end-to-end
sydent
end-to-end | sydent | |
---|---|---|
8 | 710 | |
4,133 | 282 | |
0.0% | 1.8% | |
0.0 | 6.5 | |
about 1 year ago | 24 days ago | |
JavaScript | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
end-to-end
-
age and authenticated encryption
[1] No warning on decrypting Tag 9 (no integrity protection) packets
-
A few questions for the dev…
In contrast, companies like Standard Notes actually uses their own home-built encryption library, which is why it's a bit more critical that they go through these audits more often and quickly than others. And despite the audits, this home-brewed encryption library puts them at a much bigger risk, due to the fact that it's never going to be as thoroughly battle tested as an open industry-standard encryption like OpenPGP, used by much larger companies like Google, Protonmail, etc.
- End-to-End Encryption Threat Model
-
End-to-end encryption messaging implementation
https://github.com/google/end-to-end ?
-
How to do E2EE in the Browser correctly if even possible?
When Google was looking at implementing E2E mail via a browser plugin, it gave up in part because of the difficulties of doing it right. They published the library and documentation, but the more valuable part was the threat model. In it they examine the assets to protect, threat sources both inside and outside the threat model, UI threats, message threats, key-related threats, cryptographic threats, and other threats. It's an excellent walk-through of just how difficult it is to do general encryption right, and why doing it in the browser is so hard.
-
Signal protocol security of messages
With that in mind, secure messaging in a browser is a nightmare. Google tried to figure out a way to do end-to-end in a browser, mostly in the context of e-mail but it could be extended to chat applications. They wrote up a threat model that you really should read. They identified five threat sources within the architecture and six more that they acknowledge but don't delve into. They also discuss four UI-based threats, four message-based, four key-based, and two cryptographic threats, and each of those threats has subthreats. Finally, they wrap with three "Other" threats. They dropped the project soon after.
-
Browser extension that makes any web app E2E encrypted?
Google E2E Library — Unsure how up-to-date this ... limited GitHub activity.
sydent
- Discord is nuking Nintendo Switch emulator devs and their entire servers
-
Qilin: A Starter Project Template For Every Open Source Project
GitHub Discussions can also be a great place for support as long as these are regularly monitored. Another option along the same lines is Discourse and the Open Source Matrix which is used by quite a few Open Source and community-based projects.
-
A man has been swatted 47 times for making a joke about Norm Macdonald
Tangential: the article notes that Telegram is an “encrypted messaging app”. While this is technically true, it's worth keeping in mind that it's not end-to-end encrypted, so it's less secure in that regard than, say, Signal or even WhatsApp. Telegram does have opt-in end-to-end encrypted one-on-one chats, but those are very inconvenient to use.
For a properly encrypted chat app, including group chats (opt-in), try Matrix instead: https://matrix.org/
- Matrix is a decentralized messaging ecosystem worth checking out
-
Launching Default End-to-End Encryption on Messenger
I'd love something like the Matrix [0] data model (JSON messages aggregated in an eventually-consistent chatroom CRDT) transmitted over something like simplex for metadata resistance.
[0] https://matrix.org
-
Meta is pulling the plug on Messenger chats on Instagram
Trillian mod here. There's this new thing called Beeper, works on matrix.org. It's not as the good old times, but I'm currently using whatsapp, FB messenger, discord, telegram, signal, imessage and a few more. It's not Cerulean experience, but it's... slowly improving.
- Show HN: Beeper Mini – iMessage Client for Android
- Um pouco da realidade de Copacabana - principalmente aos finais de semana
- O Fazueli está destruindo o Sul do Brasil
-
Connect to Element One in Element X?
I'm trying to change my account provider from "matrix.org" to whatever Element One needs, and for the life of me I just don't understand what values I have to put where to be able to log in. I tried `element.io`, which takes me to sso.element.io but this doesn't seem like the right thing (no credentials work as I expect.
What are some alternatives?
openpgpjs - OpenPGP implementation for JavaScript
matrix-docker-ansible-deploy - 🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
freedom-pgp-e2e - Wrapping up end-to-end code and provide in freedom custom API.
matrix-synapse - The Matrix Synapse homeserver for Docker / k8s - deprecated, use upstream
otrv4 - Off-the-Record Messaging Protocol version 4. -This is a draft- This repository is a mirror of http://bugs.otr.im/otrv4/otrv4
Mattermost - Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..
PGP-Anywhere - Chrome browser extension to de- & encrypt PGP in your browser
apprise-api - A lightweight REST framework that wraps the Apprise Notification Library
2key-ratchet - 2key-ratchet is an implementation of a Double Ratchet protocol and X3DH in TypeScript utilizing WebCrypto.
Synapse - Synapse: Matrix homeserver written in Python/Twisted.
2Password - 2Password: A cryptography experiment
Mastodon - Your self-hosted, globally interconnected microblogging community