They could just make that illegal too. ISPs in the UK are legally compelled to store all of their customers’ internet activity for at least a year. I also found it interesting that there’s been a minor scandal over the Home Office asking Apple to backdoor their end-to-end encryption, but no such scandal over the encryption which Apple provides by default on iCloud - I think it’s almost certain that Apple gave up the keys to the UK (or someone in five eyes) quietly, and that the only reason they withdrew the end-to-end version from the UK is that the Home Office’s request for a backdoor was leaked to the Washington Post.
All in all, the only person you can trust to encrypt your data is you.
I understand the inherit issues/limitations with PGP, but this would be a non-issue if services just stored messages encrypted on disk internal to prevent leaks in case of a breach, but were otherwise unencrypted, and everyone just sent messages like:
-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v2.2.0\nhQEMA+gAAKCRBKxZ12345678EBAAIAAAQABAoAB+P/234567890-=+QWErT\n... (a longstringof seemingly random characters) ...\n=sdfsdf\n-----END PGP MESSAGE-----
A lot of the issues with PGP would go away if applications had first party support for encryption and decryption with personally managed keys. You’d still have the issues that come along with personally managed keys though, but if the alternative is every government can compel central services to hand over managed keys, I’m fine with yelling “skill issue” at people who permanently lose access to all their messages.
Services will simply have to stop storing messages, encrypted or otherwise.
They could just make that illegal too. ISPs in the UK are legally compelled to store all of their customers’ internet activity for at least a year. I also found it interesting that there’s been a minor scandal over the Home Office asking Apple to backdoor their end-to-end encryption, but no such scandal over the encryption which Apple provides by default on iCloud - I think it’s almost certain that Apple gave up the keys to the UK (or someone in five eyes) quietly, and that the only reason they withdrew the end-to-end version from the UK is that the Home Office’s request for a backdoor was leaked to the Washington Post.
All in all, the only person you can trust to encrypt your data is you.
I understand the inherit issues/limitations with PGP, but this would be a non-issue if services just stored messages encrypted on disk internal to prevent leaks in case of a breach, but were otherwise unencrypted, and everyone just sent messages like:
-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v2.2.0\nhQEMA+gAAKCRBKxZ12345678EBAAIAAAQABAoAB+P/234567890-=+QWErT\n... (a long string of seemingly random characters) ...\n=sdfsdf\n-----END PGP MESSAGE-----A lot of the issues with PGP would go away if applications had first party support for encryption and decryption with personally managed keys. You’d still have the issues that come along with personally managed keys though, but if the alternative is every government can compel central services to hand over managed keys, I’m fine with yelling “skill issue” at people who permanently lose access to all their messages.