Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:
The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora's box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?
In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.
Originally spotted on Schneier on Security.
One Protocol to Rule Them All? On Securing Interoperable Messaging, Jenny Blessing, Ross Anderson https://doi.org/10.48550/arXiv.2303.14178
(Score: 3, Funny) by JoeMerchant on Thursday March 30, @03:53PM (1 child)
Secure, easy to use, economical to operate. Pick one. Maybe one and a half.
If we still had switchboard operators, they could effectively act as our authenticators and spam filters. Of course, every E-mail or tweet would cost several dollars since one switchboard operator could only handle message traffic from a few dozen endpoints. Then we have the tension about how cheaply can you get switchboard operators and still trust them not to eavesdrop, sell your information, enable telemarketers, etc.
Lots of Steampunk takes it a step further back and communicates physical objects through a literal series of tubes, but it takes very little imagination to find security problems with that system.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 4, Interesting) by Mojibake Tengu on Thursday March 30, @04:53PM
This steampunk delivery system was still operational in my early childhood (late 60s) at local post office.
https://g.denik.cz/63/8e/potrubni_posta_archiv_denik-630-16x9@2x.jpg [denik.cz]
https://www.kudyznudy.cz/files/fc/fc8b581b-cbb9-4528-867f-7eceb9cc59f5.jpg [kudyznudy.cz]
Original invention is Denis Papin, 1853. Truly steampunk.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 1, Insightful) by Anonymous Coward on Thursday March 30, @05:07PM
I'm not sure why this is an issue. The receiving messaging platform has the contents of the message and can perform whatever censorship/bowdlerization they desire.
The only reason this would be a problem is if they want to censor people based on who they are, rather than what they say (which, of course, is what's happening currently).
(Score: 3, Informative) by DadaDoofy on Thursday March 30, @05:19PM (1 child)
Maybe I'm misunderstanding this. Content moderation for instant messages? Nah, I'll stick with iMessage thanks.
If you're not blue, we're through!
(Score: 2) by RamiK on Thursday March 30, @05:59PM
iMessage backups aren't end-to-end encrypted in iCloud unless you opted for the Advance Data Protection program. And thanks to how Apple signs messages, if the other party kept incriminating messages from you...
compiling...
(Score: 3, Interesting) by Thexalon on Thursday March 30, @06:49PM
Some things that can matter a lot with messaging systems:
1. Who or what is allowed to send this particular kind of message? Who is specifically banned from sending it?
2. How big is the payload of the message allowed to be?
3. Is it a human or a machine reading the message?
4. How quickly does it need to get to where it's going in order to be useful?
5. What sort of throttling or filtering is being used to keep a bad actor from sending way too many messages?
Until you've answered those questions, you're nowhere near having a protocol that makes sense. And if you screw up the last point in particular, you're either going to have spam, or legitimate users of the service being blocked, because spammers are relentlessly focused on finding any possible avenue of communication to say whatever they want to say.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by hendrikboom on Friday March 31, @02:33AM
Aren't there already protocols for email?
Does PGP not work?
-- hendrik