On 4/15/20 2:46 PM, Dirk-Willem van Gulik wrote:
Now obviously - there is nothing stopping someone of using the very same spec to accomplish something different; to spike the app, put hidden code in it, etc, etc. But that is something that we have any way - those that control the phone in your pocket can put a spy in your pocket.
Exactly. And I believe the chance that this will not be misused, somewhere in the world, and probably many places, is zero.
If the net has taught us anything I think it's that anything that can be misused will be misused, especially to violate privacy. And the bad guys have time on their side.
To be clear, I don't think this is a problem that can be solved by protocol design. Unless/until we can actually audit both the hardware and software in our mobile devices, we're vulnerable to whatever the big companies put in those devices, and to whatever governments demand of them.