1 comment

[ 19.7 ms ] story [ 531 ms ] thread
Train somebody long enough to ignore those warnings and you’ve essentially made End-to-End-Encryption completely useless.

Encryption without verification is ineffective.

Opportunistic encryption (without authentication) is still a very valuable tool, as it prevents passive attackers from reading your traffic. To actually intercept encrypted-but-unauthenticated messages, an attacker needs to obtain an (often permanent) MitM position, which is not impossible but still much harder to achieve.