zlacker

[parent] [thread] 9 comments
1. richso+(OP)[view] [source] 2025-12-18 12:10:27
Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK. <-- HTTPS does this. What about secure sites like baking sites that encrypt end-to-end? Old farts making laws about things they know nothing about.
replies(4): >>neilal+B >>arccy+O >>SirHum+N4 >>Comman+Ji
2. neilal+B[view] [source] 2025-12-18 12:15:25
>>richso+(OP)
> Old farts making laws about things they know nothing about.

Who's going to stop them?

replies(1): >>ykonst+4e
3. arccy+O[view] [source] 2025-12-18 12:16:48
>>richso+(OP)
baking sites, the most secure source of cookies
4. SirHum+N4[view] [source] 2025-12-18 12:48:47
>>richso+(OP)
>>> Old farts making laws about things they know nothing about.

We should probably stop saying and believing that. This is basically the UK government making a deal to the developers they cannot refuse: cooperate (install backdoors) or get prosecuted. The French tried to do something similar not so long ago.

A decade ago politicians genuinely didn’t know much about the internet so most of the laws were terribly ill informed good ideas. The new sweep of internet legislation like chat control, age verification and banning of vpns are much more dangerous because those pushing know exactly what they are doing.

replies(1): >>hs586+OF
◧◩
5. ykonst+4e[view] [source] [discussion] 2025-12-18 13:48:43
>>neilal+B
Young poops?
6. Comman+Ji[view] [source] 2025-12-18 14:10:26
>>richso+(OP)
Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates. Which I wouldn't be suprised they possess the ability through some type of secret warrant, heck even private keys.
replies(1): >>JoshTr+jN
◧◩
7. hs586+OF[view] [source] [discussion] 2025-12-18 15:57:17
>>SirHum+N4
Exactly this. I do not think this is a case of Hanlon's razor. Assuming incompetence or stupidity of the government officials trying to push for is very dangerous.

(Great username, btw, SirHumphrey)

◧◩
8. JoshTr+jN[view] [source] [discussion] 2025-12-18 16:25:35
>>Comman+Ji
> Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates.

Certificate Transparency thankfully means this is a tool a government could only use once if at all, and then they've burned an entire CA.

replies(1): >>Comman+c31
◧◩◪
9. Comman+c31[view] [source] [discussion] 2025-12-18 17:27:44
>>JoshTr+jN
Isn't certificate transparency opt-in, so any trusted CA could be a potential attack route.
replies(1): >>JoshTr+u91
◧◩◪◨
10. JoshTr+u91[view] [source] [discussion] 2025-12-18 17:56:46
>>Comman+c31
Browsers now require it to consider a certificate valid. Firefox, Chrome, and Safari all require a certificate to include proof of being logged in CT logs.
[go to top]