• 0 Posts
  • 2 Comments
Joined 10 months ago
Cake day: February 27th, 2025
  • slag@lemmy.dbzer0.comtoPrivacy@programming.devProton has handed over 32,076 users' data to governments since 2017. Their own transparency report states a 94% compliance rate in 2024.English
    4·
    3 days ago

    If you have any way to check the key validity offline (for example, you subpoena the encrypted data) then it’s trivial to check and automate.

    Trivial to automate, yes. The rest is a question of how long it takes to compute, that’s the basic rules of cryptography:

    • good algorithms are computationally more expensive to solve in one direction than the other
    • the hardware of tomorrow will more easily solve the cryptography of today, making it important to rotate your bits into new algorithms as old ones become more solvable
    • big business and big government have more power to throw at the problem, but not infinitely so; where will you fall on their wait list?

    Lack of physical access to your files protects you against casual inquiries by businesses and local governments. If you’re a person of interest, they are breaking down your door and getting your bits unless they self destruct or are in a country they can’t bully.

    In summary:

    • Don’t be a person of interest if you can avoid it.
    • If you live somewhere that hurting a politician’s feelings (or having the wrong demographic) will make you a person of interest, assume they will get physical access to your bits unless those bits are in an unfriendly country. What country do you want them in?
    • Assume they will get their hands on your bits anyway. How easy are they to decrypt, and will the juice be worth the squeeze?