this post was submitted on 05 Jul 2025
35 points (100.0% liked)

Applied Paranoia

68 readers
1 users here now

Discussions of Paranoia, how to apply it in a digital ecosystem (Security, Privacy, Tools, Applications, Questions)

Rules

  1. Be nice
  2. Stay on topic
  3. Don’t farm rage
  4. Be respectful of others

founded 6 months ago
35
End to End Encryption doesn't matter if there is a spying agent running on both ends of the conversation (infosec.pub)
submitted 4 weeks ago by jet@hackertalks.com to c/applied_paranoia@dubvee.org
4 comments fedilink hide all child comments
 

Any platform that says it's end to end (E2E) encrypted, but has spam detection, adult content detection, fraud detection, etc is being creative with the E2E concept

The only way these filters are possible are because

  • 1 A central service can view the messages
  • 2 A "agent" such as a LLM is running on every device scanning messages and phoning home to a central service when it's triggered.

In either scenario the message autonomy and self-agency has been removed from the End users. Having a point to point secure audio bridge is nice, but useless if every call has to be attended by a political officer.

If you care about end to end encryption please use a open source program that has been audited, doesn't have local tattle agents running on your device, and gives you control of your own data.

i.e. https://www.privacyguides.org/en/real-time-communication/

top 4 comments
sorted by: hot top controversial new old
[–] SEND_BUTTPLUG_PICS@lemmy.zip 8 points 4 weeks ago (1 children)

I use Signal with my friends and family but I often wonder how secure our devices are. As a layperson, it seems that Signal's E2E encryption is secure but I wonder if the keyboard I use is keeping a record of what I type or if my device's clipboard might keep track of what I copy/paste. Hell Android could be taking screenshots and sending them to the FBI and I'd have no idea.

E2E is great but I don't think it's a silver bullet for private communication.

[–] jet@hackertalks.com 6 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

You are 100% right, it is not a silver bullet! It's part of the basic toolset necessary to build private communication. It's a great step, and good job on having your friend's and family join you!

https://support.signal.org/hc/en-us/articles/360055276112-Incognito-Keyboard

Signal let's you ask the OS for the Incognito keyboard that "shouldn't" remember what you type, or phone home.

Depending on your threat model you could build a more secure communication stack for specific use cases - i.e. a GrapheneOS phone with only signal and a double hop VPN.

sending you a buttplug pic

Am I doing it right?

[–] SEND_BUTTPLUG_PICS@lemmy.zip 1 points 4 weeks ago

That's pretty cool that Signal has an option for that, I had no idea.

I would like to run an OS other than the one that shipped with my device but I don't think there are many options that are supported and TBH I probably don't need a separate device just for private communication. I do value privacy but I also don't have much to hide so I'm not super concerned at the moment though it's good to know for the future in case that changes.

[–] jet@hackertalks.com 3 points 4 weeks ago

Great talk by techlore on whatsapp https://youtu.be/vgVI5Ba9Trc

He brings up a great point - if the "backups" of a end-to-end app are not encrypted... that the whole exercise is also moot.