Ask HN: Now that Mallory will be in our comms, how do we prepare?

4 points

4 years ago

After reading this[0] I can't help but wonder how Alice talking to Bob will now be compromised by a third actor: Mallory[1]. From the Wikipedia article on Alice & Bob:

> Mallory: A malicious attacker. Associated with Trudy, an intruder. Unlike the passive Eve, Mallory is an active attacker (often used in man-in-the-middle attacks), who can modify messages, substitute messages, or replay old messages. The difficulty of securing a system against Mallory is much greater than against Eve.

I had a look at Matrix[2] and it's developed in the UK, per their site ('a non-profit UK Community Interest Company') so since the UK is no longer a member of the EU I presume they're immune from the EU backdooring Matrix, unless I'm mistaken?

Then there's Session[3] & Cwtch[4] which look promising too. I can't imagine how Matrix, Session, or Cwtch could be backdoored since they're designed differently than other apps.

Are these chat systems immune from Mallory? Can we use them going forward when all the mainstream messenger apps are compromised in the near future (Whatsapp, etc)?

[0] https://tutanota.com/blog/posts/eu-surveillance-csam/

[1] https://en.wikipedia.org/wiki/Alice_and_Bob

[2] https://matrix.org/

[3] https://getsession.org/

[4] https://cwtch.im/

2 comments