Privacy

33459 readers

488 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

183

UK government demanding access to encrypted iCloud (www.bbc.co.uk)

submitted 14 hours ago* (last edited 14 hours ago) by milicent_bystandr@lemm.ee to c/privacy@lemmy.ml

43 comments fedilink hide all child comments

UK government is trying to get into iCloud end-to-end encryption. (Again?)

Makes me think about email servers too. Most of my private information is in emails, and not only I use a service where the host machines access the email, so do almost everyone I email to/from.

you are viewing a single comment's thread
view the rest of the comments

[–] Gayhitler@lemmy.ml 4 points 10 hours ago (1 children)

Here’s hoping Apple sticks to their guns and pulls adp instead of caving.

In case you didn’t see it a few weeks ago, 3.3 million servers are doing unencrypted transport.

The way email delivery is handled also means you’re not safe just because you aren’t talking to those servers.

[–] milicent_bystandr@lemm.ee 1 points 8 hours ago (1 children)

Wow, thank you for this! But it looks like IMAP and POP, not server-to-server. And how would one of these severs compromise security if not one of the end points?

[–] Gayhitler@lemmy.ml 1 points 6 hours ago (1 children)

SMTP is only encrypted if the second server responds correctly to the first servers starttls.

The striptls type of attack, which prevents the servers from getting a valid starttls exchange, was in use over a decade ago by some telcom against its own customers.

Even if you know the person you’re emailing has a correctly configured client you can’t control a man in the middle attack between servers which has been in widespread use for years.

[–] refalo@programming.dev 1 points 2 hours ago

And SMTP/IMAP do not support end-to-end encryption, so a malicious server can still spy on you even if it uses TLS.