E2EE

After Snowden’s revelation, E2EE received a lot of attentions as a technology to protect user privacy from mass interception and surveillance of communications carried out by governmental organizations such as NSA and GCHQ. Supposedly, end-to-end encryption (E2EE) is a defence against MitM attacks.

Yet most E2EE systems are secure against only the weakest passive adversaries, breakable not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions. Unencrypted metadata and access patterns make these systems susceptible to inference attacks. And recently made laws seem to have been made to prepare the way for agencies to legitimately gather encrypted data via backdoors and ghost protocols.


  • Last modified: 2019/08/25 19:23