Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday March 30, @03:14PM   Printer-friendly
from the how-protocols-proliferate dept.

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora's box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.

Originally spotted on Schneier on Security.

One Protocol to Rule Them All? On Securing Interoperable Messaging, Jenny Blessing, Ross Anderson https://doi.org/10.48550/arXiv.2303.14178


Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Funny) by JoeMerchant on Thursday March 30, @03:53PM (1 child)

    by JoeMerchant (3937) on Thursday March 30, @03:53PM (#1298911)

    Secure, easy to use, economical to operate. Pick one. Maybe one and a half.

    If we still had switchboard operators, they could effectively act as our authenticators and spam filters. Of course, every E-mail or tweet would cost several dollars since one switchboard operator could only handle message traffic from a few dozen endpoints. Then we have the tension about how cheaply can you get switchboard operators and still trust them not to eavesdrop, sell your information, enable telemarketers, etc.

    Lots of Steampunk takes it a step further back and communicates physical objects through a literal series of tubes, but it takes very little imagination to find security problems with that system.

    --
    Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
  • (Score: 1, Insightful) by Anonymous Coward on Thursday March 30, @05:07PM

    by Anonymous Coward on Thursday March 30, @05:07PM (#1298921)

    I'm not sure why this is an issue. The receiving messaging platform has the contents of the message and can perform whatever censorship/bowdlerization they desire.

    The only reason this would be a problem is if they want to censor people based on who they are, rather than what they say (which, of course, is what's happening currently).

  • (Score: 3, Informative) by DadaDoofy on Thursday March 30, @05:19PM (1 child)

    by DadaDoofy (23827) on Thursday March 30, @05:19PM (#1298925)

    Maybe I'm misunderstanding this. Content moderation for instant messages? Nah, I'll stick with iMessage thanks.

    If you're not blue, we're through!

    • (Score: 2) by RamiK on Thursday March 30, @05:59PM

      by RamiK (1813) on Thursday March 30, @05:59PM (#1298942)

      iMessage backups aren't end-to-end encrypted in iCloud unless you opted for the Advance Data Protection program. And thanks to how Apple signs messages, if the other party kept incriminating messages from you...

      --
      compiling...
  • (Score: 3, Interesting) by Thexalon on Thursday March 30, @06:49PM

    by Thexalon (636) Subscriber Badge on Thursday March 30, @06:49PM (#1298959)

    Some things that can matter a lot with messaging systems:
    1. Who or what is allowed to send this particular kind of message? Who is specifically banned from sending it?
    2. How big is the payload of the message allowed to be?
    3. Is it a human or a machine reading the message?
    4. How quickly does it need to get to where it's going in order to be useful?
    5. What sort of throttling or filtering is being used to keep a bad actor from sending way too many messages?

    Until you've answered those questions, you're nowhere near having a protocol that makes sense. And if you screw up the last point in particular, you're either going to have spam, or legitimate users of the service being blocked, because spammers are relentlessly focused on finding any possible avenue of communication to say whatever they want to say.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
  • (Score: 2) by hendrikboom on Friday March 31, @02:33AM

    by hendrikboom (1125) on Friday March 31, @02:33AM (#1299056) Homepage Journal

    Aren't there already protocols for email?
    Does PGP not work?

    -- hendrik

(1)