Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Would that still count as E2E-encrypted if another party has access? That would still count as lying to me.


To call it lying is just arguing about the meanings of words. This is literally what lawyers are paid to do. The data payload can be called end to end encrypted. You can easily say to the user that "your emails are encrypted from end to end, they are encrypted before it leaves your computer and decrypted on the receivers computer" without talking about how your key server works.

Systems that incorporate a method to allow unlocking using multiple keys don't usually advertise the fact that this is happening. People may even be legally obligated to not tell you.


Well Wikipedia says this about E2E:

“End-to-end encryption (E2EE) is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to read or send messages.”

So if you send another set of keys to someone else, it’s obviously not E2E.


This is a high level description of intent (by a third party), not a legal promise.

This is not enforceable and promises that are not enforceable are usually seen by BigCos of today as optional. My 2c.


Well I wasn’t saying I would sue them, I was arguing this:

> It is possible to set up end to end encryption where two different keys unlock your data. Your key, and a government key. I assume google does this.

Which by definition is wrong (unless the government is a party in the communication you want to E2E-Encrypt).


I agree completely that it is wrong in spirit. But wikipedia's text is a definition, not the only existing one. And for practical use even the most obvious definitions have legal caveats.

For example, asking for 10 gallons of soda at a restaurant advertising unlimited refills will not fly, even though virtually everyone will agree on the definition of the term "unlimited". My 2c.


I believe the point being made here is that some governments legally mandate that they are a party in communication.


> To call it lying is just arguing about the meanings of words.

Or, as us lowly laypeople call it, lying.


TIL man in the middle = e2e encryption.


E2E encryption is not the same as MITM. You’re not adding anything useful to the conversation.

E2E encryption is not vulnerable to MITM. E2E encryption is vulnerable only to how many keys there are and who has access to them.


If someone except the communicating parties has access to the keys, it’s not E2E encrypted anymore though. At least according to this definition:

https://en.wikipedia.org/wiki/End-to-end_encryption


SO if google still has access in an E2E system, but you didnt know, is it still E2E?

What if google told you they also have a key? Does that change the above answer to the question?


That depends on the definition of "end".


To say nothing of the definition of "definition", or at least a common understanding.

https://m.youtube.com/watch?v=gRelVFm7iJE


It depends on what the meaning of the word 'is' is




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: