Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)

That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.

We want an E2EE A/V protocol that is publicly auditable

Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) people’s devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. And without a way to verify that the code being run is the code that was inspected, any claim giving the impression that the system was audited is misleading at best.

During the rollout phase, a single non-supporting member being present forces the call to transport-only encryption. The call will automatically “upgrade” to E2EE if that member disconnects.

This sort of thing has historically been ripe for abuse. (See also: downgrade attack.) I hope they are very careful about how they implement it.

The protocol uses Messaging Layer Security (MLS) for group key exchange

Interesting. This makes me wonder if their motivation might be eventual compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats?

My early impression, based on what they wrote:

This won’t fix Discord’s major fundamental flaws. However, if their E2EE A/V design holds up to scrutiny, and if they were to fix their problematic language and provide truly auditable client code, the protection offered for audio & video could at least reduce Discord users’ exposure to unwanted harvesting of voice & face samples. A step in the right direction, and a timely one, given that biometric data collection and AI impersonation are on the rise.

@latenightblog@procial.tchncs.de was created ~37 minutes ago.

Their only post violates rule 2, and probably violates lemmy.world rule 8 (misinformation).

Somebody please show them to the door.

also any inputs are probably scraped

ftfy

Let’s hope it’s the bad outputs that are scrapped. <3

many results say to install custom ROMs which I can’t since its a US model and the bootloader is locked.

Are you sure it can’t be unlocked?

https://xdaforums.com/t/guide-to-root-galaxy-s22-plus-b-e-n-0-unlock-bootloader-and-flash-official-firmware-noob-friendly.4404351/

Many phones that don’t officially support unlocking can be exploited to do so anyway. Some will lose relatively minor functionality in the process (camera enhancements were lost on mine, but the camera still works fine) but the tradeoff is often worth it.

Is it true that Telegram doesn’t encrypt group chats at all? Maybe that would get their attention?

My biggest criticism of Telegram (but not the only one) is that they use homebrew crypto. Of course, I don’t know if your family would understand why that’s bad.

That number is a single manufacturer’s performance target. It is not a guarantee of results. You might be able to get Intel to replace an SSD if it corrupts data in under 52 weeks (assuming you notice it) but your data will still be gone.

Hardware performance can and does vary by manufacturer, model, and production run. Even the nominally identical cores within a single CPU have slightly different operating limits. YMMV.

Note also: the 52 week target you quoted is halved for every 5° rise in temperature.

I explained that they ought to be recipes to new media every N number of years or risk deteriorating or becoming unreadable

This is important, and for some media, it should be more often than that.

People forget that flash memory uses electrical charge to store data. It’s not durable. If left unpowered for too long, that data will get corrupted. A failure might not even be visible without examining every bit of every file.

Keep backups. Include recovery data (e.g. PAR2). Store them on multiple media. Keep them well-maintained (e.g. give flash drives power). Mind their environment. Copy them to new storage devices before the old ones become obsolete.

It’s funny that with all our technology, paper is still the most durable storage medium (under normal conditions) that doesn’t cost an arm and a leg.

Have they not heard of the TS100 or the Pinecil?

Of course they have.

An iFixit co-founder has been responding to questions over on Hacker News:

https://news.ycombinator.com/item?id=41521919

Review:

https://hackaday.com/2024/09/12/review-ifixits-fixhub-may-be-the-last-soldering-iron-you-ever-buy/

Announcement from last year:

https://www.consumerreports.org/media-room/press-releases/2023/10/consumer-reports-introduces-free-permission-slip-by-cr-app-to-empower-consumers-to-take-back-control-of-their-personal-data/

An SD card lasts for years, and the amount of plastic in one is negligible. It’s just not an issue.

Hark! The ghosts of countless generations of short-sighted polluters cry out in complacent, rationalizing unison!

It’s not about expecting one model of memory card to save the Earth. It’s about moving away from needless production of toxic materials, everywhere.

And if you don’t care, nobody’s going to force you to read The Lorax, but please don’t go around shitting on people’s appreciation for even the small things.

A journey of a thousand miles begins with a single step.

Less plastic being manufactured? Sounds good to me. :)

Works fine for me. Maybe that’s because I have scripts disabled? Try the archive link.

no long-term OS support

IMHO, we need well-enforced laws requiring manufacturers to do both of these things:

• Provide service manuals and reasonably priced parts for a sensible period, much like existing requirements for replacement car parts. (Perhaps 5 or 7 years minimum?)
• Put into escrow all the information needed for community support of these devices, to be publicly released when the official support period ends. (The easiest way to satisfy this might be in the form of source code, but data sheets and API documentation could suffice if they are reasonably complete.)

Some people have argued that the second point is impossible because phones are made with components that don’t come with specs or source code themselves. That might be true today, but if large economies start requiring it, then those component manufacturers will either fall into line or lose the market to competitors who do meet the requirements.

and not easy to load an alternative OS on.

This is another big one. We need to be able to unlock our bootloaders, install an OS of our choice, and re-lock our bootloaders. (Without permanently disabling any of the hardware features; there must be a way to fully revert to stock.) The only major brand smartphones I know of with a reputation for doing this right are from Google, which is kind of embarrassing.

The “especially in gaming” bit is encouraging. That might mean they are finally, after 26 years, addressing the demand for good quality, low latency, multichannel, full duplex audio…

…but I won’t hold my breath. They seem to think gaming means playing on hardware like this.

That rudely condescending comment lends nothing useful to the discussion, and has just earned my only downvote of the day. Enjoy. Bye.

I appreciate that you’re articulating your thoughts pretty well without resorting to the adversarial nonsense I’ve received elsewhere in this thread, so thanks for that.

It’s still clear that I haven’t been understood, but I’m exhausted from trying. (Again, mostly not from you, so please don’t take it personally.) Time for me to put lemmy away for the day, I think. Take care.

All of those things are implemented in modern Android.

No, they are not all implemented on any version of Android that I’ve seen. I don’t know about iOS.

Well, almost.

Right. We don’t need just a few pieces of what I listed. We need them all.

an OS popup asks you if you want to give the app permission to use the feature.

That’s not a bad interface, but it doesn’t address what I wrote: Individual control.

Why should email address, sexual orientation, and home address be lumped all together into a single permission? Lumping installed apps and search history together isn’t much better. Why should a music player, which obviously needs access to music files, be also granted access to biometric data like voice recordings?

This is impossible? The OS can either let the app use the mic or not,

Of course it’s possible. The OS can record the file and then hand it off to the app. No microphone access required.

Android always shows a green indicator on screen (upper right corner) when any app is using the microphone

That alone is better than nothing, but not enough. How is a user to know if something was captured when the screen was off?

These things are indeed improving as new versions come out, but at a glacial pace. Heck, it was ages before Android stopped letting apps spy on each other’s log messages. It’s now at version 15 and still doesn’t have basic controls like restricting network access.

No snark intended. Do you run into that so often that you’ve come to expect it?