UK government demands access to Apple users' encrypted data
www.bbc.co.uk
The Home Office served the notice to the tech giant under the Investigatory Powers Act.

UK government is trying to get into iCloud end-to-end encryption. (Again?)

Makes me think about email servers too. Most of my private information is in emails, and not only I use a service where the host machines access the email, so do almost everyone I email to/from.

  • Gayhitler@lemmy.mlEnglish
    2·
    14 hours ago

    SMTP is only encrypted if the second server responds correctly to the first servers starttls.

    The striptls type of attack, which prevents the servers from getting a valid starttls exchange, was in use over a decade ago by some telcom against its own customers.

    Even if you know the person you’re emailing has a correctly configured client you can’t control a man in the middle attack between servers which has been in widespread use for years.

    • refalo@programming.dev
      2·
      10 hours ago

      And SMTP/IMAP do not support end-to-end encryption, so a malicious server can still spy on you even if it uses TLS.