Update 6/10: Based on a short conversation with an engineering lead at X, some of the devices used at X are claimed to be using HSMs. See more further below. Matthew Garrett has a nice post about T…
To extend this, that includes YOU giving your key to another application to decrypt those messages.
For example if you use an app or browser extension, that app or browser extension has access to that key. Additionally the browser itself or operating system had access to the key.
Now they may be fully audited. They may have a great reputation. You may trust them. But they are part of the decryption (and if sending encryption) process.
It’s a chain of trust, you have to trust the whole chain.
It’s a chain of trust, you have to trust the whole chain.
Including the entire other side of the conversation. E2EE in a group chat still exposes the group chat if one participant shares their own key (or the chats themselves) with something insecure. Obviously any participant can copy and paste things, archive/log/screenshot things. It can all be automated, too.
Take, for example, iMessage. We have pretty good confidence that Apple can’t read your chats when you have configured it correctly: E2EE, no iCloud archiving of the chats, no backups of the keys. But do you trust that the other side of the conversation has done the exact same thing correctly?
Or take for example the stupid case of senior American military officials accidentally adding a prominent journalist to their war plans signal chat. It’s not a technical failure of signal’s encryption, but a mistake by one of the participants inviting the wrong person, who then published the chat to the world.
To extend this, that includes YOU giving your key to another application to decrypt those messages.
For example if you use an app or browser extension, that app or browser extension has access to that key. Additionally the browser itself or operating system had access to the key.
Now they may be fully audited. They may have a great reputation. You may trust them. But they are part of the decryption (and if sending encryption) process.
It’s a chain of trust, you have to trust the whole chain.
Including the entire other side of the conversation. E2EE in a group chat still exposes the group chat if one participant shares their own key (or the chats themselves) with something insecure. Obviously any participant can copy and paste things, archive/log/screenshot things. It can all be automated, too.
Take, for example, iMessage. We have pretty good confidence that Apple can’t read your chats when you have configured it correctly: E2EE, no iCloud archiving of the chats, no backups of the keys. But do you trust that the other side of the conversation has done the exact same thing correctly?
Or take for example the stupid case of senior American military officials accidentally adding a prominent journalist to their war plans signal chat. It’s not a technical failure of signal’s encryption, but a mistake by one of the participants inviting the wrong person, who then published the chat to the world.
Are you so sure Apple doesn’t have your keys? How are they migrating the keys to your new device? It’s all closed source