Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Would you trust encryption at the mobile keyboard layer?
3 points by dkatsura 12 hours ago | hide | past | favorite | 1 comment
Most private messaging advice says: use a secure messenger.

That makes sense for transport and server-side privacy, but every mobile message exists somewhere before it reaches the messenger. On Android that place is often the keyboard/input layer.

Questions:

- Would you ever trust a keyboard for encryption-related workflows? - What would such a keyboard need to prove before you considered it safe? - Is privacy at the input layer useful, or does it create too much trust friction? - Is local-only/no-network enough, or would you need open source/audit?

No product link. I am trying to understand the threat model and UX objections.

 help



No. Every keypress is mirrored to my provider and to Google over ipsec and HTTPS tunnels. Fondle-slabs are not for secure transactions. Even turning off all forms of spell checking does not disable this behavior, just reduces it slightly. Most security controls and encryption on cell phones are placebos that can be bypassed with JTAG debugging. To see this dampen the LTE signal forcing everything onto wifi ipsec tunnels. Get on your router. Once seen it can not be unseen.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: