Hacker News new | past | comments | ask | show | jobs | submit login

>E2E encryption is kind of a fucky thing, some suggest it is fundamentally impossible for central web services and even mobile / desktop apps

"some suggest" How about you actually name some competent people who suggest this?

>Basically, if there is a third party involved in the code besides Alice and Bob, the two can never guarantee E2E encryption.

Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!

>Anyways, Telegram does seem to have the best encryption of any major service, and it's what we use at my company for almost all internal communications.

Why do you think this? This is such a fundamentally ridiculous claim, I find it absolutely fascinating that someone might arrive at this conclusion.




> How about you actually name some competent people who suggest this?

As I don't remember the name of everybody I read about, it would take significant effort to go find the source.

It's much simpler to prove the concept logically:

Any time you're communicating on a service provided, programmed, and updated by at least one third party, it is fundamentally impossible to guarantee E2EE without being omniscient of what they're doing.

This is simply because the unen/decrypted data is in the software at some point in time, and the third party controls the software.

> Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!

I did not say or imply this in any way, and no it is neither an insane nor dishonest argument, it's just a consequence of allowing a third party to control your data.


An upvote for that just to prove that we can agree as long as we stick to the facts however harsh they are.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: