reproducible mold for this Emulated-MagicalKey and sells it to other criminals on the criminal market. Now, the MagicalKey™️ is available to any criminals looking for it.
Restrictions on the backdoor are off. Your personal data is up for grabs.
This is what is going to happen if backdoors are implemented in end-to-end encryption. But don't worry they say, "it's only for the good guys!".
At least, the criminals' data will also be up for grabs, right?
Nope! The criminals knew about this, so they just started using different channels that weren't impacted.
Criminals will have their privacy intact, they don't care about using illegal tools, but your legal privacy protections will be gone.
Backdoored end-to-end encryption isn't end-to-end anymore, it's just open-ended encryption. This offers pretty much no protection at all.
Extract from: https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/
🧪 Call for beta testers!
We're wiring up a Google Photos importer for our zeitkapsl desktop client. Problem is... we haven't touched Google Photos in years — so our test data is basically "hello world.jpg".
Got thousands of photos/videos on Google Photos? Help us throw real-world entropy at our importer!
🔐 Help us break things = 3 months free zeitkapsl
💬 Ping us if you're in!
🗓️ June 2025 status is live on the blog
🚀 🌻 Summer Release (2025.6.0) on the way
🏆 OW2 Community Award @ow2
📱🔒 Murena vault @murena
📰 CryptPad in use and in the news
All #encryption #e2ee experts around the world — please consider applying to save the EU from its own fuckwitted police ideas about “safe” backdoors
From: @aristot73
https://infosec.exchange/@aristot73/114756135579776190
No one should need to maintain multiple subscriptions or break end-to-end encryption to carry on a three-party email exchange with subscribers to one of the three services each, nor to invite the other two to an event in the calendar. Anyone should be able to view their work email and their private email in the same UI. And many customers will want to bulk drag and drop or cut and paste mail and events from their old Google or Microsoft accounts into their new Tuta, Protoon, or Mailbox accounts.
Make E2EE mail and calendars federated (i.e., protocol-compatible across competing services) and compatible with desktop clients (via a single cross-compatible locally client-hosted bridging server), and you'll remove one the main barriers to customer adoption.
A non-profit trade association (like the W3C, but for E2EE mail, contacts, and calendars) would be the best place for the copyright etc. in the bridging software, and the best employer for the lead maintainers of it. Eliminate the trade-off between vendor lock-in and privacy.
Other features are nice, but till no one needs multiple concurrent competing subscriptions, or multiple mail, contact, or calendar apps, other features are practically irrelevant. What uses is an overview of my personal calendar when I can only see my own schedule there, without the context of my work and university calendars in the same view?
A space for Bonfire maintainers and contributors to communicate
