Comment by londons_explore

Comment by londons_explore 19 hours ago

7 replies

View on Hacker News

> don't really see how it's possible to mitigate client compromise.

Think of the way DRM'ed video is played. If the media player application is compromised, the video data is still secure. Thats because the GPU does both the decryption and rendering, and will not let the application read it back.

gruez 16 hours ago

That's not what signal's doing though. It's just asking the OS nicely to not capture screen contents. There are secure ways of doing media playback, but that's not what signal's using.

Reply View 0 replies
Retr0id 19 hours ago

Video decryption+decoding is a well-defined enough problem that you can ship silicon that does it. You can't do the same thing for the UI of a social media app.

You could put the entire app within TrustZone, but then you're not trusting the app vendor any less than you were before.

Reply View 3 replies
  • Retr0id 19 hours ago

    Although now I think about it more, you could have APIs for "decrypt this [text/image] with key $id, and render it as a secure overlay at coordinates ($x, $y)"

    Reply View 2 replies
    • londons_explore 18 hours ago

      Exactly. Thats how DRM video works, and I don't see why you couldn't do the same for text.

      Reply View 1 reply
      • Retr0id 18 hours ago

        Actual DRM uses symmetric keys though, figuring out how to do the crypto in an E2EE-comaptible way would be challenging.

        Reply View 0 replies
pennomi 19 hours ago

There will always, ALWAYS be the analog hole in security models like this.

Reply View 1 reply
  • londons_explore 14 hours ago

    It's pretty hard for the government or service provider to snoop through the analog hole unless they have a camera on your forehead...

    Reply View 0 replies