Conversation

Notices

1. Embed this notice
   Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:14:51 JST Matthew Green

   Things have been relatively quiet on the “crypto wars” front, which makes me think we’re going to see something dramatic soon. Maybe not here in the US, but probably from another US-allied country.

   • Embed this notice
     Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:14:49 JST Matthew Green

     in reply to

     The one place where end-to-end encryption is “weakest”, ie where deployment rates are lowest, is *cloud backup*. This is, coincidentally, one of the best places for governments to obtain data.

   • Embed this notice
     Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:14:50 JST Matthew Green

     in reply to

     The question is *what*. Encrypted messaging seems to be proliferating and there are now many alternatives, from Apple, Meta, Signal. Many of those companies have threatened to leave countries that ban it. I have a hard time seeing any US-aligned country wipe that out.

   • Embed this notice
     Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:14:50 JST Matthew Green

     in reply to

     Local device encryption seems to be ubiquitous now. It’s really hard to see a country demanding that phones become unencrypted. There would be huge pushback globally. So again, where is the weak link that governments can push on?

     GreenSkyOverMe (Monika) repeated this.
   • Embed this notice
     Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:17:00 JST Matthew Green

     in reply to

     So maybe it would be good to give a lay of the land on this issue. Here is what I know about fully-E2E backup in major services:

     Apple iCloud: available as an opt-in (called ADP)

     Google: on for Android backups, if you use Google/Android backup (caveats)

     Meta/WhatsApp: available opt-in, sometimes by default (for texts)

   • Embed this notice
     Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:17:01 JST Matthew Green

     in reply to

     So why am I tweeting about this on a Saturday? Because something funny happened recently.

     I heard (thirdhand) from a person at Big Company X that they were under pressure to disable end-to-end encryption for cloud backup.

   • Embed this notice
     Matthew Green (matthew_d_green@ioc.exchange)'s status on Sunday, 02-Feb-2025 02:17:01 JST Matthew Green

     in reply to

     This is a company that has cloud backup E2E encrypted as a default. And so at first I assumed that this was just a business demand — that it was costing the company a lot to keep this service running. But now I’m getting more worried about it. Maybe I’m paranoid.

     GreenSkyOverMe (Monika) repeated this.