Previous Page

nihilist@mainpc - 2024-05-01

Serverside: Should I trust serverside encryption? Should I use PGP?

Clientside Encryption: Who can be trusted ?

As we discussed previously, Encryption is about providing privacy, Bob and Alice use encryption, for their conversation to remain private from the adversary Jack.

One way to close the door on Jack, is to use PGP encryption:

the logic behind using PGP encryption is for Bob and Alice to encrypt their conversation themselves, because they don't trust anyone else. Bob encrypts his message using PGP, and no matter where he sends it (over mail, over discord, over IRC, XMPP, facebook, etc.) only Alice will be able to decrypt the message.

In short, Bob uses PGP because he doesn't trust the platform on which you wish to talk to Alice.

Serverside Encryption: a Fallacy



When we are talking about Serverside Encryption, Who is Bob, Who is Alice and Who is Jack ?

In the case of the Incognito Market, an illegal Darknet Market (DNM), the platform admins told it's users to trust their own encryption

What happens here, is that Bob decides to trust Jack with the confidentiality of his data, instead of encrypting his sensitive data with PGP. What can happen from there ?

The consequences of trusting Serverside Encryption



Darknet Markets have 2 possible ends: they are either seized by authorities, or they are exit-scamming with their users' cryptocurrencies that are still in custody.

In the case of Incognito Market, they exit scammed, but something else happened:

There is a third exit option for DNMs : they can extort all of the users who decided to trust serverside encryption.

They saved every unencrypted message (including Bob and Alice's unencrypted messages), and they decided to extort them, by threatening them to give out their sensitive data (such as their home adress), to the authorities.

All of that situation could have been avoided if Bob and Alice didn't trust the platform with serverside encryption.

In short, never trust serverside encryption, the only encryption you can trust, is your own encryption (such as using PGP encryption).

To learn how to use PGP, check out this tutorial.

Nihilism

Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nowhere.moe (PGP)