Webtagr - Technology News Summarizer

XChat's End-to-End Encryption: The Juicebox Security Flaw

2025-06-09

Matthew Garrett exposes security vulnerabilities in X's (formerly Twitter) new end-to-end encrypted messaging protocol, XChat. XChat uses the Juicebox protocol to store user private keys, distributing them across three servers. However, these servers are all controlled by X, meaning X can access all user keys, undermining end-to-end encryption. The article delves into Juicebox's mechanics and potential risks, highlighting critical flaws in XChat's deployment. User private keys are vulnerable to arbitrary access by X, leading to the recommendation to avoid using XChat.

(blog.cryptographyengineering.com)

Tech

Apple iMessage: Encryption Isn't Enough

2025-03-06

While Apple iMessage boasts end-to-end encryption since 2011, its messages are permanently stored on devices and default to iCloud backups, creating a privacy vulnerability. Despite strong encryption, including post-quantum security, the lack of features like disappearing messages puts it behind other messengers in protecting user privacy. The article urges Apple to improve and add a disappearing messages feature to better safeguard user data.

(blog.cryptographyengineering.com)

Tech

UK Secretly Demands Apple Weaken iCloud Encryption: A Privacy Nightmare

2025-02-12

The UK government secretly demanded Apple weaken the end-to-end encryption in its iCloud Advanced Data Protection (ADP) system, raising major privacy concerns. This system is designed to protect user data from unauthorized access, but the UK's request would allow it to secretly access user data. This not only threatens the privacy of UK users but also sets a dangerous precedent for other countries, potentially jeopardizing global data security. The author urges Apple to accelerate the rollout of end-to-end encryption and suggests US legislation prohibiting US companies from installing encryption backdoors at the request of foreign governments.

(blog.cryptographyengineering.com)

Tech iCloud encryption privacy security government regulation

The Random Oracle Model's Achilles' Heel: New Challenges to Blockchain Security

2025-02-06

This post delves into a long-standing issue in cryptography: the Random Oracle Model (ROM). Widely used to prove the security of cryptographic schemes, ROM's assumptions are unrealizable in the real world. The author analyzes a paper by Khovratovich, Rothblum, and Soukhanov, revealing potential practical attacks on Fiat-Shamir based zero-knowledge proof systems. These attacks exploit vulnerabilities that can arise when replacing the ROM with real-world hash functions. As zero-knowledge proofs and their recursive applications in blockchain become more prevalent, the author highlights the significant security risks, potentially leading to system-wide failures. The post emphasizes the crucial need for rigorous security audits of programs used in proof systems and explores various attack scenarios, ranging from relatively mild to catastrophic, prompting a deeper examination of blockchain security.

(blog.cryptographyengineering.com)

Tech random oracle model blockchain security

AI vs. End-to-End Encryption: A Privacy Showdown

2025-01-17

This article explores the clash between AI and end-to-end encryption. The rise of AI assistants necessitates off-device processing of increasingly sensitive data, challenging the privacy protections offered by end-to-end encryption. While companies like Apple are attempting to mitigate this with 'Private Cloud Compute' and trusted hardware, this approach relies on complex software and hardware security, falling short of a perfect solution. A deeper concern lies in the control of powerful AI agents; once deployed, access becomes paramount, raising the specter of government or corporate access compromising personal privacy.

(blog.cryptographyengineering.com)

Tech AI privacy end-to-end encryption