Submitted 18 hours ago by Inkstainthebat@pawb.social to [deleted]
I’m aware of what end-to-end encrypted means in a technical sense, but does the lack thereof guarantee the messages are just plaintext readable to whoever’s manning the machine?
My guess is yes but I’ve been known to have wildly incorrect guesses so I want to double-check.
It would mean the server owner can almost certainly read everything. Though it may not be in plain text. It could be encrypted on the server. But the owner would need to have the keys to decrypt and read everything.
Technically yes. Likely they still use Transport Layer Security that will encrypt the messages in transit, but that encryption is controlled by the company, and not the end user. What that means is that your messages are safe from randos in the cafe on the same wifi as you, but if the company wanted to, they could read them. It also means that if messages are subpoenaed then they can hand over the unencrypted messages to the authorities.
I tried looking at their documentation to see what was going on under the hood, but there were a lot of connection errors and dead ends. They seem to be open source, though, so if you are so inclined you can comb through their code to see what kind of encryption they use.
Personally, I’d stay away. It doesn’t seem like something that I could put my trust in.
Note: stoat is self-hostable
Thanks for the stoat note.
…I’m sorry.
Last I read about it they weren’t planning on ever implementing federation. Hope they can change their minds.
bamboo@lemmy.blahaj.zone 18 hours ago
Probably yes. General rule of thumb is if you don’t control the keys, it doesn’t matter if it’s E2EE, your communications could be intercepted. Famously iMessage is E2EE but your keys are uploaded to iCloud under standard data protection. They say “Your iCloud data is encrypted, the encryption keys are secured in Apple data centers so we can help you with data recovery, and only certain data is end-to-end encrypted.” ^[support.apple.com/en-us/102651]. The encryption key is included in iCloud backups which is provided to law enforcement with a subpoena. ^[appleinsider.com/…/what-apple-surrenders-to-law-e…]
Even if a service claims it is E2EE, it’s still important to understand where that those encryption keys are stored, how they’re managed, and if security researchers have raised concerns about the E2EE claim.