3 comments

[ 3.2 ms ] story [ 14.8 ms ] thread
It's pretty trivial to create an encrypted app: put together a simple custom android app that uses open source openssl libs for messaging directly between phones/clients.

There will be no way to stop this.

Also, trying to defeat encryption by forcing backdoors into things won't prevent people from using a different version.

Compromising OpenSSL won't break LibreSSL, and nothing stops you from having a "pre-government intervention" version of either of them.

There is definitely no way to stop this, and government intervention only harms honest people.

>nothing stops you from having a "pre-government intervention" version

Don't neglect to consider surreptitious intervention. You're not going to see a `dhs/libressl` fork on github. We tried that with the NSA->NIST flow, and it was outed. New flaws will be injected by some cryptographer being run by clandestine services.