Is the End-To-End Encryption (E2EE) of Joplin (notes app) secure enough for public Git repo?

Because privacytools.io recommends Joplin I am switching my notes to it. I add the text files to Git, and wonder if I can also use a public Repo and/or a cloud hosted Git server?

I will paste sensitive info like API tokens and passwords into the notes.

I enabled About End-To-End Encryption (E2EE)🔗 / docs with very strong pass (in local KeePassXC) and file synchronisation to a Git repo.

Encrypted data is encoded to ASCII because encryption/decryption functions in React Native can only deal with strings. So for compatibility with all the apps we need to use the lowest common denominator.

Too complicated for me.

Is WhatsApp end-to-end encryption applied to images?

I know that for text, WhatsApp messages are encrypted in a way no “man in the middle” could read them. But what about images?

Imagine you received some private image on your smartphone. Then you open WhatsApp Web on your PC, which uses an employer VPN.

Would the employer be able to “download” the image your Whatsapp Web just loaded?

How can I verify Keybase’s end-to-end encryption between me and a friend?

The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. You’ve read all the code in the client, or someone you trust has done so for you. But after loading the code onto your phone — installing the Keybase app — and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. Since you can’t host your own server, it has to be the Keybase, Inc’s server that sends you the encryption key of your friend.

It’s pretty standard for E2EE software that the (client) code is open, the server sends you the encryption key, and you can check the encryption keys out of band. In Signal you check the safety number, in Wire you check the device fingerprints, and in Telegram you check the encryption key. If they match, you know (based on the open client code and the cryptography it uses) that there is no (wo)man in the middle.

How does this work with Keybase? Their documentation explains parts of it:

Alice and Bob share a symmetric encryption key, which they pass through the server by encrypting it to each of their devices’ public encryption keys.

Okay, so either we verify the symmetric key (identical on both phones), or we verify the public key (I should be able to display mine on my phone, and my friend will call up what their phone thinks my public key is, and that should match).

The weird thing is that there is no button to do either of this. The documentation doesn’t mention any and I can’t find it when looking around.

Further on, it explains the public keys are put into your signature chain:

All Keybase devices publish a crypto_box public key and a crypto_sign public key when they’re first provisioned. Those keys live in the user’s signature chain […] A chat symmetric encryption key is 32 random bytes. It’s shared by everyone in the chat, […] When a new device needs this shared key, another device that has it will encrypt it with the new device’s public crypto_box key and then upload it to the Keybase server.

So if I’m reading this right, when my friend opens a new chat with me, their client generates the shared secret, it will take the public key from the crypto_box inside my signature chain, and upload that to Keybase’s server so that I can download and decrypt it, and thereby establish the shared secret and start the chat.

… but where does that signature chain come from? This has to be fetched from Keybase servers, so since there is no way to display it, I have to trust the server to send me the right key. How does that make sense when they claim “all messages are secure, end-to-end encrypted”?

There is some documentation that goes through some verification step by step, but aside from that it’s broken (there is no “sigs” field in “root_desc”, the result of root.json?hash=X), this is not something I can do on my phone. A malicious server could return the correct answers to my command line client while telling the mobile app that the signature chain contains an entirely different key (namely the one the malicious actor uses to perform the (W)MitM).

Somehow, when this comes up in conversation, this blockchain thing is given as the reason why it’s secure without needing to verify anything yourself, but I can’t figure out how it works.

  1. Do Keybase chats require manual verification of any kind of key, or does the blockchain magic (which the app could verify under the hood) somehow prevent us from having to compare fingerprints/safety-numbers/keys/sigchains?
  2. If we do need to compare fingerprints/safety-numbers/keys/sigchains, how can that be done in the Keybase app in order to verify that no MitM is going on?

In end-to-end encryption where should the asymmetric encryption keys be created?

I’m playing around with learning encryption with a mini messaging project, so far I can do symmetric encryption (AES) where everyone shares the same key, obviously not secure or ideal, I want to turn learn how to implement a true end-to-end encryption system. I’ve been told RSA is what I should use? My question is,

  • Do I generate the keys completely on the client end in javascript, or is it ok to do the key generation on the server and give them to the client?

  • Where do you store the private key in a website, is using sessions okay? Do i save the private key to storage?

  • Is there a good walk through with examples of implementing something in JavaScript or Python?

How is end-to-end encrypted data stored in a database?

A traditional database holds the data in each column and then has a relational ID to tie that row to a parent (e.g. a user’s ID) so it can be found in a query.

Taking the same scenario but this time E2E is in place, is the encrypted data (e.g. chat message) simply inserted into the database under the respective column and the relational ID is left in plain text? It seems the most simple but it allows for metadata to undermine some parts of the encryption, e.g. how many chats a user has sent.

Is my understanding correct?

End-to-End Encryption IMAP client [on hold]

I recently discovered that Outlook for Android uses an intermediate server for IMAP connections, meaning that:

  1. mail is accessed in plain-text by a third-party
  2. credentials are known in plain-text by a third party

This defeats much of the purpose of encrypting IMAP connections in the first place, since the information is no longer private between the host server and the client.

As I was unhappy with this, I switched to Bluemail since I saw that they have an option to configure either push or fetch. However, I have now found that, regardless of how this option is configured, the account credentials are still held by the Bluemail server.

Question

Which mail clients for android connect directly to the mail server from the client? That is, without sharing credentials or other data with intermediate servers.

Also, any idea why this is not seen as more of a problem? There only seem to be a couple of people that are talking about this behaviour, even though it is a clear breach of security.

Which devices store audio in the cloud without end-to-end encryption? [on hold]

Background
Many consumers are concerned by the fact that virtual assistants, such as Amazon Alexa, Siri, and Google Assistant, store recorded speech in the platform provider’s cloud, where the data is analyzed and could be exploited for secondary uses.
It is certainly true that voice recordings can contain highly sensitive information – not only through spoken words, but also through the sound of a speaker’s voice, his or her accent, sociolect, etc. Research has shown, for example, that emotions, health information, and even a speaker’s personality traits can be inferred from voice recordings.
But is this privacy threat limited to virtual assistants? Of course not. There are many other devices and services that store voice recordings on their providers’ servers without end-to-end encryption. To raise awareness, I am currently compiling a list of these services and devices. Let’s brainstorm together!

Question
Apart from virtual assistants, which services and devices can you think of that store voice recordings on the provider’s servers without end-to-end encryption?

Are end-to-end and integration tests worth it for non-mission critical stuff?

It’s well known that end-to-end and integration tests are costly. Of course if we develop applications where people might die if things go wrong it’s a worthwhile investment. However in applications where errors are not the end of the world, would it not be cheaper to skip the E2E tests and integration tests altogether and instead craft a backup plan if something goes wrong? Like is a manual test of user stories + unit tests + using a statically typed language enough?

Like for example if a web store lost an order they could instead send the item for free + another item as an apology. The end user might end up even happier that way and the company overall saves money.

I guess my question is, in general how much does an integration test and E2E test cost and how much money does it save? Is there a way to do a risk/cost calculation for this?

Calculating the end-to-end delay of a message sent over a network

This is a problem from a MOOC on computer networking:

We wish to send a message of size $ 150,000$ bytes over the network. There are four hops, each of length $ 20$ km and running at $ 100$ Mb/s. However, before sending we split the message into $ 1500$ byte packets. What is the end-to-end delay of the message? Use speed of light in copper $ c = 2 * 10^8$ m/s, and round your answer to the nearest integer millisecond.

HINT: Break the problem into two parts: the end-to-end delay of one packet and the delay of the rest of the message across the slowest link.

After struggling for a bit, I obtained the answer by following the hint as follows:

$ $ 4\left(\frac{1500 \ B * 8 \ (b/B)}{100 \ Mb/s} + \frac{20 \ km}{2 * 10^8 \ m/s}\right) + \left(\frac{150000}{1500} – 1\right)\left(\frac{1500 \ B * 8 \ (b/B)}{100 \ Mb/s}\right) = 12.76 \ ms $ $ The answer is correct but I don’t understand why the packetization delay only was considered for the rest of the message. Why wasn’t the propagation delay also considered for the remaining packets?

How do end-to-end encrypted chat services ensure that the server admin doesn’t add new members to a chat?

This question is about any chat service that supports end-to-end encrypted group chats, for instance Signal, XMPP + OMEMO, WhatsApp, and the like.

How do these services ensure that a hostile server admin does not add their own keys to any group chat that they wish to snoop on? What are the best practices?

It’s possible to ensure that all current group members are at least notified of the intrusion in their client, but the intruder may still access all messages sent before they are noticed and kicked out.