Most risk is criminals talking face to face. 2 people should only be allowed to talk when a government official is present. I mean.. ."private" conversations... more like "criminal conspiracies".. no thanks. unacceptable.
+Zac T I have no idea what that is. +liquidminds You mean "government officials". The problem here is that, if the government has tools to monitor peoples communications, so can anyone clever enough to know how. It puts everyone at risk, not of government monitoring, but by monitoring by hackers or corporations who want your personal info for financial or political gain. If the government has a means of monitoring you, so does potentially anyone else.
I had quite a load of sarcasm in there. Of course it's bad. Especially since most corporations probably wouldn't find it very amusing, if they had to communicate trade-secrets over insecure lines... Making an exception for corporations and suddenly everyone is a corporation. All in all, it's another conservative "we are afraid, so let's make it illegal" type of situation. Great opportunity to make fun of them.
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” - Edward Snowden
"I don't have anything to hide". Oh except maybe all my health records, my credit card number and financial history, some of my browsing history depending on the person reading it, some of my contacts from some of my other contacts, some of the stuff I've said from my current and future employer, some of the stuff I've said from some of my family and friends depending, yeh I guess there's actually quite a lot come to think of it. You don't have to be a bad person to want privacy. And I realize that's the point of what was said.
Lithium , There's a difference between being *allowed* to, and being *able* to. The post office /govt could already read your mail if they just opened it. Imports/customs do that already.
As I understand it, no the post office can't open our mail without a warrant to do so. The only time I've seen that attempt to be waived was in extreme cases like the Anthrax scare awhile back. I remember some interesting articles about people being upset their mail was opened and filing complaints and lawsuits over it when some locations opened letters instead of using less invasive techniques to check for tampering.
Yes, its strange how it was not legal for governments to listen in on analog telephone calls or read our mail without a warrant and governments accepted that but they are arguing today that its essential for our security they are permitted to do the equivalent of steaming open our letters. The irony is they know exactly who the terrorists are already and can get individual warrants as needed. Coming back to the country after fighting for ISIS is subtle hint as to who to watch out for.
There is a place in Bristol where the Royal Mail can open your mail (for example if you forgot a stamp and they needed to find a return address), but no regular post office or Royal Mail depot is allowed to do this. (They wil only open your mail if they have to, they don't just do it willy nilly)
One of the more obvious, non-technical issues here is that how are you going to prevent criminals from simply continuing to use secure E2E encryption, even if you enforce policies that require backdoors or whatever? You can't, really. If criminals want E2E encryption, they can get it. The knowledge is already out there, there are many different applications and libraries for it and it is entirely unrealistic to think you can prevent access to it.
"I have nothing to hide" is a terrible argument. Would you be happy for me to walk into your home and take photos of it then? I mean, you have nothing to hide, so you won't mind me just walking in whenever I feel like, right?
The Mike Pound videos are the best on this channel. He's the only one that seems like he's actually worked in industry or has any real-world experience (at least in recent decades).
I actually like to watch the videos that contain a historical perspective. We have a lot to learn from the past IMHO, we just have to look into it. Past sometimes rhymes with the today and the future, like with mainframes and the cloud. Decades apart (so kind of stone age Vs space age difference), yet they share so many features, strengths, weaknesses and things to be careful about.
There is another problem with this proposal: Alice and Bob can just use their public keys on a different level, by directly encrypting their messages for example and not the channels at which point this whole idea is broken again, so in the end even if you introduce it it only hits those who are not actually trying very hard to hide something.
Yeah agreed. Unless encryption is outlawed or they magically can add a backdoor (to be honest the complete DHE and asymetric encryption thing is kind of magic), the criminals can just encrypt it for themselves.
You can add your own encryption on top of any communication method. For all we know, lSlS may communicate by bouncing radio signal of the moon. wikipedia.org/wiki/Earth-Moon-Earth_communication
Did you know who the first person to say "if you have nothing to hide you have nothing to fear" was? Josef goebbels. Copy and paste this name into google.
Even if messaging services did collaborate with governments to add a backdoor, nefarious users could just switch to an alternative system that didn't have one. So there's not really anything we can do to stop this.
Yeah, it's not that hard to do a Vignere with pen and paper or something, and then encrypt it. If I were planning a terrorist attack, I wouldn't just use Whatsapp, I would meet with my coconspirators and share some one-time pads. Vignere with one-time pads has been proven to be unbreakable.
assalane I don't know about that. Anyway, they don't need to know all the details of how an app works to be able to switch to an app that has end to end encryption. I bet there are plenty of tor users who don't know how that works
I'm shocked that Dr Pound didn't mention Signal, the open-source app that invented the encrypted protocol that was later adopted by WhatsApp and Facebook Messenger. Signal solves the problem of data at rest on your device by allowing you to encrypt your message database with a passphrase that is independent of your phone's passcode lock.
The other problem of a server holding unencrypted info is about what the company would do with it, even though i don't have anyting to hide, I wouldn't feel comfortable if i get condoms adds if they find that i got a STD for some reason... And the thing is that they just made it legal..... WHY would I ever consider giving them all of my info?! they don't need to know what my family situation is, they don't need to know WHY i could wear prothesis... It's about privacy, not about having something to hide... Do you want to see a picture that you send a day where you really shouldn't have? Well, I know that some of the above are already true... but I don't want it to go further
Whilst you may have nothing bad to hide, anything you do have can be twisted and used against you by any authority or legal institution. We live in a world where innocence is not a defence anymore.
EgoShredder "Give my six sentences written by the hand of the most honest man in the world, and in them I will find something for which I can hang him" Paraphrasing slightly, by Cardinal Richelieu I believe (but I may be wrong).
I think the reason why repealing that law makes sense is because the government has no right regulating the Internet like that. The Internet is a privilege, not a right, and we can choose to opt out of it or find our own encryption systems to avoid it. The government is bad at everything it does.
I totally agree with @LastRellik. The reasoning of the government (ANY govt, not just UK) one day might be extended to any kind of electronic messaging, like traditional Emails. Nobody can prohibit me to develop my own personal encryption system, and to use it to encrypt the text part or the attachment of an Email. Or the text of a Whatsapp message. Is the government requesting any part of a message to be written in clear text or attached as breakable standard format like Winzip or Winrar? Unrealistic just like banning the postal service.
I personally do not understand how the home secretary, of all people, doesn't ask computer science experts about the positives and negatives of such a system before saying to the public that it's unacceptable...
+Sancarn As a rule politicians ignore all expert advice and any evidence presented to them, unless it validates what they already believe in. Take a look at the enormous amount of cases in history where a politician was warned something he decided was an horrible mistake and decided he knew best... usually with gruesome results.
This is actually what Assange was alluding to in his last interview regarding the CIA hacks. That end to end encryption really didn't matter because they had backdoor access to people's phones, laptops etc... This channel really is a gem!
I followed a course on Security in Uni one time, and this protocol was praised by the professor quite highly. I love that some blokes just thought of what is essentially quite a simple number transformation and it proves to be incredibly useful everywhere.
The major problem I have is that we do have forms of encryption that would allow a great deal of investigative ability without making it susceptible to a central point of failure. I've seen encryption which allows you to perform searches for specific things like the presence of a file, a phrase in plain text, audio clips and anything else you could fit into the comparing mechanism (which was generously large). I think it was 6 or 7 years ago when I seen it demonstarted on a Defcon presentation video. The idea behind that was a transparent encryption scheme that allows authorities and security personal to probe for known threats without weakening the encryption in the process. If I remember right it even had layers designs to protect against code injection attacks so that you couldn't write a program with clever queries to break out. Was an all around impressive encryption scheme and it wasn't even one of it's kind, the presented mentioned other variants that provide similar features at different trade offs. When we have stuff like that laying right in open source space, free for anyone to use. There's no reason why a backdoor should ever be presented as part of regulation. Maybe a regulation that anything crossing public infrastructure must use that type of encryption but not ask to weaken encryption to a master key.
The thing is I don't think anyone would necesserily object to measures that make counter-terrorism an easier thing. What I personally object to is the notion that every message any person ever sends can be subject to scrutany by literally anyone else for any reason... That seems like a more dangerous situation for anyone to be in. Time and time again, legislation brought in "for national security" is used to spy on people en masse, often resulting in prosecutions for relatively minor crimes.
Shaun Dreclin private and public keys. I think they have a video on this. But in short if somebody uses their private key and my public key (in that order) to encrypt something then the only person that can decrypt it is me using my private key. And I know from who it is since I'll have to use the other persons public key to decrypt the mess left by decrypting it with my private key. So the keys never have to be sent.
+Nixitur Alice and Bob do generate random numbers in the Diffie-Hellman key exchange, and these are the private keys, exactly as I said. Nothing is being encrypted because it is a key exchange. The shared secret is then used as a key (password) by both parties.
People often say “this is only bad because the government is run by humans who are inherently imperfect” but I disagree with that sentiment I’d say that even if the government was a completely morally pure perfect body, as if such a thing can even exist even on a philosophical or ethical level, it’s still a bad thing to just hand that moral authority total access to all of our privacy.
Can we just appreciate what a great job Computerphile is doing? It is just great they are posting so many videos on CS topics. And these are not the usual lecture videos, but short and to the point videos that are fun to watch and we can learn a lot from them! This is really a blessing to CS students. Thanks, Computerphile!
You know what smart criminals would do. Write their own encryption program that's end to end and exchange the keys in person before using it. So even with these backdoors and ways of bugging the phone/computer, the government is still kinda screwed. They'd end up decryption the messages to see a second layer of decryption that they don't have a backdoor to because the criminals obviously wouldn't install one. It's funny how so many of the proposed solutions aren't really solutions because the criminals have a way to avoid it while the "solution" hurts regular users. Government, please think more about your ideas, once you think you have something, look at it from the perspective of a criminal and go "How could I bypass this, how could I make it so it doesn't apply to me or doesn't work? How could I break this?".
Hey, thanks for the explanation! 2 questions tho: - Why am I able to see my WhatsApp/Telegram messages on my computer, while they were sent/received by/from my phone? Where did my computer took the encryption key from, if not from the server? - If it's impossible to get the content of the messages with an end to end encryption, why would one country ban Telegram and not WhatsApp? If both of them have an end to end encryption implemented, are they not equally impossible to hack? And should therefore both be banned/not banned
5:40 I would object. Government should not spy on my messages, under ANY condition. Even if I'm doing illegal things - snooping on calls and messages is very bad idea for any kind of law enforcement.
For those interested in more technical details, I wrote a blog post earlier this year, explaining the RSA public-key encryption algorithm, which can be accessed at: trizenx.blogspot.ro/2017/01/rsa-algorithm.html
Daniel Șuteu these protocols uses Diffie-Hellman Key Exchange to achieve E2EE. RSA should not be used for KE, since if the private key is comprised in the future, all previous traffic can be decrypted (no forward secrecy).
What's to prevent a server along the way pretending to be Bob to Alice, and Alice to Bob? Or to put it a different way, how do you make sure a public key belongs to the person you're attempting to communicate with?
Another option is to mandate the length of the encryption key so that governments can break it with difficulty if they really want to but it would be impossible to do general surveillance. This is a difficult thing to get right though with the constant increases in computer power available to both governments and private entities.
How do we ensure S does forwards Bob's public key to Alice, for example? They are still communicating over the server, what's stopping the server from lying about the public keys and using a generated pair to hold the plaintext messages?
Even if they did implement a back door the people who really want to hide what there talking about can just encrypt the messages themselves. They could quite easily use third party software to encrypt the messages with a public-private pair then send that encrypted message over the unsecured messenger app. Even if the government got a warrant the messages would only be readable if they had the private key. So in the end most likely the only people that would be at risk of loosing their privacy is the average users who’s done nothing wrong
Can we get a video about how TOTP actually works? I've heard some things about it and it sounded like it was intended to replace 2FA-logins, so it seemed quite interesting to me.
I'm a little bit troubled by his explanation of E2E encryption. Yes a DHE key exchange is a big part of it, but at no point is it directly implemented. As you still have the verification problem. Verification can only be done using a public key which you cannot trust unless you have some outside method of knowing it should be trusted: I.E. trusted certificate authority or simple QR code scanning and verifying a public key locally.
BloCKBu5teR WhatsApp is really bad because authentication is off by default and Signal have blogged that authentication is to be ignored or something.. Threema and Conversations are better.
In Whatsapp, you can authentify to protect againts man-in-the-middle attacks (User icon > (i) > Encryption). Turn on security notifications (Settings > Account > Security) to be notified when you should check again. You can do the same in Signal (Conversation settings > Verify identity), and afaik it notifies you about identity key changes by default Honestly this is only really necessary if you suspect that you have been attacked right when you first communicated (or the last time the identity key changed), which kinda seems unlikely and is kind of an overkill threat model for most users.
That's possible in theory, but it's so inconvenient almost no one will do it, so mass surveillance of traffic would still be possible. Also, crypto that doesn't rely on lots of difficult calculations can't be as ~provably secure as the common digital crypto.
I'd like to know more about how KAB is known to both devices without it going through the server - which seems to be the only way the 2 devices can communicate?
Simplified Explanation: Alice knows an integer a. Bob knows an integer b. Everyone knows an integer g. Alice sends g^a to bob => now bob knows b and g^a. Bob sends g^b to alice => now alice knows a and g^b. Alice can calculate (g^b)^a = g^(a*b). Bob can calculate (g^a)^b = g^(a*b). Now both know the integer g^(a*b)(=Kab), but an attacker who had listened to their conversation only knows g^a and g^b. And because of some math theorems and stuff he cannot calculate g^(a*b) from g^a and g^b.
So if you had a group chat in say Facebook messenger, is there one key for the group chat or does it send an individual message to each member and have a key with each individual member?
Intersting that while ministers have argued to end e2e encryption they adopted a e2e encrpted messaging app for tory party communications during the election and onwards
Both RSA and DH can be used with several exponents during the key agreement (multipliers in case of ECDH), all of which are known by the endpoints and which exponents as "sub-keys" are uploaded separately to different servers of prosecutors, judges and police, of which all need to agree and cooperate to eavesdrop on a single communication channel. The problem is rather if this level of separation of powers is sufficient seeing what happens to democracies all over the world right now?
If one of the phones is compromised, all keys of other phones that this phone communicates with can be found as well right? (Since both parties use the same key)
Yes though one of the reasons why DH is used rather than Public Key Crypto other than it's speed is that the keys can be refreshed often and cheaply. Also DH has to be done again at minimum for every pairing as such if say Alice has a session with Bob and another with Charlie and somehow Malory compromises Bobs phone then yes he can compromise his current session with Alice but not Alice's session with Charlie that has a different key. Also it usually is at most only the current session at risk as DH is usually redone every session sometimes a session is as short as a single message too as the whole DH exchange process on over the internet can be completed in around a second or so it's just as easy to redo it every message or every few minutes in the worst case most commonly.
I have question. Who generates the public keys? Did i understood correct that Alice phone generate both public and private keys (as same for Bob). I know the private key generates by Alice device(phone) but what about the Public key (where its generating)?
Hi, this is possible, and people did it like this for a long time. The reason we avoid it these days is simply that if either side gets hacked, you can decrypt all the historic messages because the key isn't rotated often. Also, RSA is generally a lot slower than symmetric crypto for actual communication.
But how can it create a shared key, when the other partner is currently unavailable? In WhatsApp I'm able to send messages to the server, even if the recipient is currently offline. Or will it keep using the last shared key until it's able to generate a new one? But what would happen, if I added another phone (which is offline) and start sending messages to it, before they even had a chance to communicate.
An interesting feature of whatsapp is that some key exchange messages are uploaded and stored on the server for "one use" occasions where someone isn't online. the first time you try and message someone you download one of their pre-computed key handshakes, so that you can do it even if they are not online. This isn't how most key exchange works, but in whatsapp they do it like this to avoid this asynchronous problem that you've spotted.
Criminals think about a crime before committing a crime, that is unacceptable. Therefore, we should ban thought.
Most risk is criminals talking face to face. 2 people should only be allowed to talk when a government official is present. I mean.. ."private" conversations... more like "criminal conspiracies".. no thanks. unacceptable.
+Zac T I have no idea what that is.
+liquidminds You mean "government officials". The problem here is that, if the government has tools to monitor peoples communications, so can anyone clever enough to know how. It puts everyone at risk, not of government monitoring, but by monitoring by hackers or corporations who want your personal info for financial or political gain. If the government has a means of monitoring you, so does potentially anyone else.
I had quite a load of sarcasm in there. Of course it's bad.
Especially since most corporations probably wouldn't find it very amusing, if they had to communicate trade-secrets over insecure lines... Making an exception for corporations and suddenly everyone is a corporation.
All in all, it's another conservative "we are afraid, so let's make it illegal" type of situation. Great opportunity to make fun of them.
Sorry, simply idiotic argument.
It's actually very simple. All that needs to be done is to ban crime. Problem solved.
"does this make you bob?"
"it does"
made me smile
Just something so mild and...I dunno, British about it that is so charming :D
"I'll 'ave that!"
Made me laugh out loud!
+Arvindh Mani I didnt get it?What does it mean?
In the field of computer security, when an example is being demonstrated, the users are usually named Alice and Bob.
Why not just make it illegal to commit crime? Problem solved.
Here here!
so legally speaking, being illegal makes things easy to enforce law?
why not just abolish all laws, therefore nothing is technically a crime
Yes, like in Sweden. In Sweden it is ILLEGAL to be a criminal!
How can someone think that straight?!
“Arguing that you don’t care about the right to privacy because
you have nothing to hide is no different than saying you don’t care
about free speech because you have nothing to say.” - Edward Snowden
I agree with you
@@frederickwirigley9685 I agree that you agree with him.
@@benjiusofficial I agree with you agreeing with him
I thought of that exact quote right when he said it.
@@nickwilson3499 I agree with your agreement of that you agree that he was agreeing with him
"I don't have anything to hide". Oh except maybe all my health records, my credit card number and financial history, some of my browsing history depending on the person reading it, some of my contacts from some of my other contacts, some of the stuff I've said from my current and future employer, some of the stuff I've said from some of my family and friends depending, yeh I guess there's actually quite a lot come to think of it. You don't have to be a bad person to want privacy. And I realize that's the point of what was said.
EXACTLY THIS.
I always knew something was wrong with this argument. But your comment made me able to explain it to other people.
Yeah your right
And passwords too
thats like allowing the post office to read all the mail i send. thats not a good thing
Lithium , There's a difference between being *allowed* to, and being *able* to.
The post office /govt could already read your mail if they just opened it. Imports/customs do that already.
As I understand it, no the post office can't open our mail without a warrant to do so. The only time I've seen that attempt to be waived was in extreme cases like the Anthrax scare awhile back. I remember some interesting articles about people being upset their mail was opened and filing complaints and lawsuits over it when some locations opened letters instead of using less invasive techniques to check for tampering.
Yes, its strange how it was not legal for governments to listen in on analog telephone calls or read our mail without a warrant and governments accepted that but they are arguing today that its essential for our security they are permitted to do the equivalent of steaming open our letters. The irony is they know exactly who the terrorists are already and can get individual warrants as needed. Coming back to the country after fighting for ISIS is subtle hint as to who to watch out for.
Lithium richie ray
There is a place in Bristol where the Royal Mail can open your mail (for example if you forgot a stamp and they needed to find a return address), but no regular post office or Royal Mail depot is allowed to do this. (They wil only open your mail if they have to, they don't just do it willy nilly)
This should be shown on BBC to educate the politicians about the problems they have "solutions" for, without understanding the issue itself!
BBC? Eh , da je to u njihovom interesu zarad rejtinga ...
Or maybe people could just stop electing geriatrics
@@tommykarrick9130 easier said than done my friend
@@vasodegama2244 。
its not like they need education, its just that British politicians are vile cunts who are inherently interested in insane ideas
One of the more obvious, non-technical issues here is that how are you going to prevent criminals from simply continuing to use secure E2E encryption, even if you enforce policies that require backdoors or whatever? You can't, really. If criminals want E2E encryption, they can get it. The knowledge is already out there, there are many different applications and libraries for it and it is entirely unrealistic to think you can prevent access to it.
Exactly!! If not one app there's always another
plus they can program their own if they know how.
exactly ... you cant outlaw maths.
Politicians are retards
@@bluesillybeard it's the only safe way!
Alice and Bob - Well done. Proper encryption.
kek
The government isn't a secure entity, making a backdoor for them would make it insecure period.
In summary: Social Engineering always wins.
XnecromungerX bBran Brushwood would agree
lol 🤣🤣🤣
@@sebastianjulonchamana2987 wut?
The right to privacy is essential in any democracy, even if it helps those who would seek to harm us.
YES.
"I don't care if the government sees what I'm doing I'm not hiding anything after all."
That's a very dangerous thing to say
"I have nothing to hide" is a terrible argument. Would you be happy for me to walk into your home and take photos of it then? I mean, you have nothing to hide, so you won't mind me just walking in whenever I feel like, right?
Josef goebbels came up with the whole "nothing to hide nothing to fear" thing ya know...
+Wesley Parris
well thats great
What's the correct argument then? Or something that you would likely accept his right to protect his privacy?
when someone tells you that they have nothing to hide, ask them if they would give up their freedom of speech because they had nothing to say.
Yeah your right
The Mike Pound videos are the best on this channel. He's the only one that seems like he's actually worked in industry or has any real-world experience (at least in recent decades).
I actually like to watch the videos that contain a historical perspective. We have a lot to learn from the past IMHO, we just have to look into it. Past sometimes rhymes with the today and the future, like with mainframes and the cloud. Decades apart (so kind of stone age Vs space age difference), yet they share so many features, strengths, weaknesses and things to be careful about.
He's pretty much the only reason I'm subscribed to Computerphile. His videos are just too interesting to pass up.
Lol yeah I've only watched Mike Pound videos. And one on public private key encryption from some other guy.
Tom Scott and Mike Pound for president! Who cares if they're not American!
+Zac G Why not make them _all the presidents_ of the world?
There is another problem with this proposal: Alice and Bob can just use their public keys on a different level, by directly encrypting their messages for example and not the channels at which point this whole idea is broken again, so in the end even if you introduce it it only hits those who are not actually trying very hard to hide something.
What do you mean by channel encryption?
Yeah agreed. Unless encryption is outlawed or they magically can add a backdoor (to be honest the complete DHE and asymetric encryption thing is kind of magic), the criminals can just encrypt it for themselves.
If you outlaw encryption then the only people with access to encryption are outlaws.
chsxtian yeah I agree but my point was more general what is possible not what is reasonable. Because as I see it there is no solution.
You can add your own encryption on top of any communication method. For all we know, lSlS may communicate by bouncing radio signal of the moon. wikipedia.org/wiki/Earth-Moon-Earth_communication
"I have nothing to hide" = people who need to hide the fact that they have things to hide.
Did you know who the first person to say "if you have nothing to hide you have nothing to fear" was?
Josef goebbels. Copy and paste this name into google.
@@annabellethepitty An outstanding point.
"I have nothing to hide"
Awesome, make a video sharing all your account passwords please
Even if messaging services did collaborate with governments to add a backdoor, nefarious users could just switch to an alternative system that didn't have one. So there's not really anything we can do to stop this.
exactly. Everybody can just add another layer of encryption with a second public key and decrypting the first layer is literally useless.
Yeah, it's not that hard to do a Vignere with pen and paper or something, and then encrypt it. If I were planning a terrorist attack, I wouldn't just use Whatsapp, I would meet with my coconspirators and share some one-time pads. Vignere with one-time pads has been proven to be unbreakable.
Most criminals are inexperienced and IT illeterate though
assalane I don't know about that. Anyway, they don't need to know all the details of how an app works to be able to switch to an app that has end to end encryption. I bet there are plenty of tor users who don't know how that works
true
I'm shocked that Dr Pound didn't mention Signal, the open-source app that invented the encrypted protocol that was later adopted by WhatsApp and Facebook Messenger. Signal solves the problem of data at rest on your device by allowing you to encrypt your message database with a passphrase that is independent of your phone's passcode lock.
He should really clean his monitor...
lol
THANK YOU!
And stop poking it
Now I'm imagining him siting on his chair and going "poke, poke, poke" on his monitor. ^^
Wow. I thought it was a screensaver first. Damn...
I see a Dr. Mike Pound video, I upvote!
Excellent video and excellent explanations by Mike Pound. Thanks for that (except for the "i've got nothing to hide" fallacy).
Mike Pound's videos are always a pleasure to watch
The other problem of a server holding unencrypted info is about what the company would do with it, even though i don't have anyting to hide, I wouldn't feel comfortable if i get condoms adds if they find that i got a STD for some reason... And the thing is that they just made it legal..... WHY would I ever consider giving them all of my info?! they don't need to know what my family situation is, they don't need to know WHY i could wear prothesis... It's about privacy, not about having something to hide... Do you want to see a picture that you send a day where you really shouldn't have? Well, I know that some of the above are already true... but I don't want it to go further
Whilst you may have nothing bad to hide, anything you do have can be twisted and used against you by any authority or legal institution. We live in a world where innocence is not a defence anymore.
EgoShredder "Give my six sentences written by the hand of the most honest man in the world, and in them I will find something for which I can hang him"
Paraphrasing slightly, by Cardinal Richelieu I believe (but I may be wrong).
Is the secrecy of correspondence worth anything anymore?
I think the reason why repealing that law makes sense is because the government has no right regulating the Internet like that. The Internet is a privilege, not a right, and we can choose to opt out of it or find our own encryption systems to avoid it. The government is bad at everything it does.
I totally agree with @LastRellik. The reasoning of the government (ANY govt, not just UK) one day might be extended to any kind of electronic messaging, like traditional Emails. Nobody can prohibit me to develop my own personal encryption system, and to use it to encrypt the text part or the attachment of an Email. Or the text of a Whatsapp message. Is the government requesting any part of a message to be written in clear text or attached as breakable standard format like Winzip or Winrar? Unrealistic just like banning the postal service.
Criminal activity is NOT unacceptable; there is no inherent connection between criminality and immorality, and often it's the laws that are immoral.
I personally do not understand how the home secretary, of all people, doesn't ask computer science experts about the positives and negatives of such a system before saying to the public that it's unacceptable...
Because typical politicians are arrogant bastards, and would dismiss any expert who told them why a plan that brings them more power is a bad idea.
+Sancarn As a rule politicians ignore all expert advice and any evidence presented to them, unless it validates what they already believe in.
Take a look at the enormous amount of cases in history where a politician was warned something he decided was an horrible mistake and decided he knew best... usually with gruesome results.
Then you don't understand that the Governments plan is not to protect you, it's to enslave you.
Alice seems like an unpleasant person. "What do you want now...?" is not a nice response to what is basically just a "hello". :c
+whamtheman It just seems Bob is always contacting Alice.... :) >Sean
I sense a deeper story brewing. Hopefully love will find a way! :)
Alice: "What do you want now?"
Bob: "You :)"
lol
Bob: "Well, if not you, perhaps a key? Please...?"
This is actually what Assange was alluding to in his last interview regarding the CIA hacks. That end to end encryption really didn't matter because they had backdoor access to people's phones, laptops etc... This channel really is a gem!
Exactly. Why do most people not know this? It's public information.
Couldn’t the server complete a man in the middle attack when Bob and Alice were executing the Diffie-Helman key exchange?
I followed a course on Security in Uni one time, and this protocol was praised by the professor quite highly. I love that some blokes just thought of what is essentially quite a simple number transformation and it proves to be incredibly useful everywhere.
I love videos starring Mike, he explains everything so clearly. More Mike videos, please!!
I had really expected the line: "So before we declare that insane, let's first look at what that means, and then declare it insane."
Best explanation of Diffie-Hellman key eschange Ive seen is in Art of the Problem, an amazing youtube channel
I love that these vids are all coming out as I do the course at uni on them
the best explanation of end-to-end encryption on the internet. thanks, computerphile!
hell yeah its MIKE POUND again!
“I don’t have anything to hide” 🤦♂️ everyone has things they would tell some people and not others and it doesn’t make you a criminal
It's 2022 and I'm back for my refresher lesson
4 years later... still trying to make this work...
"It's a problem that if a criminal finds out this flaw..."
There's no organization more criminal than the government.
Dr. Mike Pound, you are amazing. Someday I am going to send you an application to join your research in computer vision :D.
I like how people trust the government... 😶
ahhh let them watch, ive gone out of my way to try to research legal yet uncommon research subjects to true and provoke a response
Mike Pound will always be my favorite. Fascinating topics, amazing at explaining things, and easy on the eyes too ;)
The major problem I have is that we do have forms of encryption that would allow a great deal of investigative ability without making it susceptible to a central point of failure. I've seen encryption which allows you to perform searches for specific things like the presence of a file, a phrase in plain text, audio clips and anything else you could fit into the comparing mechanism (which was generously large). I think it was 6 or 7 years ago when I seen it demonstarted on a Defcon presentation video. The idea behind that was a transparent encryption scheme that allows authorities and security personal to probe for known threats without weakening the encryption in the process. If I remember right it even had layers designs to protect against code injection attacks so that you couldn't write a program with clever queries to break out. Was an all around impressive encryption scheme and it wasn't even one of it's kind, the presented mentioned other variants that provide similar features at different trade offs.
When we have stuff like that laying right in open source space, free for anyone to use. There's no reason why a backdoor should ever be presented as part of regulation. Maybe a regulation that anything crossing public infrastructure must use that type of encryption but not ask to weaken encryption to a master key.
I'm unclear about the necessity of this algorithm. What is the exact problem it's solving, that is not being solved by a plain public key exchange?
The thing is I don't think anyone would necesserily object to measures that make counter-terrorism an easier thing. What I personally object to is the notion that every message any person ever sends can be subject to scrutany by literally anyone else for any reason...
That seems like a more dangerous situation for anyone to be in.
Time and time again, legislation brought in "for national security" is used to spy on people en masse, often resulting in prosecutions for relatively minor crimes.
I like this guy the most on the channel. I am watching every video presented by him lol
He explains these things so well
I've never smashed that thumbnail as hard as I did when I saw a new computerphile video with Dr Pound with sheer worry in his eyes.
wait so how do two users work out a shared secret key without the server in the middle being able to get that key?
Shaun Dreclin private and public keys. I think they have a video on this. But in short if somebody uses their private key and my public key (in that order) to encrypt something then the only person that can decrypt it is me using my private key. And I know from who it is since I'll have to use the other persons public key to decrypt the mess left by decrypting it with my private key. So the keys never have to be sent.
End-to-end enryption is also passing through the server but server cant read content of messages, diagram shown is more like data flow than path.
Look up Diffie-Hellman Key Exchange en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
They really coudl have gotten into that, because thats the actual interesting thing here.
+Nixitur
Alice and Bob do generate random numbers in the Diffie-Hellman key exchange, and these are the private keys, exactly as I said. Nothing is being encrypted because it is a key exchange. The shared secret is then used as a key (password) by both parties.
1:35 The fact it's Bob to start texting instead of Alice distrubs me ahahah
"does that make you bob?"
*with a toddler-esque grin* "itdoes :D"
People often say “this is only bad because the government is run by humans who are inherently imperfect” but I disagree with that sentiment
I’d say that even if the government was a completely morally pure perfect body, as if such a thing can even exist even on a philosophical or ethical level, it’s still a bad thing to just hand that moral authority total access to all of our privacy.
Can we just appreciate what a great job Computerphile is doing? It is just great they are posting so many videos on CS topics. And these are not the usual lecture videos, but short and to the point videos that are fun to watch and we can learn a lot from them! This is really a blessing to CS students.
Thanks, Computerphile!
I would love to study under Dr. Mike Pound, he is the man.
2022, here we go again
You know what smart criminals would do. Write their own encryption program that's end to end and exchange the keys in person before using it. So even with these backdoors and ways of bugging the phone/computer, the government is still kinda screwed. They'd end up decryption the messages to see a second layer of decryption that they don't have a backdoor to because the criminals obviously wouldn't install one. It's funny how so many of the proposed solutions aren't really solutions because the criminals have a way to avoid it while the "solution" hurts regular users. Government, please think more about your ideas, once you think you have something, look at it from the perspective of a criminal and go "How could I bypass this, how could I make it so it doesn't apply to me or doesn't work? How could I break this?".
I would love to see a more in-depth video on exactly how this key exchange happens securely with E2EE.
Please do a video on the key exchange, I'm super curious to see how that works
Hey, thanks for the explanation!
2 questions tho:
- Why am I able to see my WhatsApp/Telegram messages on my computer, while they were sent/received by/from my phone? Where did my computer took the encryption key from, if not from the server?
- If it's impossible to get the content of the messages with an end to end encryption, why would one country ban Telegram and not WhatsApp? If both of them have an end to end encryption implemented, are they not equally impossible to hack? And should therefore both be banned/not banned
finally another pound of computer science.... gosh, i am horrible with puns :(
Great video! Looking forward for a new one on Hellman's key exchange method!
"I don't have anything to hide" oh, this naiveté...
5:40 I would object. Government should not spy on my messages, under ANY condition. Even if I'm doing illegal things - snooping on calls and messages is very bad idea for any kind of law enforcement.
Brilliant explanation, visual illustrations helped a lot!
Very well explained ! Simply put!
For those interested in more technical details, I wrote a blog post earlier this year, explaining the RSA public-key encryption algorithm, which can be accessed at: trizenx.blogspot.ro/2017/01/rsa-algorithm.html
Just checked it out, can recommend it!
Daniel Șuteu these protocols uses Diffie-Hellman Key Exchange to achieve E2EE. RSA should not be used for KE, since if the private key is comprised in the future, all previous traffic can be decrypted (no forward secrecy).
This video has nothing to do with RSA.
"I don't mind the government spying on me cause I've got nothing to hide" Typical red coat
The truth will set you free. Mighty fine job.
Love Mike Pound. Wish there be could more videos of him
What's to prevent a server along the way pretending to be Bob to Alice, and Alice to Bob? Or to put it a different way, how do you make sure a public key belongs to the person you're attempting to communicate with?
Another option is to mandate the length of the encryption key so that governments can break it with difficulty if they really want to but it would be impossible to do general surveillance. This is a difficult thing to get right though with the constant increases in computer power available to both governments and private entities.
"We want you to deliberately sabotage user security for us."
"No thanks."
"Why won't you help us sabotage security? Don't you have enough hashtags?"
How do we ensure S does forwards Bob's public key to Alice, for example? They are still communicating over the server, what's stopping the server from lying about the public keys and using a generated pair to hold the plaintext messages?
Alice and Bob should be awarded for their contribution to information security.
Even if they did implement a back door the people who really want to hide what there talking about can just encrypt the messages themselves. They could quite easily use third party software to encrypt the messages with a public-private pair then send that encrypted message over the unsecured messenger app. Even if the government got a warrant the messages would only be readable if they had the private key. So in the end most likely the only people that would be at risk of loosing their privacy is the average users who’s done nothing wrong
Excellent video! Really broke it down for the layman
Can we get a video about how TOTP actually works? I've heard some things about it and it sounded like it was intended to replace 2FA-logins, so it seemed quite interesting to me.
I got a question for you, Mike Pound: Do you close the bathroom door when you go to do you business there?
I'm a little bit troubled by his explanation of E2E encryption. Yes a DHE key exchange is a big part of it, but at no point is it directly implemented. As you still have the verification problem. Verification can only be done using a public key which you cannot trust unless you have some outside method of knowing it should be trusted: I.E. trusted certificate authority or simple QR code scanning and verifying a public key locally.
That is exactly what WhatsApp does: you can scan the public keys of your friends on their physical phones to verify them.
BloCKBu5teR WhatsApp is really bad because authentication is off by default and Signal have blogged that authentication is to be ignored or something.. Threema and Conversations are better.
In Whatsapp, you can authentify to protect againts man-in-the-middle attacks (User icon > (i) > Encryption). Turn on security notifications (Settings > Account > Security) to be notified when you should check again.
You can do the same in Signal (Conversation settings > Verify identity), and afaik it notifies you about identity key changes by default
Honestly this is only really necessary if you suspect that you have been attacked right when you first communicated (or the last time the identity key changed), which kinda seems unlikely and is kind of an overkill threat model for most users.
British Government be like:
“Oi, you got a loicense for that knoife?”
“Oi, you got a loicense for that End-to-End Encryption?”
Oi _Bruv_
@@Laotzu.Goldbug Oi Bruv, you gawt a loicense for that shoelace?
the obvious result is therefore to type in encrypted messages, and it doesn't matter who or how sees it, its encrypted outside of any digital means.
That's possible in theory, but it's so inconvenient almost no one will do it, so mass surveillance of traffic would still be possible.
Also, crypto that doesn't rely on lots of difficult calculations can't be as ~provably secure as the common digital crypto.
I'd like to know more about how KAB is known to both devices without it going through the server - which seems to be the only way the 2 devices can communicate?
Simplified Explanation:
Alice knows an integer a.
Bob knows an integer b.
Everyone knows an integer g.
Alice sends g^a to bob => now bob knows b and g^a.
Bob sends g^b to alice => now alice knows a and g^b.
Alice can calculate (g^b)^a = g^(a*b).
Bob can calculate (g^a)^b = g^(a*b).
Now both know the integer g^(a*b)(=Kab), but an attacker who had listened to their conversation only knows g^a and g^b. And because of some math theorems and stuff he cannot calculate g^(a*b) from g^a and g^b.
An elegant solution, thanks for explaining 👍
So if you had a group chat in say Facebook messenger, is there one key for the group chat or does it send an individual message to each member and have a key with each individual member?
Intersting that while ministers have argued to end e2e encryption they adopted a e2e encrpted messaging app for tory party communications during the election and onwards
Both RSA and DH can be used with several exponents during the key agreement (multipliers in case of ECDH), all of which are known by the endpoints and which exponents as "sub-keys" are uploaded separately to different servers of prosecutors, judges and police, of which all need to agree and cooperate to eavesdrop on a single communication channel.
The problem is rather if this level of separation of powers is sufficient seeing what happens to democracies all over the world right now?
If one of the phones is compromised, all keys of other phones that this phone communicates with can be found as well right? (Since both parties use the same key)
Yes though one of the reasons why DH is used rather than Public Key Crypto other than it's speed is that the keys can be refreshed often and cheaply. Also DH has to be done again at minimum for every pairing as such if say Alice has a session with Bob and another with Charlie and somehow Malory compromises Bobs phone then yes he can compromise his current session with Alice but not Alice's session with Charlie that has a different key. Also it usually is at most only the current session at risk as DH is usually redone every session sometimes a session is as short as a single message too as the whole DH exchange process on over the internet can be completed in around a second or so it's just as easy to redo it every message or every few minutes in the worst case most commonly.
this guy is insanely brilliant
keep up the good work guys
long time fan
How would E2EE work in groups with more than 2 people? Are different keys send to every member of the group?
end points arent safe so why not make brigehs not safe too
Security vs Liberty
Always a game of balance
Couldn't the criminals manually encrypt their messages before sending them through whatsapp and circumvent this anyway?
xD if you do that. theres litterally nothing they can do to read it xD
At the end device the message has to be in plain text for it to be readable. That's the weak point. Unless you do the en/decryption manually on paper.
I have question. Who generates the public keys? Did i understood correct that Alice phone generate both public and private keys (as same for Bob). I know the private key generates by Alice device(phone) but what about the Public key (where its generating)?
Why not use asymetric encrytion (RSA) over the server dirctly for communication, isn't that sufficient?
perchte Server / mitm can read the messages, but it won't be able to send them.
Hi, this is possible, and people did it like this for a long time. The reason we avoid it these days is simply that if either side gets hacked, you can decrypt all the historic messages because the key isn't rotated often. Also, RSA is generally a lot slower than symmetric crypto for actual communication.
But how can it create a shared key, when the other partner is currently unavailable? In WhatsApp I'm able to send messages to the server, even if the recipient is currently offline. Or will it keep using the last shared key until it's able to generate a new one? But what would happen, if I added another phone (which is offline) and start sending messages to it, before they even had a chance to communicate.
An interesting feature of whatsapp is that some key exchange messages are uploaded and stored on the server for "one use" occasions where someone isn't online. the first time you try and message someone you download one of their pre-computed key handshakes, so that you can do it even if they are not online. This isn't how most key exchange works, but in whatsapp they do it like this to avoid this asynchronous problem that you've spotted.
Could we not use private/public key types of solutions? Then just change they key regularly? :P
I wish Dr. Pound had his own channel for us to subscribe to as well.
4:48: See that little dark speck on the desk, just above his right hand? Did that have anyone else trying to clean their screen, too?
Can you tell if a Digital signature provides confidentiality or not, if so why? Thanks in advance.