mirror of
https://github.com/privacyguides/privacyguides.org
synced 2024-11-10 13:13:35 +01:00
Remove warnings for web e2ee across the site (#1813)
This commit is contained in:
parent
5bf2e8bf1f
commit
a1bd21f365
@ -60,7 +60,7 @@ The obvious problem with this is that the service provider (or a hacker who has
|
||||
|
||||
Thankfully, end-to-end encryption can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, so long as the service provider does not have access to the private keys of either party.
|
||||
|
||||
??? note "Note on web-based encryption"
|
||||
!!! note "Note on web-based encryption"
|
||||
|
||||
In practice, the effectiveness of different end-to-end encryption implementations varies. Applications such as [Signal](../real-time-communication.md#signal) run natively on your device, and every copy of the application is the same across different installations. If the service provider were to backdoor their application in an attempt to steal your private keys, that could later be detected using reverse engineering.
|
||||
|
||||
|
@ -67,6 +67,4 @@ When self-hosting, you should also enable E2EE to protect against your hosting p
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
|
||||
|
||||
Proton Drive is currently only available through a web client and an Android app.
|
||||
|
||||
When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
|
||||
Proton Drive is currently only available through a web client and an Android app.
|
@ -74,10 +74,6 @@ For other platforms, consider below:
|
||||
|
||||
## Paste services
|
||||
|
||||
!!! warning
|
||||
|
||||
Encrypted Pastebin websites like the ones recommended here use JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
|
||||
|
||||
### PrivateBin
|
||||
|
||||
!!! recommendation
|
||||
|
@ -70,8 +70,6 @@ Profile pictures, reactions, and nicknames are not encrypted.
|
||||
|
||||
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
|
||||
|
||||
When using [element-web](https://github.com/vector-im/element-web), you must trust the server hosting the Element client. If your [threat model](basics/threat-modeling.md) requires stronger protection, then use a desktop or mobile client instead.
|
||||
|
||||
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
|
||||
|
||||
### Session
|
||||
|
Loading…
Reference in New Issue
Block a user