blog-contributions/opsec/serversideencryption/index.html
2024-11-21 08:59:02 +01:00

164 lines
7.1 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Why can't I trust Server-side Encryption ?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-05-01</ba></p>
<h1>Why can't I trust Server-side Encryption ? </h1>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Clientside Encryption: Who can be trusted ? </b></h2>
<p>As we discussed <a href="../deniability/index.html">previously</a>, Encryption is about providing privacy, Bob and Alice use encryption, for their conversation to remain private from the adversary Jack.</p>
<img src="1.png" class="imgRz">
<p>One way to close the door on Jack, is to use PGP encryption:</p>
<img src="2.png" class="imgRz">
<p>the logic behind using PGP encryption is for Bob and Alice to encrypt their conversation themselves, because they don't trust anyone else. <b>Bob encrypts his message using PGP</b>, and no matter where he sends it (over mail, over discord, over IRC, XMPP, facebook, etc.) <b>only Alice will be able to decrypt the message.</b></p>
<p>In short, Bob uses PGP because he doesn't trust the platform on which he wishes to talk to Alice.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Serverside Encryption: a Fallacy</b></h2> </br> </br>
<p>When we are talking about Serverside Encryption, Who is Bob, Who is Alice and Who is Jack ?</p>
<p>In the case of the <a href="https://iv.nowhere.moe/watch?v=5VEXj09TFNA">Incognito Market</a>, an illegal Darknet Market (DNM), <b>the platform admins told it's users to trust their own encryption</b> </p>
<img src="3.png" class="imgRz">
<p>What happens here, is that Bob decides to trust Jack with the confidentiality of his data, <b>instead of encrypting his sensitive data with PGP</b>. What can happen from there ?</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>The consequences of trusting Serverside Encryption</b></h2> </br> </br>
<p>Darknet Markets have 2 possible ends: they are either seized by authorities, or they are exit-scamming with their users' cryptocurrencies that are still in custody.</p>
<p>In the case of Incognito Market, they exit scammed, but something else happened:</p>
<img src="4.png" class="imgRz">
<p>There is a third exit option for DNMs : <b>they can extort all of the users who decided to trust serverside encryption.</b></p>
<img src="5.png" class="imgRz">
<p>They saved every unencrypted message (including Bob and Alice's unencrypted messages), and they decided to extort them, by threatening them to give out their sensitive data (such as their home adress), to the authorities.</p>
<p>All of that situation could have been avoided <b>if Bob and Alice didn't trust the platform with serverside encryption.</b></p>
<p>In short, <b>never trust serverside encryption, the only encryption you can trust, is your own encryption (such as using PGP encryption).</b></p>
<p>To learn how to use PGP, check out <a href="../pgp/index.html">this tutorial</a>.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>