70
the encryption keys, why can't the government just sneak on them?
(lemmy.dbzer0.com)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
afaik, most if not all modern browsers and clients in e.g. apps, use Diffie-Hellman key exchange in TLS.
Some Apps go even further and implmement certificate pinning, only allowing a set of specific certificates the server is allowed to "present".
You can only break it by an active Man in the middle attack, presenting your own Diffie-hellman parameters toeachother and signing them with a certificate the client trusts (we can probably assume US agencies have access to some CA keys and can do this)
I dont think this is very feaseable on a large scale as you'd need to intercept every interesting connection, break the handshake, risking detection, and further proxy and process the whole traffic.
Metadata will be more juicy en mass than the content and easier to obtain with less risks.