End-to-End Encryption is only as good as the security stance of the person on the other side. If they're using Windows 11...
Für was würdest du dich entscheiden?
#mailboxorg oder #posteode ?
#datenschutz #e2ee #unplugtrump #privacy
Note, that #OMEMO has been taken directly from Signal, only adapted for #XMPP.
Most modern #Jabber clients default to OMEMO for one-to-one conversations nowadays. For private groups, I believe, users still have to enable it explicitely.
I'm not aware of any public Jabber server that would still accept non-TLS connections, so you have both transport #encryption and #e2ee.
@Internxt Why would they need to hack #e2ee when they can more easily take a detour around it?
https://social.vivaldi.net/@opensourceopenmind/113881794946085014
Signalgate is politically interesting, but what about the usability issues raised by the incident? My thoughts:
Generates random 16 bytes, transforms it to CryptoKey Object, encrypts it for RSA-key issuer
@oceanhaiyang I only can link to documentation why you should use @monocles over @Tutanota & @protonprivacy because both refuse to elaborate or support #SelfCustody of #Keys!
Also Proton snitched on their users - as will every single provider cuz #corporations can't invoke the right to remain silent!
Les CHATONS sont sympas mais si vous cherchez où héberger vos données en Europe, n'oubliez pas que tous les États membres de l'UE ne sont pas égaux en matière de loi sur la divulgation des clés de chiffrement.
Voir la page **Key Disclosure Law** sur Wikipedia[1] - la législation qui exige que les individus remettent les clés cryptographiques aux autorités.
Top pick :
- Allemagne
- Islande
- Belgique (avec réserve)
- Suisse (et encore)
If you're using Linux, and you're looking to set up encrypted network-accessible storage, I have a blog post describing how to do that using rclone.
https://michael.kjorling.se/blog/2024/setting-up-encrypted-remote-storage-on-linux-using-rclone/
You can use this with any storage backend that rclone supports, which is *many*:
Note that you'll need to have rclone on any system you want to access your files from.
Not sure if this qualifies as a QT or addendum to https://social.circl.lu/@quinn/114337209093756652
New Privacy Guides article 
by me:
Encryption Is Not a Crime
The war against encryption isn't new, but the quantity of data about us that needs protection is.
Despite the senseless attacks,
it is vital that we fight back to protect the right to using end-to-end encryption.
Encryption protects us all: https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/
Google rolls out easy End-to-End Encryption for Gmail Business Users.
Google says that after Gmail's new E2EE model rolls out, business users will be able to send fully encrypted emails to any user on any email service or platform without having to worry about complex certificate requirements.
![Gmail's new E2EE capability is powered by the client-side encryption [CSE] Workspace technical control that enables organizations to use encryption keys stored outside Google's servers and under their control to protect sensitive emails and documents.
<https://support.google.com/a/answer/10741897>
This ensures that all transmitted data is encrypted on the client before being sent to Google's cloud-based storage, which helps meet regulatory requirements, such as data sovereignty, HIPAA and export controls, by rendering it indecipherable to Google and third-party entities.
Gmail CSE has been available for Google Workspace Enterprise Plus, Education Plus and Education Standard customers since February 2023, and was introduced in Gmail on the web as a beta test in December 2022 after an initial rollout to Google Drive, Google Docs, Sheets, Slides, Google Meet and Google Calendar [in beta].](https://nerdculture.de/system/media_attachments/files/114/336/060/565/737/831/original/7f37334cc31fdf2e.jpeg "Gmail's new E2EE capability is powered by the client-side encryption [CSE] Workspace technical control that enables organizations to use encryption keys stored outside Google's servers and under their control to protect sensitive emails and documents.
<https://support.google.com/a/answer/10741897>
This ensures that all transmitted data is encrypted on the client before being sent to Google's cloud-based storage, which helps meet regulatory requirements, such as data sovereignty, HIPAA and export controls, by rendering it indecipherable to Google and third-party entities.
Gmail CSE has been available for Google Workspace Enterprise Plus, Education Plus and Education Standard customers since February 2023, and was introduced in Gmail on the web as a beta test in December 2022 after an initial rollout to Google Drive, Google Docs, Sheets, Slides, Google Meet and Google Calendar [in beta].")
@LukaszOlejnik
Part of the proposed changes relates to how orgs are classified and governed under the existing surveillance law.
In the proposed revision, smaller Digital Service Providers such as Threema and Proton would be subjected to similar surveillance rules (and deadlines) as the bigger ISPs today.
They are against it, fearing (rightly) that it would impose significant costs on them, to handle authorities' requests and develop/deploy/maintain a surveillance infrastructure comparable to that already in place at bigger companies and ISPs such as Swisscom, Salt, etc.
The other change of the proposition, is the access of (near) real time metadata.
On the positive side, e2ee and message contents are explicitly excluded from the surveillance.
I'm curious to see what the final proposition will look like regarding the SMEs.
Nouvel article #TechnoTrust !
Petit guide pour installer @signalapp sur iPhone ou Android.
Tech question: What event scheduling tools / platforms offer the best security against passive surveillance, and why?
(boosts welcome)
Florida’s New #SocialMedia Bill Says the Quiet Part Out Loud and Demands an #Encryption #Backdoor
#privacy #florida #e2ee #security
Signal persists in being unusably slow (https://teh.entar.net/@Screwtapello/114291134313279424) so I decided to learn more about Matrix's end-to-end encryption. Here's how I think it works, somebody tell me if I got anything wrong. 
Sigh. We are, as a security community, making good progress on some old as well as some new topics. #Rust, #Go, and other memory safe systems languages are going well and having a real impact in reducing memory safety issues - which has been the most important security bug class for decades, and we are finally improving! Compartmentalization and isolation of processes and services have now become common knowledge and the minimum bar for new designs. Security and privacy by design are being honored in many new projects, and not just as lip service, but because the involved developers deeply believe in these principles nowadays. #E2EE is finally available to most end-users, both for messaging and backups.
And again and again, we are forced into having discussions (https://www.theregister.com/2025/04/03/eu_backdoor_encryption/) about breaking all the progress.
Let me be clear for Nth time:
* We *cannot* build encryption systems that can only be broken by the "good guys". If they are not completely secure, foreign enemy states, organized crime, and intimate partners will break and abuse them as well. There is no halfway in this technology. Either it is secure or it isn't - for and against everybody.
* We *cannot* build safe, government-controlled censorship filters into our global messaging apps that are not totally broken under the assumption of (current or future) bad government policies and/or insider attacks at the technology providers (https://www.mayrhofer.eu.org/talk/insider-attack-resistance-in-the-android-ecosystem/). Either one-to-one communication remains secure and private, or it doesn't (https://www.ins.jku.at/chatcontrol/).
* We *cannot* allow exploitation of open security vulnerabilities in smartphones or other devices for law enforcement. If they are not closed, they are exploitable by everybody. "Nobody but us" is an illusion, and makes everybody less secure.
My latest recorded public talk on the topic was https://www.mayrhofer.eu.org/talk/secure-messaging-and-attacks-against-it/, and nothing factual has changed since then. Policymakers keep asking for a different technological reality than the one we live in, and that sort of thing doesn't tend to produce good, sustainable outcomes.
(Edited to only fix a typo. No content changes.)
CC @epicenter_works @edri @suka_hiroaki @heisec @matthew_d_green @ilumium
