I'm not messaging to you but to HN via E2E https connection.
You can't read that messages as they are transported, you can read them afterwards because HN makes them public not because my message wasn't send encrypted.
You seem to be mistaken about what the "ends" refer to in end to end encryption. If I whisper something in my friend's ear and she whispers it into your ear, that is not a secret message between you and me even if each "hop" was private.
E2E means no intermediaries see the plaintext, only the original sender and ultimate recipient see the plaintext. HN is not the recipient of your message, it's an intermediary.
With HTTPS alone, I can assure you that HN is, indeed, the recipient/end. If you post something like a PGP-encrypted message on HN, now you've got a situation where HN is no longer a recipient/end.
I think the better point to make is that we all collectively agree to refrain from using the term "end" (as in E2EE) in situations like the former, as it's misleading despite being accurate; please only use it for the latter.
Messenger like the telegram are something different than sites like HN.
I am aware that I send my messages to HN, they are not forwarded to you but you open the HN page to read my response.
HN is more like a message board with message hierarchy.
The communication is public, the transmission path is encrypted.
I am aware that I send my messages to HN, they are not forwarded to you but you open the HN page to read my response.
HN is more like a message board with message hierarchy.
The communication is public, the transmission path is encrypted.
It's more like whispering in your friends ear and she/he writes in down and pins it to a public board. My communication was private, but he/she is a chatterbox and I'm well aware of that.
Telegram is just the middleman between sender and receiver.
When you write on HN, the receiver is HN. That message is transported via E2E https encryption so it's secure.
But because HN displays all messages publicly you can read them after they were received.
This doesn't change the fact that the transport as such is E2E.
Ideally it would be the human at each end doing the encrypting and decrypting. But humans can't be bothered, so we let some code that we know very little about do it for us. Obviously having that code run on the client device (the one in your hand) is preferable to having it run elsewhere (like some web server), but either way the human (the true end) is delegating the job to an entity that isn't quite at the end, it's ever so slightly toward the center.
Things like PGP help to maximize the endianness, since the human has a better sense that the crypto software is legitimate, and can read the code before executing it, although there's still plenty of points of compromise between that code and the human (compiler, Intel ME, etc.) so unless you're doing crypto with a pencil and paper, you're always putting your trust somewhere that isn't precisely the "end."
That your message is transferred from your computer to the recipient, HN's servers, encrypted. At no point should anyone in the middle be able to read your message. After arrival, HN then publishes it on a public forum for everyone to see.
Kind of, but as they aren't lying about allowing private conversations not really. More saying https is end to end encrypted, but what one end does with that data isn't necessarily private.
>End-to-end encryption (E2EE) is a system of communication where *only the communicating users can read the messages*. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, *and even the provider of the communication service* – from being able to access the cryptographic keys needed to decrypt the conversation.[1]
If the server can read the content, it isn't end-to-end encryption.
The server is the communicating user in this instance, it is the intended recipient of the message. No potential eavesdropping can happen.
Even though I intend for you to read this message, I am sending it to the HN server to post publicly. My communication with HN is E2EE, my communication with you is not. This isn't meant to be useful information, and it certainly isn't advice. It's just an accurate nonstandard way of looking at things.
